Server core features in Windows Server 2012

Posted by juned on July 1, 2012
Posted in: Command line, MIcrosoft, powershell version 3, Server 2012, Server Core, Windows, WMI. Tagged: , , .

GUI on the computers now-a-days requires GPU and therefore increases the resource consumption of the server and takes a large amount of resources from the server workload.  The installation of server core reduced the resource consumption that also comes in real handy in a virtual environment where you are supposed to do some intelligent resource management.

But most windows administrators did not take advantage of this new feature as it was completely command line based and as we all know a windows admin and the command shell are like the two banks of a river that never meet.

A nice tool named as coreconfigurator was also released that helped the admin configure most the basic settings of the server using a small GUI interface.

You can download that tool from here:

http://coreconfig.codeplex.com/

Despite the fact that the server core installation reduced the attack surface as there was no GUI by around 50-70 percent most organizations stayed away for it and it was only used by IT professionals to brush up their windows command line and powershell skills.

A few other reasons that kept most people away from server core were:

  1. It was an one time installation choice, you could not install the full server with GUI, configure the server from GUI and then move it back to the server core installation to reduce the attack surface, additionally most organizations maintained only one  image of the installation and did not want add more complexity to the imaging procedure.
  2. No third party products integrated with server core, that made it more difficult for organizations  to move to the command line version of windows server.

Microsoft has completely revamped the way in which server core is implemented on Server 2012. Server 2012 is still away from RTM so I am using the RC version that was released a month ago. You can download it from the following link:

http://technet.microsoft.com/en-us/evalcenter/hh670538.aspx?ocid=&wt.mc_id=TEC_108_1_33

Microsoft has changed the way in which Server core is implemented in Server 2012, but first lets go through a few features added in  Server 2012.

A number of features that are added to server 2012 are:

  1. Remote installation and configuration of roles, missing from both server 2008/R2.
  2. It now supports up to 14 roles instead of 9 and 10 roles supported in server 2008 and server 2008 R2. Active Directory Certificate Services, Windows Server Update Server, Active Directory Rights Management Server and Routing and Remote Access Server are now supported.
  3. The biggest change is that you can now switch between server core and the full GUI version after you have installed the Operating System.
  4.  Features on Demand

Let’s see how Server core is implemented in Server 2012.

Windows server 2012 is now divided into 3 configuration levels:

1.Full server version with GUI, the one we have being seeing from the NT days. This is the one that contains all the GUI features ie; MMC, desktop, Control panel applets except the windows media player, desktop themes etc, you will have to install the windows desktop experience feature if you want those.

2. Minimal server interface (new addition to server 2012,, that reduces the attack surface of your server by uninstalling some of the GUI features). More on this later.

3.   Server Core (Same as server 2008/R2 with addition of some features)

So how can you switch between these three Config levels ?

In simple words we uninstall/install  2-3 features (depending on the current configuration) from the server and you are done, yeah they have it made it that simple.

You can Transition between the server GUI and Core using the following methods:

1. Server Manager

2. powershell

3. DISM

If you want to switch between Server Full GUI and Server core:

Deselect the Graphical Management Tools and Infrastructure and also the Server Graphical shell and reboot the server and you are done.

 

You can achive the same using powershell using the following cmdlet:

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -Restart

Server core will always remain installed regardless of the features you add on top of it. When we run the uninstall-windowsfeature command against server-gui-mgmt-infra with the whatif switch we see that it also uninstalls the server graphical shell automatically as both needs to be uninstalled to move back to Server core.

This is what you will see after uninstalling the two features:

If you want to switch from server core to Full GUI:

Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell -Restart

Remember you need to install both the Server GUI shell and also the grapihcal mangement tools and Infrastructure

 

You can do the same using DISM:

To switch from Full server to server core:

Dism /online /disable-feature /featurename:ServerCore-FullServer

To switch from Server Core to Full Server

Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt

Although you can use DISM but powershell is the way to go forward  as powershell has more control on the system and consistency with the server manager UI.

 

Now lets see what is the Minimal Server Interface:

The minimal server Interface is a Full Server without Server Graphical Shell feature installed. You don’t have explorer, Internet Explorer or associated files MMC, although Server Manager and a subset of Control Panel applets are still installed.

It looks like a server core because now your shell is the command prompt, but it is not a complete server core, it’s a server with shell uninstalled.

So why is this intermediate level introduced:

The Minimal Server Interface is designed to be a compatibility or transitional layer from a Server with GUI to Server Core.

Although you benefit from reduced patching footprint and lower resource utilization in comparison to the full Server with a GUI installation option, the smallest surface area is still achieved only using Server Core.

It’s actually a stepping stone in between for things that fully cannot transition into server core so they can more away from requiring the full shell, IE and explorer and get some of the benefits of server core, while they finish removing dependencies on GUI and make their app remotely manageable.

One of the biggest advantage of having a Minimal server interface installation is that you don’t have internet explorer installed since IE requires regular updates you are certainly going to reduce the attack surface. Since the help files in windows depends on HTML API for viewing help file you will have to use a client box as it wont work on the minimal server interface and the server core.

To switch between Full server GUI and Minimal Server Interface we only need to uninstall the server-gui-shell feature.

Uninstall-WindowsFeature Server-Gui-Shell -Restart

After uninstallation you will see that the Server Graphical Shell feature is unchecked in Server Manager.

To go from Server Core to Minimal Server Interface:

Install-WindowsFeature Server-Gui-Mgmt-Infra -Restart

Remember we wont be installing the Server Graphical Shell Feature.

Detecting the state of the server using registry:

Navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server\ServerLevels
you should see the key set as 1 corresponding to the features installed. Here I have only the server core installed and i can the servercore key set.

You can also view if the feature is installed or not using WMI.

Features on Demand

The uninstallation procedure that I discussed until now basically unregisters the binaries and therefore reduces the attack surface and patching requirements but the binaries are still stored physically on your harddisk so that you can reinstall it any time by providing the path to an image or installation disk. If you look at the below image carefully its a screenshot of a server core machine with no GUI features installed you will see that it is still showing the status as available.

The GUI shell files take up an huge amount of disk space so wont it nice if you could remove the files used by the Server GUI shell entirely from your system thus giving back you the precious disk space. During setup all the files related to roles and features are copied to the windows side by side folder (windows\sxs). Moving the roles and features to an entirely different folder has made deleting them when not required a realty. In a server core environment you can remove the files for the server GUI shell and Graphical Management tools feature using the remove switch

Uninstall-WindowsFeature Server-GUI-shell -Remove

Once done you should be seeing the Service GUI shell feature as removed when the get-windowsfeature is run in powershell.

If you plan to install the feature again in future you can do that using the following command:

Install-WindowsFeature <Server-GUI-Shell -Source <Source>

The source if not specified will force the server to go to windows update to fetch the files or you can specific the source as a WIM file.

With such huge changes made just to implement Server core Microsoft has made it clear where they are heading!!

Thank You!!