Windows Server Core is a refactored version of the full Windows Server operating system. Server Core does not include a Graphical User Interface (GUI) and must be managed via the command line or with PowerShell. The Routing and Remote Access Service (RRAS) is a supported workload on all supported versions of Windows Server including Windows Server 2022. Always On VPN administrators should consider installing and configuring RRAS on Windows Server Core to ensure their VPN infrastructure’s best security and performance.
Server Core Benefits
Windows Server Core is a minimal installation option of the Windows Server operating system that provides numerous benefits, particularly for environments where security, resource efficiency, and reduced maintenance overhead are essential. Here are some of the key benefits of using Windows Server Core.
Minimized Attack Surface – Windows Server Core has a smaller footprint compared to the full GUI version, which means fewer components and services are installed by default. This reduces the potential attack surface and minimizes security vulnerabilities.
Enhanced Security – With fewer components and a reduced attack surface, there are fewer potential vectors for malware or unauthorized access. This makes Windows Server Core a more secure choice for critical server roles like RRAS.
Reduced Maintenance – Since there are fewer components to update, patching and maintaining a Windows Server Core system is quicker and requires less effort. This is especially beneficial in large-scale server deployments.
Improved Stability – By removing the graphical user interface (GUI), Windows Server Core has fewer processes running in the background, leading to a more stable and predictable server environment.
Simplified Management – Windows Server Core is designed for remote administration. It allows the administrator to manage it using command-line tools, PowerShell, or remote management tools like the Remote Server Administration Tools (RSAT) and Windows Admin Center. This makes it easier to manage multiple servers from a single location.
Faster Reboots – Windows Servers require periodic reboots. With Windows Server Core, reboot times are considerably faster, resulting in less downtime during maintenance periods.
RSAT
The Remote Server Administration Tools (RSAT) can be installed on Windows clients and servers to enable remote administration using the familiar Routing and Remote Access Management console (rrasmgmt.msc) and Remote Access Management console (ramgmtui.exe) GUI tools.
Windows Client
To install the Remote Access Management tools on Windows client operating systems, navigate to Settings > Apps > Optional Features. Click Add a feature, select RSAT: Remote Access Management Tools, then click Install.
Optionally the Remote Access Management tools can be installed by running the following PowerShell command.
Add-WindowsCapability -Online -Name Rsat.RemoteAccess.Management.Tools~~~~0.0.1.0
Windows Server
To install the Remote Access Management tools on Windows Server run the following PowerShell command.
Install-WindowsFeature -Name RSAT-RemoteAccess
Windows Admin Center
The Windows Admin Center is a free remote management tool from Microsoft for managing Windows Server (core and GUI) remotely. It is especially helpful for Server Core management as it provides a GUI for many common administrative tasks.
You can download Windows Admin Center here.
Additional Information
Windows Server Core Installation Option
Windows Server Core vs. Desktop
PowerShell is an important skill for administrators supporting Microsoft workloads including DirectAccess and Always On VPN. Using PowerShell to install required roles and features is much simpler and quicker than using the Graphical User Interface (GUI), with only a single command required to accomplish this task. Some settings aren’t exposed in the GUI and can only be configured using PowerShell. In addition, PowerShell makes the task of troubleshooting DirectAccess and Always On VPN much easier.
Deploying DirectAccess on Windows Server 2016 core is recommended to ensure the highest level of security and availability for the remote access solution. Server core is a stripped-down, command-line only version of Windows that removes many features unnecessary to support common server workloads. It’s reduced attack surface improves security, and this leaner version of the Windows OS requires less maintenance (patching), resulting in fewer reboots which increases overall availability. It has a smaller disk and memory footprint too which results in quicker system restarts, when required.
