Windows Server core is minimal installation option for windows server. It has a small footprint which benefits smaller attack surface. There is no GUI in server core and there are many windows features which is not supported in Server core. Windows Server core is more stable as there are few updates needs to be install and less memory, CPU, disk space required to run server core.
Server core doesn’t include below GUI shell packages: -
Here is list of available roles and features which are available in server core: -
Note: - If you are not sure about how to use powershell command then always use get-help command. You can provide -examples switch which as well help you in understanding that how you can use command with correct syntax.
To Add domain account on local administrator group you can use
net localgroup administrators /add \
Server activation: -
Again, you can use sconfig or windows inbuild slmgr vbscipt to active your windows.
In Sconfig you have to select option 11 and with slmgr use below command
cscript windows\system32\slmgr.vbs :-ato
Managing Windows Server core: -
There are many methods to manage server core. Here is lit of few: -
Windows Admin Center
Run Multiple CMD or PowerShell windows: -
By default, only one command or PowerShell open in Server core.
I found out a way to open multiple CMD or PowerShell windows. I used taskmgr which open task manager and from there I go to file and run new task. In window type PowerShell or cmd which open new window. By doing this you can have multiple windows.
To enable your local server to be managed by Server Manager running on a remote server, you must enable smremoting. Run below powershell command to enable it on server core: -
You can also use MMC Snap-In to manage server core remotely. MMC Like Computer management allow you to manage server core remotely. For domain joined computer it works fine without doing any extra efforts. But non-domain joined server need some additional steps. You need alternate credential, so you can access server remotely. Use below command to provide alternate credential on remote server and then you can manage server core through MMC.
cmdkey /add: /user: /pass:
If you want to be prompted for a password, omit the /pass option.
You also must allow windows firewall to enable remote management on server core, so you can use remote management tool to manage it remotely.
To Check status of Windows remote management group run below: -
Get-NetFirewallRule -DisplayGroup "Windows Remote management" | ft displaygroup, action
It will show you if remote management group rule is allowed or not. If not, then run below: -
To change the current memory dump type, run the following command:
wmic RECOVEROS set DebugInfoType =
can be 0, 1, 2, or 3, as defined below.
0: Disable the removal of a memory dump.
1: Full memory dump. Records all the contents of system memory when your computer stops unexpectedly. A full memory dump may contain data from processes that were running when the memory dump was collected.
2: Kernel memory dump (default). Records only the kernel memory. This speed up the process of recording information in a log file when your computer stops unexpectedly.
3: Small memory dump. Records the smallest set of useful information that may help identify why your computer stopped unexpectedly.
7: Automatic memory Dump. This is new to windows 10 and new family of windows server.
Step 4: Configure the server to restart automatically after generating a memory dump
By default, the server automatically restarts after it generates a memory dump. To view the current configuration, run the following command:
wmic RECOVEROS get AutoReboot
If the value for AutoReboot is TRUE, the server will restart automatically after generating a memory dump. No configuration is needed and you can proceed to the next step.
If the value for AutoRebootis FALSE, the server will not restart automatically. Run the following command to change the value:
wmic RECOVEROS set AutoReboot = true
Step 5: Configure the server to overwrite the existing memory dump file
By default, the server overwrites the existing memory dump file when a new one is created. To determine if existing memory dump files are already configured to be overwritten, run the following command:
wmic RECOVEROS get OverwriteExistingDebugFile
If the value is 1, the server will overwrite the existing memory dump file. No configuration is needed, and you can proceed to the next step.
If the value is 0, the server won't overwrite the existing memory dump file. Run the following command to change the value:
wmic RECOVEROS set OverwriteExistingDebugFile = 1
Step 6: Set an administrative alert
Determine whether an administrative alert is appropriate and set SendAdminAlert accordingly. To view the current value for SendAdminAlert, run the following command:
To determine if the feature has been enabled properly, run the following command:
Reg query HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ i8042prt \ Parameters / v CrashOnCtrlScroll
You must restart the server for the changes to take effect. You can restart the server by running the following command:
Shutdown / r / t 0
You can generate manual memory dumps with a PS/2 keyboard that is connected to your server by holding the RIGHT CTRL key while pressing the SCROLL LOCK key two times. This makes the computer bug check with error code 0xE2.
Roles and feature on Server core: -
Another most important task on server is to install windows server role and features.
Get-windowsfeature, Install-windowsfeature and uninstall-windowsfeature are major command to manage roles and feature on windows server core.
When you uninstall windows feature or role, binaries do not remove by default. These unnecessary binaries can take a lot of space. So, if you want to remove these binaries as well then use remove switch as well.