Windows Server core is minimal installation option for windows server. It has a small footprint which benefits smaller attack surface. There is no GUI in server core and there are many windows features which is not supported in Server core. Windows Server core is more stable as there are few updates needs to be install and less memory, CPU, disk space required to run server core.
Server core doesn’t include below GUI shell packages: -
Here is list of available roles and features which are available in server core: -
Note: - If you are not sure about how to use powershell command then always use get-help command. You can provide -examples switch which as well help you in understanding that how you can use command with correct syntax.
To Add domain account on local administrator group you can use
net localgroup administrators /add \
Server activation: -
Again, you can use sconfig or windows inbuild slmgr vbscipt to active your windows.
In Sconfig you have to select option 11 and with slmgr use below command
cscript windows\system32\slmgr.vbs :-ato
Managing Windows Server core: -
There are many methods to manage server core. Here is lit of few: -
Windows Admin Center
Run Multiple CMD or PowerShell windows: -
By default, only one command or PowerShell open in Server core.
I found out a way to open multiple CMD or PowerShell windows. I used taskmgr which open task manager and from there I go to file and run new task. In window type PowerShell or cmd which open new window. By doing this you can have multiple windows.
To enable your local server to be managed by Server Manager running on a remote server, you must enable smremoting. Run below powershell command to enable it on server core: -
You can also use MMC Snap-In to manage server core remotely. MMC Like Computer management allow you to manage server core remotely. For domain joined computer it works fine without doing any extra efforts. But non-domain joined server need some additional steps. You need alternate credential, so you can access server remotely. Use below command to provide alternate credential on remote server and then you can manage server core through MMC.
cmdkey /add: /user: /pass:
If you want to be prompted for a password, omit the /pass option.
You also must allow windows firewall to enable remote management on server core, so you can use remote management tool to manage it remotely.
To Check status of Windows remote management group run below: -
Get-NetFirewallRule -DisplayGroup "Windows Remote management" | ft displaygroup, action
It will show you if remote management group rule is allowed or not. If not, then run below: -
The first step is to manually configure your system failure and recovery options. We must disable automatic managed file option. To do this run follow: -
wmic computersystem set AutomaticManagedPagefile=False
Step 2: Configure the destination path for a memory dump
It is recommended to have page file on partition where OS is installed. To Put page file on another partition we need to modify registry value. Here are steps to configure registry: -
Open the command prompt and type regedit. It will open registry editor
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
Click Edit > New > String Value
Name the new value DedicatedDumpFile, and then press ENTER
Right-click DedicatedDumpFile, and then click Modify.
In Value data type :\, and then click OK. For e.g. E:\dumpfile.dmp
Click Edit > New > DWORD Value.
Type DumpFileSize, and then press ENTER
Right-click DumpFileSize, and then click Modify.
In Edit DWORD Value, under Base, click Decimal.
In Value data, type the appropriate value, and then click OK. The size of the dump file is in megabytes (MB).
Exit the Registry Editor.
To view the current destination path for the page file, run the following command:
wmic RECOVEROS get DebugFilePath
The default destination for DebugFilePath is %systemroot%\memory.dmp. To change the current destination path, run the following command:
wmic RECOVEROS set DebugFilePath =
et to the destination path. For example, the following command sets the memory dump destination path to C:\WINDOWS\MEMORY.DMP:
wmic RECOVEROS set DebugFilePath = C:\WINDOWS\MEMORY.DMP
Step 3: Set the type of memory dump
Determine the type of memory dump to configure for your server. To view the current memory dump type, run the following command:
wmic RECOVEROS get DebugInfoType
To change the current memory dump type, run the following command:
wmic RECOVEROS set DebugInfoType =
can be 0, 1, 2, or 3, as defined below.
0: Disable the removal of a memory dump.
1: Full memory dump. Records all the contents of system memory when your computer stops unexpectedly. A full memory dump may contain data from processes that were running when the memory dump was collected.
2: Kernel memory dump (default). Records only the kernel memory. This speed up the process of recording information in a log file when your computer stops unexpectedly.
3: Small memory dump. Records the smallest set of useful information that may help identify why your computer stopped unexpectedly.
7: Automatic memory Dump. This is new to windows 10 and new family of windows server.
Step 4: Configure the server to restart automatically after generating a memory dump
By default, the server automatically restarts after it generates a memory dump. To view the current configuration, run the following command:
wmic RECOVEROS get AutoReboot
If the value for AutoReboot is TRUE, the server will restart automatically after generating a memory dump. No configuration is needed and you can proceed to the next step.
If the value for AutoReboot is FALSE, the server will not restart automatically. Run the following command to change the value:
wmic RECOVEROS set AutoReboot = true
Step 5: Configure the server to overwrite the existing memory dump file
By default, the server overwrites the existing memory dump file when a new one is created. To determine if existing memory dump files are already configured to be overwritten, run the following command:
wmic RECOVEROS get OverwriteExistingDebugFile
If the value is 1, the server will overwrite the existing memory dump file. No configuration is needed, and you can proceed to the next step.
If the value is 0, the server won't overwrite the existing memory dump file. Run the following command to change the value:
wmic RECOVEROS set OverwriteExistingDebugFile = 1
Step 6: Set an administrative alert
Determine whether an administrative alert is appropriate and set SendAdminAlert accordingly. To view the current value for SendAdminAlert, run the following command:
wmic RECOVEROS get SendAdminAlert
The possible values for SendAdminAlert are TRUE or FALSE. To modify the existing SendAdminAlert value to true, run the following command:
wmic RECOVEROS set SendAdminAlert = true
Step 7: Set the memory dump's page file size
To check the current page file settings, run one of the following commands:
wmic.exe pagefile list /format:list
run the following command to configure the initial and maximum sizes of your page file:
wmic pagefileset where name="c:\pagefile.sys" set InitialSize=1000,MaximumSize=5000
Step 8: Configure the server to generate a manual memory dump
You can manually generate a memory dump by using a PS/2 keyboard. This feature is disabled by default, and it is not available for Universal Serial Bus (USB) keyboards.
To enable manual memory dumps by using a PS/2 keyboard, run the following command:
To determine if the feature has been enabled properly, run the following command:
Reg query HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ i8042prt \ Parameters / v CrashOnCtrlScroll
You must restart the server for the changes to take effect. You can restart the server by running the following command:
Shutdown / r / t 0
You can generate manual memory dumps with a PS/2 keyboard that is connected to your server by holding the RIGHT CTRL key while pressing the SCROLL LOCK key two times. This makes the computer bug check with error code 0xE2.
Roles and feature on Server core: -
Another most important task on server is to install windows server role and features.
Get-windowsfeature, Install-windowsfeature and uninstall-windowsfeature are major command to manage roles and feature on windows server core.
When you uninstall windows feature or role, binaries do not remove by default. These unnecessary binaries can take a lot of space. So, if you want to remove these binaries as well then use remove switch as well.