Microsoft started back with Windows Server 2008 offering the server core interface versus the normal full GUI interface. Server core is server installation with No GUI and just normal command prompt as your interface. The main idea is to reduce the attack surface on Microsoft servers by removing all GUI options, Internet explorer……….etc which have been the target of several attacks during the last couple of years.
By default when you install the full blown server (Full GUI) you get the binaries and files of all features and services even if you are not using them. Server Core limits the roles and features installed (You can’t install all roles on server core) and it strips any service or feature that is not needed by the core networking roles allowed on the Windows core version.
Starting with Windows server 2012 Microsoft introduced an intermediate solution which is the windows server with minimal interface. Its an intermediate option between Full Windows GUI and Server core. Its not an option wen installing (you only get option for Windows server with GUI or Windows Core).
In order to configure your server with minimal interface you will either install server core then add features on it or install the Full GUI windows server then remove the Graphical Shell using the Remove Roles and Features Wizard as shown below.
This will remove the server graphical shell and Internet Explorer which will enhance the server safety and reduce the security attack surface and at the same time give you the command prompt (You get in server core) plus the Server Manager which is an added value for people who didn’t like the pure server core with just bold command prompt.
Warning: You might have installed 3rd party software or special Microsoft application that depend on the server graphical shell. When you do the uninstall it will warn you. Also you may run Whatif option from the powershell if you are not sure what might be affected as shown below.
Uninstall-WindowsFeature Server-Gui-Shell -WhatIf
To check Windows Server Installation options, please refer to the following link
Common Scenarios after you go for the server with minimal interface:
1. What if you mistakenly closed the CMD Prompt and/or Server Manager? How can you get them back ?
If you are connected physically on the server you can hit ALT+CTL+Del and then open Task Manager or if you are connected remotely (RDP/MSTSC) then you need to press CTL+ALT+END or Shift+CTL+ESC to open Task Manager then Click Run New Task under File Tab
Now you can type CMD or Server Manager to open them back.
2. How to run Windows Update on the server with minimal interface?
Since the control panel is not available in the windows with minimal interface we can use the sconfig.cmd from the command prompt as follows:
- Type sconfig.cmd in the CMD prompt
- When you get the below window, type 6 and press enter to search for updates then type “A” to download all updates and follow the next steps.
3. How to Log off, Reboot or Shutdown the Minimal Interface server ?
- This can be done from the SCONFIG.CMD mentioned in the earlier Scenario. You have option “13” to Restart the Server and option “14” to Shutdown the server.
- From a Normal Command Prompt you can shutdown or Reboot the server using the “Shutdown” Command. The below example will reboot the computer (/t switch) after 0 seconds.
Hopefully this post will be informative for the ones looking to tighten their servers security by moving to minimal interface.