I do have to say after using Windows 2012 server for a while in my lab and to host several Hyper-V machines for research and testing I do have to say I like it. It is a lot less resource intensive that Windows 2008 and Windows 2008 R2 are, the use of WinRM for Remote Management and the Server Manager interface makes administrating several servers a breeze, the best part of all is that I can administer the server completely with Windows PowerShell and for those cases that I need the GUI I can install and remove it to save a couple of MB of memory and reduce the attack surface of the box.
The main reason that the GUI can be modified is that the components for it are now features of the OS:
- Graphical Management Tools and Infrastructure (Server-Gui-Mgmt-Infra): provides a minimal server interface and server management tools. The components for it are:
- Server Manager
- Microsoft Management Console (MMC) and snap-ins
- Subset of Control Panel
- Server Graphical Shell (Server-Gui-Shell): it is dependent on the first feature and provides the rest of the GUI experience. The component of it are:
- Desktop
- Start screen
- Windows Explorer
- Internet Explorer
In he blog post I will cover how to use PowerShell for adding and removing of the features since PowerShell is available in server core with none of the components installed.
Here is Windows 2012 Server Core default install after logging on as administrator:
The terminal it provides is cmd.exe so to get to Windows PowerShell we need to type powershell and press enter. In PowerShell we can use the Windows Feature functions to add and remove features. To list them we can use the Get-Command cmdlet:
PS C:\Users\Administrator> Get-Command *windowsfeature* -Type function,cmdlet CommandType Name ModuleName ----------- ---- ---------- Function Get-WindowsFeature ServerManager Function Install-WindowsFeature ServerManager Function Uninstall-WindowsFeature ServerManager
We find that we can get the Windows Features currently installed on the system, we can Install and Uninstall Windows Features also. to get a list of the options and examples of use for each we can use Get-Help cmdlet with the –Full paramter:
Get-Help Install-WindowsFeature -Full
Lets start by installing only the Graphical Management Tools and Infrastructure (Server-Gui-Mgmt-Infra), this will give us the tools for only managing the server but not for browsing the web or doing some activities that might cause the server to fall for a client side attack. To install we just use the Install-WindowsFeaturefunction and give it the parameter to restart the server after it is installed:
Install-WindowsFeature Server-Gui-Mgmt-Infra –Restart
Once it is ran PowerShell will show the progress of the installation:
Once the server starts and one logs on we can see that. Once the server reboots and one logs one Server Manager will come up automatically and can be used for management tasks.
If we want the full desktop experience and the addition of Internet Explorer we just need to run the following command to add that component:
Install-WindowsFeature Server-Gui-Shell –Restart
One shortcut to install all if you are in Core enumerate the features with the word GUI and since PowerShell is an Object Based shell we can pass the objects it returns to the Install-WindowsFeture function to install those:
Get-WindowsFeature *gui* | Install-WindowsFeature -Restart
Once the server reboots and the user logs in they should have a full GUI experience:
One thing to take in to account on this system with no GUI as a Core only server default install memory use was around 322MB of memory, with the Infrastructure Management Tool support only it was around436MB of memory and with the full GUI Experience it was around 527MB of memory. I would recommend only having Server-Gui-Mgmt-Infra installed as a mid point of usability and reduces attack surface on the server.
I hope you found the information on the blog post useful.
No comments:
Post a Comment