Server Core vs Minimal interface vs Full interface

DISCLAIMER: This article contains some information from Windows 8. Windows 8 is currently in beta and there’s no guarantee that the final product will behave the same or contain the same features. Nothing in Windows 8 is final and everything is subject to change.

One of my favourite feature in Windows 2008 was the Server Core option, where you installed the server without any GUI and only had a command prompt, notepad and registry editor to set up and manage your server with. This part sounds a lot worse than it really is because you usually just set up your server once with basic configuration and then administer it remotely.

Advantage: Besides a slightly less hardware consumption, the big profit is that the server is automatically immune to several exploits as a large portion of the code for a regular Windows Server is not installed at all. Internet Explorer is the prime example here, and Server Core cannot be affected by IE vulnerabilites since IE does not exist at all. Less code = smaller attacksurface = fewer applicable patches = fewer reboots.

Disadvantage: Server Core is limited in which roles/features it can host and the fact that managing/troubleshooting it can be a bit trickier. It got a lot better in 2008 R2 as Server Core got more features like powershell and the “sconfig” command and could host more roles and features. But it was still a bit scary and slightly risky from a management point of view. Also 3rd party software could be challenging or impossible to install and run on Server Core.

In Windows Server 8 (or Windows server 2012 as the name will be at launch) Microsoft have made huge changes to the Server Core:

  • 3 configuration options: Server Core,  Minimal Interface and Full interface
  • Minimal interface is basically Server Core with local management tools and mmc consoles and can run more roles.
  • You can switch between the 3 configurations at will, though it requires a reboot each time
  • “Server Core” can run quite a few server roles and “Minimal interface” configuration can run almost all roles and features. (I have not tried every single one yet, and RDSH is an exception)

Changing between the GUI configurations

Full Interface -> Minimal Interface / Server Core
The easiest transition is from the “Full Interface” and  “Minimal Interface” configurations. If you have the “Full Interface” on your server you just have to launch Server Manager and choose “Remove Roles and Features” from the Manage-menu. Navigate to “features” and scroll down to and expand “User Interfaces and Infrastructure”. In a “Full Interface” configuration both “Server Graphical Shell” and “Graphical Management Tools…..” are installed. Removing “Server Graphical Shell” will put your server into “Minimal interface” and if you also remove “Graphical Management Tools…” your server goes into Server Core.

Taken from a “Minimal interface” configuration. Installing the highlighted feature puts the server into “Full interface” configuration

Minimal interface -> Server Core
Launch Server Manager and follow the same instructions as for “Full Interface”. Remove “Graphical Management Tools…” to put the server in “Server Core” configuration. Minimal interface -> Full interface Launch Server Manager and add the feature “Server Graphical Shell” to put the server in “Full interface” configuration. (Screenshot above)

Server Core -> Minimal interface

  • If you have another Windows 8 Server or client I strongly recommend you use Server Manager remotely from that server or client to install the features “Graphical Management Tools…” for “Minimal interface” and “Server Graphical Shell” for “Full interface”.
  • If you don’t have any way to manage the server remotely with the Windows 8 Server Manager, then you have the “sconfig” command that brings up a text based menu for server configuration. From there you can easily restore the GUI which puts the server into “Full Interface” configuration. (Screenshot)

The “sconfig” menu with the option to restore the graphical interface

  • Last option is to use dism or powershell to install either the GUI or just the graphical management tools. It will use Windows Update as source but I’ve had a few problems with it (a bug or perhaps user error? ;)) so if you’re asked for the source you need to mount a .wim-image from the installation media first.
  1. Create a folder to mount the .wim-image to. In this example c:\mount
  2. You need to locate the index number in the .wim file for an image with gui-installation (like “SERVERDATACENTER”). Use the command  dism wimfile:d:\sources\install.wim (d:\ is the installation DVD, adjust accordingly) Notice the index number from the output for the server version that does not end with “core”. Screenshot further down
  3. Mount that image with the following command: Dism /mount-wim /WimFile:d:\sources\install.wim /Index:<#_from_step_2> /MountDir:c:\mount /readonly (d:\ is the installation DVD, adjust accordingly). Screenshot further down
  4. Start powershell and run Install-WindowsFeature Server-Gui-Mgmt-Infra –Restart –Source c:\mount\windows\winsxs to get to “Minimal interface” configuration, or run Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart –Source c:\mount\windows\winsxs to get to “Full interface” configuration.
  5. Instead of Powershell you can use dism. Follow step 1-3 and then run dism /online /Enable-Feature /Featurename:ServerCore-FullServer /FeatureName:Server-gui-mgmt /source:c:\mount\windows\winsxs to get to “Minimal interface” configuration, or run dism /online /Enable-Feature /Featurename:ServerCore-FullServer /FeatureName:Server-gui-mgmt /FeatureName:Server-GUI-Shell /source:c:\mount\windows\winsxs to get “Full interface” configuration.

The index of a .wim-file. We want the images without “core in the end.

Mounting the correct image in the .wim-file before running the installation

Wrapping up, the Server Core is in my opinion one of the most underestimated security featuers of  Windows Server family, and this time the improvements from 2008 R2 to Windows 8 are huge, and I can think of only 3rd party software as a valid reason to run servers in Full interface configuration instead of Minimal interface configuration.

Advertisements