The whole point of the server core installation mode for Windows Server 2008 is a reduced attack surface – no Windows Explorer, no Internet Explorer, no .NET Framework. That’s all well and good but sometimes it’s useful to download a file over HTTP to a server core machine.
No problem – just download a version of GNU
wget that has been compiled for Windows and use that to download the file. It needed a couple of configuration items to get past my corporate proxy server but worked flawlessly:
wget --proxy-user=domainname\username --proxy-passwd=password http://uri/
That’s probably as far as most people need to go – adding a simple command line utility to a command-line Windows installation – but I wanted to take things a step further (purely out of curiosity) and I installed Mozilla Firefox (v18.104.22.168). It worked, so I decided to try Apple Safari (v3.1) and Opera (v9.26). Safari installed (except the Bonjour component) but has a dependency on the Internet Options control panel applet (which is not present in server core) so I couldn’t define any proxy server settings. Meanwhile, Opera had no noticeable issues installing and loading a few test web pages. Next, I tried Internet Explorer 8 beta 1 and, as I expected, the installation failed. Bizarrely, it didn’t detect that I was trying to install it on server core but did attempt the installation, before failing and advising a restart followed by visit a web page (presumably using a competitor’s browser!) which redirects to Microsoft knowledge base article 949220.
Finally, I decided to go to the other extreme and try a text-mode browser. I found a version of Lynx that has been compiled for Windows but in order to get past my proxy server it needed the same environment variable as
Even with this, it is incapable of performing authenticated proxy operations so I kept getting an HTTP 407 response. The workaround is to use the NTLM Authorization Proxy Server (NTLMAPS), which depends on Python (for which I found a 64-bit MSI package for Windows). Basically, NTLMAPS acts as a local proxy, configured to add the authentication headers and pass the request to the upstream server.
By editing the server.cfg file to include the following entries (all other configuration items were left at their defaults) and running the
start runserver.bat command to launch the NTLMAPS server I was able to get NTLMAPS to prompt me for my password at startup and listen for HTTP requests (but not HTTPS) on port 5865:
Then, I ran the following:
and was able to successfully browse the Internet through my corporate proxy server.
In all seriousness, I can’t really think of a good reason to install a full browser on server core but the
wget command is probably useful. Even so, it’s still good to know that there are a few options for emergency surfing from a server core installation.