Configuration Management on Servers

Nano Server is a remotely administered headless server operating system optimized for private clouds and datacenters. Nano Server is significantly physically smaller than Server Core, has no local logon capability and only supports 64-bit applications, tools and agents. As we prepare to release Windows Server 2016 Technical Preview 5, I wanted to provide more information on how to properly configure Nano Server at scale – without Group Policy.

One of the things that makes Nano Server so interesting is that it takes up far less disk space, installs significantly faster, and requires far fewer updates and restarts than Windows Server. When it does require a restart, it restarts much faster. To achieve this speed and small physical footprint, Nano Server has the absolute minimum amount of inbox components. As a result, Group Policy and the associated Group Policy Management Console (GPMC), editor (GPMC), Group Policy client and local policy editor (GPEdit) tools are not present on Nano Server. This is expected as they are graphical components and Nano Server is headless and remotely managed. Even when domain joined, Nano Server will not consume and enact Group Policy settings.

So, without Group Policy, how do you apply security policies to Nano Server? We have a series of documents coming out to answer this question. The first one can be found here: https://blogs.msdn.microsoft.com/powershell/2016/05/09/new-security-cmdlets-in-nano-server.

Windows Server 2016 Technical Preview 5 still has complete Group Policy controls, of course. In fact, it has its fair share of new Group Policy Settings, even over Technical Preview 4. You can find the updated Windows 10 / Windows Server 2016 TP5 group policy settings here. Client SKUs also have Group Policy in full.

To sum up: