Embed Size (px)
Citation preview
www.buildwindows.com
Windows Server 8 apps must run without a GUI - learn more now
SAC-416T
Jeffrey SnoverDistinguished Engineer and Lead Architect of Windows Server
Andrew MasonPrincipal Group Program Manager
www.buildwindows.com
Windows Server History
• Prior to Windows Server 2008, full GUI at all times• WS08 introduced Server Core which minimized:
• Servicing• Security attack surface• Resource consumption• Deployment overhead
• Critical patches reduced by 50-70% from full GUI install• However
• One time install choice: full or core• Limited application compatibility• Limited local manageability
In the past, Windows has been a great OS
for a server and its devices
Windows Server 8 is a great OS for lots of servers and the devices connecting them
whether they are physical or virtual
whether they are on-premise or off
Windows Server 8 is the best Cloud Optimized OS
www.buildwindows.com
A Cloud Optimized OS requires
• Low friction deployment • Just Enough Server: install only what is absolutely
needed to minimize• Security footprint• Serviceability footprint• Resource footprint
• Multi-Machine Automation• Uniform, remote, lights-out management
• Modern multi-machine management GUIs• Consuming lots of CPU and running on Client machines
www.buildwindows.com
GUIs on Servers Are Evil
• Low friction deployment • Require large amounts of code to support the GUI
• Multi-Machine Automation• Often call private APIs instead of public formal
management APIs• Thwarts remote management which thwarts multi-
machine management• Modern multi-machine management GUIs• Require GPUs• Takes large amounts of resources away from the server
workload
• Full Server UI option provided for backwards compatibility
• Server Core is the preferred deployment configuration• RSAT for remote GUI management• PowerShell support achieves critical mass with 2300+ cmdlets• More roles, features available
• NEW Full Server without Server Graphical Shell• No Explorer, Internet Explorer or associated files• MMC, Server Manager, and a subset of Control Panel applets are
still installed• Provides many of the benefits of Server Core for those
applications or users that haven’t yet made the transition• NEW Can move between Server Core and Full Server by
simply installing or uninstalling components
Windows Server 8 Deployment Options
Server Core is the preferred deployment configuration
www.buildwindows.com
Server Core is Ready for the Mainstream
WS08 & WS08/R2
• Manageability• No PowerShell in WS08• Powershell with ~230 cmdlets in
WS08/R2• No Remote install/config of roles
• Role Support• 10 roles in WS08/R2
• Flexibility• Install Core or Full Server with no
migration between them
Windows 8
• Manageability• PowerShell with > 2430 cmdlets• Remote install/config of roles via
Server Manager, Powershell, WMI
• Role Support• 13 roles • SQL Denali support
• Flexibility• Migrate between core and full server
by adding/removing components
www.buildwindows.com
Windows Server 8 Configuration States
• Windows Server 2008 R2 Server Core++Server Core
• Equivalent of Windows Server 2008 R2 full Server
Full Server with Server Graphical
Shell
• The Minimal Server Interface• No Explorer, Internet Explorer or associated files• MMC, Server Manager, and a subset of Control Panel
applets are still installed
NEW: Full Server without Server Graphical Shell
installed
www.buildwindows.com
Transitioning between Server Core and Full Server• PowerShell cmdlets
• Full Server to Server Core• Import-Module Dism• Disable-Feature –online -Featurename ServerCore-FullServer
• Server Core to Full Server• Import-Module Dism• Enable-Feature –online -Featurename ServerCore-
FullServer,Server-Gui-Shell,Server-Gui-Mgmt
• DISM• Full Server to Server Core
• Dism /online /disable-feature /featurename:ServerCore-FullServer• Server Core to Full Server
• Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt
www.buildwindows.com
Reducing on Disk Footprint
• Roles and Features can be removed from the WinSXS folder• PowerShell: Disable-Feature –online … … –Remove• Dism: Dism /online /disable-feature … … /remove
• Can be reinstalled from Windows Update or a WIM• PowerShell: Enable-Feature –online … … –Source x:\wim
• Dism: Dism /online /enable-feature … … /source:x:\wim
www.buildwindows.com
Optional Server Graphical Shell
• Full Server without Explorer and Internet Explorer• Provides some of the benefits of Server Core for those products
or admins that can’t fully make the transition to Server Core• Can run Server Manager, MMC, local admin GUIs and some
Control Panel Applets• Enables developers to begin shifting their applications to
support headless servers• Remove Shell dependencies• Ensure full remote management• Aligned with Server futures• Enhanced availability
www.buildwindows.com
Uninstalling Server Graphical Shell
• Server Manager, under the Features UI• PowerShell cmdlets• Uninstall• Import-Module ServerManager• Remove-WindowsFeature Server-Gui-Shell -Restart
• Install• Import-Module ServerManager• Add-WindowsFeature Server-Gui-Shell -Restart
• DISM /online /disable-feature /featurename:Server-Gui-Shell
www.buildwindows.com
Minimal Server Interface
demo
www.buildwindows.com
Deep dive on application compatibility
www.buildwindows.com
Server Graphical Shell Capabilities
• If you do not install the Server Graphical Shell, there is
• No Explorer Shell, Task Bar, or System Tray• E.g. explorer.exe, systray.exe, themeservice.dll• Common dependency issues• Shell namespace extension APIs• Common dialog boxes
• No Internet Explorer or Help• E.g. iexplore.exe, mshtml.dll,
www.buildwindows.com
Common Dialog Box Control is Limited
• Common Dialog box is functional with the exception of Networking• If not a common scenario,
no changes needed• If a common scenario, use
old style common dialog box
• To display old-style dialogs pass in an old-style hook function and do not specify OFN_EXPLORER
OPENFILENAME ofn = { 0 };...ofn.lpfnHook = HookProcOldStyle;ofn.Flags = OFN_ENABLEHOOK; // The callback HookProcOldStyle is as follows UINT_PTR CALLBACK HookProcOldStyle(HWND hdlg,UINT uiMsg,WPARAM wParam,LPARAM lParam){ // This is a dummy hook proc to force non-Explorer style dialogs // Just return FALSE to allow standard dialog to handle messages return FALSE;}
www.buildwindows.com
Shell Namespace Extensions APIs
• Any UI with dependencies on items implemented as Shell Namespace Extensions will fail• Shell Namespace Extensions are described at:• http://msdn.microsoft.com/en-us/library/cc144095(v=VS.85).aspx
• Certain CPLs are namespace extensions• Check for dependencies on namespaces extensions• Applications should re-targeted at the appropriate PowerShell
or command line option• Primary examples are the CPLs for Firewall, Windows Update,
and Windows Networking
www.buildwindows.com
Internet Explorer
• Internet Explorer is not available when Server Graphical Shell is uninstalled, for example• IELaunchURL() (ieframe.dll)
http://msdn.microsoft.com/en-us/library/aa767962(v=VS.85).aspx
• IHTMLWindow*, IHTMLDocument* (mshtml.dll) http://msdn.microsoft.com/en-us/library/aa741322(v=VS.85).aspx
• Code can be modified to check for Server Graphical Shell and if not available display a message stating that it is required.
• If you are querying the IE version (HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version), you must fail gracefully when not present.
www.buildwindows.com
No Help System• Check & modify your help menu options and
buttons• HtmlHelp() will return NULL as the hWnd of the help
viewer.• Occurs in both Minimal Server Interface and Server Core
• Existing code using HtmlHelp() returns NULL • Fail gracefully, e.g. display a message box to saying help
is not available.• New code using HtmlHelp() or other help
mechanisms, either:• Do not display option to invoke help in the UI• Use a wrapper function which can either invoke help
using a dynamic dependency (e.g. LoadLibrary() or delayload), or display the "help not available" message box.
www.buildwindows.com
Silent Help Failures
• When trying to start help nothing happens, there is no error message. Common causes are: • When launching help, loading hhctrl.ocx which queries
the IE version (HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version) and fails.
• Help tabs disappearing when clicking on help – occurs with loading hhctrl.ocx which queries the IE version and fails.
• Using a help viewer that tries to load IEFrame.dll (CLSID 8856F961-340A-11D0-A96B-00C04FD705A2)
• Using the help viewer from Microsoft Visual Studio (dexplore.exe) which attempts to load ieproxy.dll which is no longer installed.
Server Graphical Shell Coding Best Practices• Ideal Solution - Run on Server Core• Have no dependencies on Full Server or Server Graphical
Shell• For native code, use the lowest level Win32 APIs
available• For managed code, limit to Server Core subset if Server
Core is supported• Primarily test on Server Core• Enable remote management using WS-Management and
PowerShell cmdlets
Server Graphical Shell Coding Best Practices (cont)
• Interim solution phase – Run on Server Core with some optional Server Graphical Shell dependencies• Make Server Graphical Shell dependencies optional via delay
load• Detect if running on Server Core or the minimal server
interface• If so, do not use any Server Graphical Shell code paths• Primarily test on lowest level supported, e.g. Server Core or
minimal server interface• If you have functionality that requires the Server
Graphical Shell• Make functionality optional and installable only with Server
Graphical Shell
www.buildwindows.com
Detecting the state of Server Graphical Shell
• Using the Registry• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Server\ServerLevels• If only ServerCore=1 is set = Server Core
• ServerCore=1 set by the foundation, always set in Windows Server 8• If Server-Gui-Mgmt=1 is set and Server-Gui-Shell is not set =
Minimal Server Interface• If both Server-Gui-Mgmt=1 and Server-Gui-Shell=1 = Full Server
• Using the DISM APIs• Calling code must be running elevated• Requires C/C++• Approach: enumerate features, record state of relevant features,
evaluate overall Server state• #include <dismapi.h>, link to dismapi.lib
DISM API Sample hr = DismInitialize( DismLogErrorsWarningsInfo, NULL /* Optional path to logfile */ , NULL /* Optional path to scratch directory */ ); DismSession session; hr = DismOpenSession( DISM_ONLINE_IMAGE, NULL /* for DISM_ONLINE_IMAGE */ , NULL /* for DISM_ONLINE_IMAGE */ , &session ); DismFeature *pDismFeaturesList; UINT dismFeaturesCount; hr = DismGetFeatures( session, NULL /* no optional Identifier */ , DismPackageNone /* no optional Identifier */, &pDismFeaturesList, &dismFeaturesCount ); for( UINT i=0; i < dismFeaturesCount; i++ ) { if ( ! bFoundServerGuiShell && (_wcsicmp(L"Server-Gui-Shell", pDismFeaturesList[i].FeatureName) == 0) ) { bFoundServerGuiShell = true; if ( DismStateInstalled == pDismFeaturesList[i].State ) { bEnabledServerGuiShell = true; } } // … Similarly for bEnabledServerGuiMgmt, bEnabledServerCoreFullServer } if ( ! bEnabledServerCoreFullServer ) { wprintf( L" Server Core\n" ); } else if ( bEnabledServerGuiMgmt && bEnabledServerGuiShell ) { wprintf( L" Full Server" ); } else if ( bEnabledServerGuiMgmt && ! bEnabledServerGuiShell ) { wprintf( L" MinShell" ); } else { wprintf( L" Other sub-Full-Server configuration" ); } hr = DismDelete( pDismFeaturesList ); // Delete structure returned by DISM API hr = DismCloseSession( session ); hr = DismShutdown();
Troubleshooting Existing Code
• Ensure your code runs on a Full Server with Server Graphical Shell installed
• If it does, but not on the minimal server interface or Server Core, it is likely a missing dependency:• Missing DLL – use a debugger or a tool like Process
Monitor• Missing Registry value – use a debugger or a tool like
Process Monitor
Troubleshooting Existing Code (cont)
• List static file dependencies• dumpbin /dependents <filename>
• List API imports from each of the dependents files• dumpbin /imports <filename>
• List API imports from the specified dependent file• dumpbin /imports:<dependent file> <filename>
• Enable loader snaps to see what the loader is doing• http://blogs.msdn.com/b/junfeng/archive/2006/11/20/deb
ugging-loadlibrary-failures.aspx • gflags.exe -i your-app.exe +sls• windbg.exe your-app.exe
www.buildwindows.com
Call to Action
• Join the Windows Server direction for the datacenter!• Modify your apps/drivers to install and run on Server
Core• Do not install GUI tools by default – make them optional• Write PowerShell Cmdlets to ensure it can be completely
managed locally and remotely• WMIV2 or managed code• WS-Management
• Write rich admin GUIs layered on top of PowerShell and install them on Windows Client
• Profile and understand your dependencies
www.buildwindows.com
• Feedback and questions http://forums.dev.windows.com
• Session feedbackhttp://bldw.in/SessionFeedback
thank you
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
www.buildwindows.com
DLLs Removed by Server-Gui-Shell\Program Files\Common Files\Microsoft shared\VGX\VGX.dll\Program Files\Common Files\System\wab32.dll\Program Files\Common Files\System\wab32res.dll\Program Files\Internet Explorer\hmmapi.dll\Program Files\Internet Explorer\iedvtool.dll\Program Files\Internet Explorer\ieproxy.dll\Program Files\Internet Explorer\IEShims.dll\Program Files\Internet Explorer\jsdbgui.dll\Program Files\Internet Explorer\jsdebuggeride.dll\Program Files\Internet Explorer\JSProfilerCore.dll\Program Files\Internet Explorer\jsprofilerui.dll\Program Files\Internet Explorer\msdbg2.dll\Program Files\Internet Explorer\networkinspection.dll\Program Files\Internet Explorer\pdm.dll\Program Files\Internet Explorer\sqmapi.dll\Program Files\Windows Mail\wabfind.dll\Program Files\Windows Mail\wabimp.dll\Windows\System32\ACCTRES.dll\Windows\System32\admparse.dll\Windows\System32\appinfo.dll\Windows\System32\AuthExt.dll\Windows\System32\autoplay.dll\Windows\System32\batmeter.dll\Windows\System32\browseui.dll\Windows\System32\BthMtpContextHandler.dll\Windows\System32\BWContextHandler.dll\Windows\System32\cabview.dll\Windows\System32\cryptdlg.dll\Windows\System32\deskadp.dll\Windows\System32\deskmon.dll\Windows\System32\DeviceCenter.dll
\Windows\System32\DevicePairing.dll\Windows\System32\DevicePairingFolder.dll\Windows\System32\DevicePairingProxy.dll\Windows\System32\DeviceUxRes.dll\Windows\System32\diskcopy.dll\Windows\System32\Display.dll\Windows\System32\docprop.dll\Windows\System32\DXP.dll\Windows\System32\dxpps.dll\Windows\System32\dxtmsft.dll\Windows\System32\dxtrans.dll\Windows\System32\efsadu.dll\Windows\System32\EscMigPlugin.dll\Windows\System32\fontext.dll\Windows\System32\hgcpl.dll\Windows\System32\icardie.dll\Windows\System32\IdCtrls.dll\Windows\System32\IEAdvpack.dll\Windows\System32\ieakeng.dll\Windows\System32\ieaksie.dll\Windows\System32\ieakui.dll\Windows\System32\ieapfltr.dll\Windows\System32\iedkcs32.dll\Windows\System32\ieframe.dll\Windows\System32\iepeers.dll\Windows\System32\iernonce.dll\Windows\System32\iesetup.dll\Windows\System32\iesysprep.dll\Windows\System32\ieui.dll\Windows\System32\imagesp1.dll\Windows\System32\imgutil.dll
\Windows\System32\inetcomm.dll\Windows\System32\INETRES.dll\Windows\System32\InputSwitch.dll\Windows\System32\inseng.dll\Windows\System32\licmgr10.dll\Windows\System32\migration\shmig.dll\Windows\System32\msfeeds.dll\Windows\System32\msfeedsbs.dll\Windows\System32\mshtml.dll\Windows\System32\mshtmled.dll\Windows\System32\mshtmler.dll\Windows\System32\msident.dll\Windows\System32\msidle.dll\Windows\System32\msidntld.dll\Windows\System32\msieftp.dll\Windows\System32\msoeacct.dll\Windows\System32\msoert2.dll\Windows\System32\msrating.dll\Windows\System32\MsSpell7.dll\Windows\System32\mydocs.dll\Windows\System32\netplwiz.dll\Windows\System32\occache.dll\Windows\System32\oobe\msoobedui.dll\Windows\System32\packager.dll\Windows\System32\panmap.dll\Windows\System32\pngfilt.dll\Windows\System32\powercpl.dll\Windows\System32\RemoveDeviceContextHandler.dll\Windows\System32\RemoveDeviceElevated.dll\Windows\System32\sendmail.dll\Windows\System32\shgina.dll
\Windows\System32\shimgvw.dll\Windows\System32\shpafact.dll\Windows\System32\shsvcs.dll\Windows\System32\shunimpl.dll\Windows\System32\shwebsvc.dll\Windows\System32\stobject.dll\Windows\System32\StorageContextHandler.dll\Windows\System32\sud.dll\Windows\System32\systemcpl.dll\Windows\System32\taskbarcpl.dll\Windows\System32\themecpl.dll\Windows\System32\themeservice.dll\Windows\System32\themeui.dll\Windows\System32\twext.dll\Windows\System32\url.dll\Windows\System32\usbui.dll\Windows\System32\usercpl.dll\Windows\System32\webcheck.dll\Windows\System32\wshext.dll\Windows\System32\zipfldr.dll
