These days Anthony and I have been delivering IT Camps across this Great country of ours… and we love the conversations we have with IT pros. But I always talk about my preference for core servers over servers with full GUI and even over MinShell. I even did a whole Hyper-v series where all the servers with the Hyper-V role were Hyper-V Servers 2012 R2. which are essentially core servers.
I talk about the reasons why I prefer core servers. reasons like the following:
- Reduced Servicing: Because Server Core installs only what is required for a manageable DHCP, File, DNS, Media Services, and Active Directory server, less servicing is required.
- Reduced Management: Because less is installed on a Server Core-based server, less management is required.
- Reduced attack surface: Because there is less running on the server, there is less attack surface.
And yes, as someone mentioned in one camp. Some IE patched will still apply to a core server even if IE is not installed. That is because some portion of IE are integrated in the OS. Parts like proxy servers configuration, etc… but you still get anywhere between 35-45% fewer patches needed on Server Core installations. That’s pretty significant.
The discussion almost always turn to “what Workload is appropriate for a Core box?” Well, any of the following servers roles are very well suited for a core environment:
- Active Directory (AD)
- Active Directory Lightweight Directory Services (ADLDS)
- DHCP Server
- DNS Server
- File Services
- BITS Server
- Printing Services
- Streaming Media Services
- Load Balancing
- Unix Migration
- Active Directory Certificate Services
You can even install SQL on a core box. For other workloads… Be sure to check with your application vendors.
The second direction that conversation always take is, “How do I configure it?” For configuration you can use several options.
1- Use Sconfig.cmd to configure your server once it’s been installed as a core server
2-Use the full GUI to install and configure your server and remove the GUI once you’re done using the Server Manager “Remove Roles and Features” wizards.
or By using the Powershell command: Uninstall-windowsfeature -name Server-GUI-Mgmt-Infra,Server-GUI-Shell –restart
(I left out the restart part of the command so I could show you the results before the restart)
you can easily add it back in by using the following command: Install-WindowsFeature Server-GUI-Mgmt-Infra,Server-GUI-Shell –Restart
The point is, you’re not locked in to a core mode after the initial install as you were with 2008. As I started saying at the beginning. I’m a fan of core environment. (I’ve been using them for a long time… )
I manage all the servers my environment using the RSAT tools installed on my Windows 8.1 workstation anyways, so what’s the point of installing the management tools on the servers as well?
In any case, let me know what you’re thoughts are. I always look for your opinions. If you don't have an opinion. Download the evaluation version and install a core box. play with it and let me know how it’s going.