Definitive list of Windows Server installations without GUIs

‘Server Core’ has been around for quite a while. Roughly for as long as this domain exists (registered on January 19, 2008, while Windows Server 2008 was released on February 4, 2008).

About Server Core

Server Core is a significantly scaled-back installation and/or run type for Windows Server where no Windows Explorer shell is installed. All configuration and maintenance is done entirely through command-line interface windows, or by connecting to the machine remotely using Microsoft Management Console. However, Notepad and some control panel applets, such as Regional Settings, are available.

Microsoft’s primary motivation for producing a Server Core variant of Windows Server was to reduce the attack surface of the operating system.

List of Windows Server versions

A question I get regularly is which Windows Server versions can be run without Graphical User Interface, which Windows Server versions come without a GUI and which Windows Server offer the Server Core installation option.

The list below serves as the definitive list of released Windows Server versions.
It will be updated when Microsoft releases new versions of Windows Server.

Windows Server 2008

Released: February 4, 2008
Server Core: Installation option

Windows Server 2008 was the first version of Windows Server 2008, where the Server Core installation option could be chosen. Server Core was not the default installation option. Server Core installations of Windows Server 2008 do not offer .NET or PowerShell, but do offer the pre-release version of Hyper-V out of the box.

Hyper-V Server 2008

Released: December 30, 2008
Server Core: Only

Hyper-V Server 2008 was the first release of Microsoft’s purpose-built Hypervisor installation version. It is unavailable with a GUI and most Server Roles cannot be installed or configured. To facilitate configuring Hyper-V Server, it came with hvconfig.cmd, hvconfig.vbs and WUA_SearchDownloadInstall.vbs.

Windows Server 2008 R2

Released: October 22, 2009
Server Core: Installation option

Windows Server 2008 R2 added .NET and Windows PowerShell to the Server Core installation option.

Hyper-V Server 2008 R2

Released: October 22, 2009
Server Core: Only

Hyper-V Server 2008 R2 was introduced alongside Windows Server 2008 R2.

Windows Server 2012

Released: October 30, 2012
Server Core: Default installation option, switchable

Windows Server 2012 did away with the Enterprise edition of Windows Server. However, it added the ability to add and remove the GUI layers in full installations of Windows Server to get to a Server Core installation from an attack surface point of view.

Server Core installation of Windows Server 2012 were the first installations that featured sconfig.cmd, a derivative of Hyper-V Server’s hvconfig.cmd.

Hyper-V Server 2012

Released: October 30, 2012
Server Core: Only

Hyper-V Server 2012 is a logical upgrade to Hyper-V Server 2008 R2.

Windows Server 2012 R2

Released: November 25, 2013
Server Core: Default installation option, switchable

Windows Server 2012 R2 introduced several new roles, including the new Web Application Proxy role, that are perfectly suitable to be outfitted as Server Core installations. This is the last version where the GUI layers can be removed and added.

Hyper-V Server 2012 R2

Released: November 25, 2013
Server Core: Only

Hyper-V Server 2012 R2 is the purpose-built version of Windows Server for Hyper-V.

Windows Server 2016

Released: October 15, 2016
Server Core: Default installation option

Windows Server 2016 removed the ability to add and remove the GUI layers. If Server Core is needed, it needs to be installed as Server Core installation. In this version, ‘Full installation’ is remarketed as ‘Windows Server with Desktop Experience’.

Windows Server 2016 is the first Long Term Servicing Channel (LTSC) release in Microsoft’s new release schedule for Windows Server.

Hyper-V Server 2016

Released: October 15, 2016
Server Core: Only

Windows Server, version 1803

Released: April 30, 2018
Server Core: Only

Windows Server version 1803 was the first semi-annual (SAC) release of Windows Server. Semi-annual releases are available as Server Core, only. Windows Server version 1803 focused on making container technology available to organizations.

Windows Server, version 1809

Released: November 13, 2018
Server Core: Only

Windows Server version 19809 is a semi-annual release of Windows Server as Server Core only. Its release coincided with the release of Windows Server 2019, but offered many skip-ahead features.

Windows Server 2019

Released: November 13, 2018 (December 2018)
Server Core: Default installation option

After being announced at Ignite 2018 in Orlando, Microsoft released Windows Server 2019 on November 23, 2018. It was released for two short days, until reported problems lead to the conclusion at Microsoft that the quality of the Operating Systems was sub-par. It was rereleased in December 2018 and features Features on Demand for application compatibility.

Windows Server, version 1903

Released: May 21, 2019
Server Core: Only

Windows Server version 1903 is a semi-annual release of Windows Server as Server Core only.

Hyper-V Server 2019

Released: November 13, 2018 (June 2019)
Server Core: Only

After many months of delays, Hyper-V Server 2019 was released in June 2019.

Further reading

Windows Server release information

KnowledgeBase: Unable to convert to Server with a GUI from Server Core on an upgraded Windows Server 2012 machine

Microsoft has released KnowledgeBase article 2775484, that describes a situation, where you’re unable to convert an upgraded Windows Server 2012 Full Installation to Server Core and back.

The situation

You upgrade a full installation of Windows Server 2008 x64 or Windows Server 2008 R2 to Windows Server 2012 and choose the option “Server with a GUI”.

After the upgrade you convert the Server with a GUI installation to Server Core.
In this scenario, if you try to convert back to Server with a GUI, the operation may fail and rollback to Server Core.

The cause

This problem occurs, because of three registry entires from Windows Server 2008 or Windows Server 2008 R2 being retained during the upgrade:

These three registry entries exist in

HKLMSOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers

And are named:

• {bc2eeeec-b77a-4a52-b6a4-dffb1b1370cb}
• {57e0b31d-de8c-4181-bcd1-f70e880b49fc}
• {8c9dd1ad-e6e5-4b07-b455-684a9d879900}

The resolution

To be able to convert the Windows Server 2012 installation, these registry keys need to be removed.

You can perform these actions with RegEdit.ex, but, alternatively, you can start NotePad, paste the following three commands, save the file as a .bat file and then run it from an elevated command prompt:

reg delete HKLMSOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{bc2eeeec-b77a-4a52-b6a4-dffb1b1370cb}

reg delete HKLMSOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{57e0b31d-de8c-4181-bcd1-f70e880b49fc}

reg delete HKLMSOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{8c9dd1ad-e6e5-4b07-b455-684a9d879900}

After you restart the machine you will be able to convert the machine to a “Server with a GUI”.

3rd Party management applications and Server Core

Microsoft introduced the Server Core Installation option in the pre-releases of Windows Server 2008 four years ago. Since that time, many improvements have been made to the manageability of Server Core installations. Also, many dedicated 3rd Party and open source Server Core management applications have been introduced and Server Core admin have adopted these and already existing tools to manage their servers.

Personally, I’m an advocate of using the built-in management capabilities of Windows Server. I feel Microsoft has made big strides in Server Core Management with sconfig and Server Manager Remoting in Windows Server 2008 R2. Realistically though, I still  run into fierce challenges sometimes to configure certain settings.

Sometimes I install an application for these purposes. Temporarily.

There’s a big reason why I won’t install 3rd party local management applications on my Server Core installations. I don’t use Revo Uninstaller and CCleaner on my boxes fulltime. They are part of my Server Core Helper DVD, along with a slew of other tools, but when I’m done with the settings they typically change, these programs are uninstalled.

Here’s why.

1. Some of the applications I use were never designed or written with Server Core installations in mind. Calling a non-existent API might cause unpredictable behavior in these applications.
2. Some of the applications have dubious ownership. Although the goal of the program may be to perform an action like removing unused items in Windows (Server Core doesn’t have much of these items, by the way), the goal of the writer or publisher of the application might be completely different. (installing adware, for instance, to gain an income or gathering statistics of usage of Server Core installations to justify the program itself to superiors)
3. Any 3rd party application increases the attack surface of the installation. Remember, Microsoft uses a non-disclosure policy about vulnerabilities and hotfixes. The application you’ve installed on Server Core might just have a vulnerability that could make an attacker compromise the entire box.
4. Keeping a Server Core installations with tons of 3rd party applications up to date is hard. Even if you pick applications from software publishers that have a disclosure policy for vulnerabilities, work actively to patch their products and have good reputations, keeping hundreds of their product installations up to date (with their update mechanism) is ad hoc, unreportable and thus unreliable. You lose overview pretty quickly.

A Server Core installation, however, will never be really rid of 3rd party applications. For UPS, anti-malware, backup & restore, reporting, monitoring, asset management and central management agents may still be needed, dependent on the environment.

For these 3rd party agents and applications a policy needs to be in place to keep these agents and applications up to date. Don’t make it harder on yourself than strictly needed and ban loading local management applications on your Server Core installations.

Fun with FSMO roles and Functional Levels on Server Core Domain Controllers

Sometimes, in an environment with all Server Core Domain Controllers, it is hard to migrate your Active Directory Domain Controllers from Server Core installations of Windows Server 2008 to Server Core installations of Windows Server 2008 R2.

Steps

The steps to migrate Server Core Domain Controllers on Windows Server 2008 to Windows Server 2008 R2 through Transitioning, are:

1. Perform a system state back-up of the Windows Server 2008 Server Core Domain Controllers
2. Run adprep.exe or adprep32.exe from the Windows Server 2008 R2 installation media (depending on the processor architecture of the Windows Server 2008 Server Core Domain Controllers, ie. x86 or x64)
3. Install Windows Server 2008 R2 Server Core on servers and promote them to Domain Controllers for your existing domain, using dcpromo.exe 
4. Check the dcpromo.log and dcpromoui.log files and the event viewer to search for possible problems
5. Take care of FSMO roles and Global Catalog placement
6. Demote your Windows Server 2008 Server Core Domain Controllers
7. Raise the Domain Functional Level and  Forest Functional Level

For more information on these steps, read this blog post.

While many steps in the process can be performed, like one would on Full installations of these Operating Systems, other steps may be performed using the Remote Server Administration Tools (RSAT). Two steps, in particular, though, proves to be cumbersome when performing through the Remote Server Administration Tools. It turns out, these steps are actually fun to perform on the PowerShell of your Server Core Domain Controllers. These steps would be step 5 and step 7.

Manage FSMO roles

On a Windows Server 2008 R2 Server Core Domain Controller to transfer a Flexible Single Master Operations Role, perform one of these PowerShell one-liners:

Tip!
Don’t forget to run Import-Module Active Directory before running any of the below commands…

Some Server Core Domain Controllers heading for a dead end street

You know, in terms of deploying servers in a smart way, so you can actually utilize them for as long as their economical lifecycle in a supported fashion without a need to reinstall them, I’ve made a stupid decision in advising IT Pros to deploy Server Core Domain Controllers in the last two years.

The problem, you see, is the product team responsible for Active Directory has made a design choice to leave the old world of RPC behind and to introduce a new way to manage Domain Controllers: using the Active Directory web service.

Windows Server 2008 R2 is the first Windows Server product featuring this new service, which besides the server component of the web service, also unlocks the usage of a whole load of other goodies like Active Directory PowerShell cmdlets and the Active Directory Administrative Center (ADAC). (when used from a Windows 7 or Windows Server 2008 R2-based management box)

While the decision was made a while ago, only now do I realize the impact. Now that Microsoft released the Active Directory Management Gateway Service (Active Directory Web Service for Windows Server 2003 and Windows Server 2008) and both Jorge and Tomasz blogged about it. This Stand-alone Update Package basically adds the Active Directory Web Services service to Domain Controllers, running:

• Windows Server 2003 with Service Pack 2
• Windows Server 2003 R2 with Service Pack 2
• Windows Server 2008
• Windows Server 2008 with Service Pack 2

Except there’s one problem: .Net Framework 3.5 with Service Pack 1 (SP1) is required. Whoops! That’s not exactly available on Server Core installations of Windows Server 2008 in a supported fashion.

As a consequence Windows Server 2008-based Server Core Domain Controllers can not be used in combination with the Active Directory PowerShell cmdlets and the the Active Directory Administrative Center (ADAC).

Note:
Windows Server 2008 R2-based Server Core Domain Controllers, however, can be managed using the Active Directory PowerShell cmdlets and the Active Directory Administrative Center (ADAC). One of the new features of Server Core installations in Windows Server 2008 R2 is the availability of the .Net Framework.

Actually when you try to install the Active Directory Management Gateway Service on a Windows Server 2008-based Server Core Domain Controller a check is performed upon your system.

Server Core installations fail the check. The result is an error stating “The update does not apply to your system” as shown above on a x64 Server Core installation of Windows Server 2008 (OperatingSKU 13). This box was setup as a Domain Controller and configured with the Primary Domain Controller emulator (PDCe) FSMO role (DomainRole 5).

Concluding

When running an environment with Windows Server 2008-based Server Core Domain Controllers, a requirement to use the Active Directory PowerShell cmdlets or Active Directory Administrative Center (ADAC) implicates the need to reinstall the Windows Server 2008-based Server Core Domain Controllers as Full installations or the need to upgrade the Windows Server 2008-based Server Core Domain Controllers to Windows Server 2008 R2-based Server Core Domain Controllers.

Further reading

Download Details: Active Directory Management Gateway Service 
What does the Active Directory Management Gateway Service do?  
What’s New in AD DS: Active Directory Web Services   
The Active Directory Management Gateway Service is now available 
Active Directory Management Gateway Service for Windows Server 2003 and 2008 
Manage YOUR Windows 2003/2008 DCs USING AD POWERSHELL !   
The Active Directory Management Gateway Service is now Available for Windows Server 2008 and Windows Server 2003 
Active Directory Management Gateway Service 
Have you successfully installed Active Directory Management Gateway Service on 2008? 
Active Directory Management Gateway Service is RTW 
Q. What is Active Directory Management Gateway Service (ADMGS)?   
What is Active Directory Management Gateway Service (ADMGS)? 
Active Directory Gateway WebService is available for ‘legacy’ OSes