Tip:
Highlight text to annotate it
X
In this video from ITFreeTraining I will look at the 3 different interfaces that are available
in Windows Server 2012. Previously with Windows Server 2008 you had the choice of full or
server core, with Windows Server 2012 you also have the option to use a new interface
called the minimal interface. The minimal interface gives the administrator more options
than server core and less than a full GUI so is somewhere in between.
Shown here are screen shots of the 3 different interfaces. Which interface is right for you
will depend on what your needs are. The full GUI Interface uses the most resources on the
computer, but you have access to all the features of Windows Server 2012 and can run any software
designed to run on Windows Server 2012.
The minimal interface reduces the resources used on the computer by removing some of the
graphical components but not all of them. For example you can still run server manager,
however the task bar and some of the control panel functions have been removed. This allows
you to run more graphical intensive applications than server core but not all graphical interfaces
are supported. This helps reduce the amount of CPU and RAM required by the server without
completely removing all its ability to run graphical applications. Most noticeability,
being able to run server manager makes the server a lot easier to administer than having
to do this from the command line like in server core.
The last interface is server core. Server core uses the least amount of CPU and memory.
Only the most basic graphical applications such as notepad can be run in server core.
The good news is that you can change interface at any time. All you need to do is add the
required features to the operating system and reboot the computer. You are no longer
locked into a particular interface like Windows in Server 2008 and require a complete reinstall
of the operating system if you change your mind.
Listed here are the core features that are available in each interface. The command prompt,
Windows PowersShell and .Net are available in all interfaces. More advanced administration
such as Server Manager and Microsoft Management Console requires at least the minimal interface.
If you are running the minimal interface you have access to some of the applets in the
control panel. This will not give you access to the control panel itself, only some applets
in the control panel. If you want to access everything in the control panel you will need
the full interface.
Lastly if you want features like Windows Explorer, Internet Explorer and the built-in help system
you need the Full GUI interface. This covers the core apps, but in a lot of cases you will
want to install roles on the server to provide services to your clients.
With Windows Server 2012 Microsoft has increased the number of roles that are supported by Server
Core. Shown here are the roles that are not supported by Server core.
At the top is Active Directory Federation Services. You will notice that Active Directory
Domain Services is not listed. If you want to configure a domain controller to run on
server core you are now able to do so.
The application server role is often installed when custom applications are created by the
company and installed on the server. It provides additional functionally that these applications
can use.
The Fax Server role allows Windows Server 2012 to run as a fax server. Since it is graphical
in nature it needs the graphical interface and cannot run on server core. As faxes in
the modern work place are being replaced by e-mail, hopefully you will not need this role.
Network Policy and Access Services allows the administrator to configure rules for how
connections on the network should be handled. For example, a VPN server may use these rules
to determine who has access to the VPN and how to authenticate the user.
Remote Desktop Services is used to provide desktop like interactive services over the
network. You can enable remote desktop on server core, however this will give you the
command prompt just like if you were sitting in front of the server. Since remote desktop
services is graphical depended, these roles cannot be run on server core.
Volume Activation Services roles is used in large companies to activate windows clients
and servers. In a large company with a lot of clients, you should not need too many servers
with this role installed, as long as all your clients can access the server in a reasonable
time period.
The last role is Windows Deployment Services. This is used to deploy the Windows operating
system. For example you can install Windows to computers over the network.
Lastly it should be pointed out that server core also supports SQL Server 2012. Previously
you were not able to run SQL on server core.
I will now change to my Windows Server 2012 computer to see how to change from one interface
to another.
Currently I am running Windows Server 2012 with the full GUI interface. To remove all
or part of the graphic interfaces I will open Server Manager from the quick launch bar.
From server manager, select manage and then select the option Remove Roles and Features
to start the remove roles and features wizard.
Once I am past the welcome screen, on the next screen I need to select the server or
servers that I want to make the change on. In this case I want to remove the interface
on this sever, so I will leave it on the default setting and move on.
On the next screen I can decide which roles I want to remove. The GUI is a feature
on the server which is the next screen, so I won’t make any changes here and move on.
From remove features, I need to scroll down until I get to the feature User Interface
and infrastructure.
There are 3 sub components here. The top one, “Graphical Management Tools and Infrastructure”
are all the tools like Server Manager and the others tools found under Administrative
Tools. If I remove this component, the server will be reduced to the server core interface.
I want to first look at the minimal interface so I will leave this ticked.
The next component is “Desktop Experience” This component adds additional features such as
what you would find if you were using a desktop computer. For example, it adds software like
Windows Media Player. If you are using this server to provide remote desktop services,
you may add this role so that the users using remote desktop have an experience more like
using a desktop. In most cases, servers don’t need these features, but they are there if
you need them.
The last component, “Server Graphical Shell” is the one that I am going to remove. This
component provides features like the start menu, task bar and other functions such as Windows
Explorer. Removing this component will effectively make the server run with the minimal interface,
but as we can see, tools like Server Manager will still work.
On the next screen, all I need to do is press remove and the component will be removed.
The process does take a few minutes to complete so I have sped up that process so we do not
have to wait.
Once complete, notice that there is a message stating that the server needs to be restarted
in order to complete removal of the feature, so I will restart the server now.
The process does take some time as not only does this require configuration changes to
the server, but also the unused binaries are also being removed from the system. This is
done so that if any attacker was to gain access to the system, these binaries could not be
used by the attacker. Even though the binaries are not being used by the operating system,
to keep the system secure, it is best to remove the binaries. The process took a few minutes
on this server but I have sped up that process.
Once the server has restarted and I have logged back in, a command prompt will open and also
server manager will open.
Notice that the task bar is missing, also features like the start menu are also missing.
However, if I open server manager, I can select the option tools. You will notice that all
the normal administrative tools are available. For example, if I launch Active Directory
Users and computer it will run just like if it was running on a full graphics installation
of Windows Server 2012.
If I go to the command prompt and attempt to run Windows explorer, notice that executable
for Windows explorer cannot be found. This is because the binaries for Windows Explorer
have been removed from the system.
To illustrate this better, if I go to the program files directory and then down to where
the internet explorer binaries are stored, notice that the directory is completely empty.
Software such as Windows Explorer and Internet Explorer have been removed from the system
so an attacker cannot use the binaries to help them attack the system, making the system
more secure.
I now want to change the interface to server core. To do this, I will go back into Server
Manager and select manage and then select “Remove Roles and Features”.
In the wizard, I will accept all the defaults until I get to the features screen. On the
features screen, if I go down to “User Interfaces and Infrastructure” the component that I
need to remove is “Graphical Management Tools and Infrastructure”. Notice that when
I un-tick the option, I also get prompted to remove Windows PowerShell ISE from the
system. This does not remove PowerShell, but only the graphical parts of PowerShell. This
component is used to provide additional features in PowerShell like the ability to graphically
debug PowerShell scripts.
Once I select remove features and go back to the previous screen, at the top I will
tick the tick box “Restart the destination server automatically if required.” Once
the features are removed, the server will automatically restart.
The process does take a few minutes to complete as the binaries have to be removed like before
and also the server reconfigured. I have sped up the process so we do not have to wait.
Once I am logged back in again, notice this time I do not have any graphical interface,
all that I have is the command prompt.
If I type exit and thus close the command prompt, to get it back, you can press ctrl
alt delete and then select the option task manager.
Once task manager has opened, select the file menu and then select the option run new task
and then run CMD.
If I want to return back to the full GUI from Server core, I need to first run PowerShell.
From PowerShell, I need to run the command, Add Windows Feature followed by the feature
or features that I want to add. In this case I want to add the features for the Server
GUI Shell and the GUI management tools.
Once I run the command, all the binaries for the GUI will be installed and the server reconfigured.
This process does take a while to complete so I will pause the video and return once
it has completed.
Once complete, PowerShell will tell you that the server needs to be restarted in order
for the changes to take effect. To do this, I will run the Power Shell command, restart
computer.
The process of restoring the binaries does take a few minutes to complete, so once again
I have sped up the process so we do not have to wait. Once the binaries have been restored
and the server reconfigured, the server will boot up again with the full GUI. When I log
back in, notice that the task bar is back and with it all the other GUI functions that
were removed.
Unlike Windows Server 2008, you can see that it is quite easy to change between the Full
GUI, server core and the new minimal interface. Having a graphical interface does cause the
server to use more resources and can increase the attack space of the server. Previously
an administrator had to choose at install time which interface they wanted. Now with
Windows Server 2012, the administrator has the choice to change the interface at any
time depending of their needs.
Thanks for watching this video from ITFreeTraining for the different interfaces available in Windows
Server 2012. For more free videos, please see our web page or YouTube channel. Thanks
for watching and see you next time.