Eric's Technical Outlet

Learning the hard way so you don't have to

Monthly Archives: October 2011

Adventures in Least User Privilege: Explorer and Control Panel

Have you noticed that “RunAs” doesn’t work for Windows Explorer or Control Panel items? That’s because the shell (the program you use to communicate with the operating system itself) is Windows Explorer. Windows Explorer is (normally) running all the time, and while it’s running, it doesn’t allow you to start other instances in other security contexts (a very long way of saying that “RunAs” doesn’t work for Windows Explorer). Control Panel items don’t work either because they’re not actually programs; they are applets that run within the context of Windows Explorer. So, you can’t connect to a user’s station and use RunAs to, say, change TCP/IP settings.

Read more of this post

Installing the WSUS Server component on Server Core 2008 R2

There is a key limitation to installing WSUS on Server Core: Neither Microsoft SQL Server nor Windows Internal Database will install on Server Core, so you will have to install a SQL instance somewhere else in order to do this. That means that no matter what, you’ll still need a full GUI install of Windows Server somewhere.

The best case I can conceive of in which this is desirable is when you need multiple WSUS servers in the same location for some reason and it’s not a problem to set up a centralized or multiple SQL Server. In our case, we want our remote users laptops to get install approvals from our central server during VPN sessions but to download the actual updates from Microsoft using their own Internet connections. We want our in-house computers to get approvals and updates from the in-house WSUS server. One WSUS installation cannot handle that. Therefore, it made sense for us to add a SQL Server Express instance to the existing WSUS Server and install WSUS separately (because you can’t have two instances of WSUS on the same Windows Server), using Core to minimize resource usage.

Update: SQL Server 2012 is supported on Server Core. The continued relevance of this document is primarily to show you how to install the WSUS component itself. Also, if you look, you can find instructions for installing earlier editions of SQL Server on Server Core, but be advised that these are not supported configurations.

  1. Read more of this post