Application Compatibility Feature on Demand for Server Core

If you know me, you know that I’m a big fan of Windows Server Core. Server Core is a refactored and streamlined version of Windows Server that offers a smaller attack surface and reduced maintenance requirements. It’s ideally suited for roles like domain controllers (DCs), certification authority servers (CAs), DHCP and DNS servers, and file servers that can easily be managed remotely. Server Core lacks a Graphical User Interface (GUI), which can make administrative tasks more difficult. To support Server Core, administrators must have a firm grasp of the command line and PowerShell. Many organizations are reluctant to deploy Windows Server Core for this reason. For example, network interface configuration and disk management are common pain points for command-line administration. However, I’ve recently discovered something that might reduce this barrier to adoption.

GUI for Server Core?

I honestly don’t know how I missed this, but recently I learned of the Application Compatibility Feature on Demand for Windows Server Core. First introduced in October 2018 for Windows Server 2019 Core and supported through Windows Server 2025, the Application Compatibility Feature on Demand enables important GUI management consoles that help administrators configure and deploy Windows Server Core. It does not add the entire Windows Desktop Experience, of course, but it does introduce support for some critical GUI tools that administrators will find very helpful for installing and configuring various workloads on Server Core. Here are some examples.

Installation

To install the Application Compatibility Feature on Demand for Windows Server Core, open an elevated PowerShell command window and run the following PowerShell command.

Add-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~0.0.1.0

After running the command, restart the server to complete the installation.

Features and Capabilities

After installing the Application Compatibility Feature on Demand for Windows Server Core, administrators can perform local administration using many GUI tools they are already experienced with. Here are a few examples.

Network Control Panel

Having a GUI for network interface configuration is arguably the most essential benefit of this feature. Many administrators struggle with assigning IP addresses, DNS servers, DNS suffixes, and other network configuration-related tasks using the command line. Here, the classic Network Control Panel applet (ncpa.cpl) gives administrators the familiar GUI experience for managing network settings in Windows Server Core.

Disk Management

Right behind network configuration, disk configuration in Windows Server Core is one of the most challenging administrative tasks using the command line. The Application Compatibility Feature on Demand for Windows Server Core adds support for the well-known Disk Management GUI (diskmgmt.msc), which many administrators have used before.

Event Viewer

While using PowerShell is effective for parsing event log information on Windows Server Core, it’s sometimes easier to view event log information using the GUI (eventvwr.msc).

File Explorer

Copying files to and from a Windows Server Core instance is much easier with the Application Compatibility Feature on Demand for Windows Server Core installed. To perform file operations on Windows Server Core, simply open the Windows File Explorer (explorer.exe) as you would on Windows Server GUI.

Device Manager

Working with device drivers on Windows Server Core can be challenging even for the most experienced command-line administrators. Thankfully, the Application Compatibility Feature on Demand for Windows Server Core adds support for the Device Manager GUI (devmgmt.msc), which significantly simplifies this task.

Task Scheduler

Creating basic scheduled tasks using PowerShell isn’t terribly difficult. However, things become much more difficult when creating tasks with complicated requirements, such as odd schedules, and when using event-based triggers. The familiar Task Scheduler GUI (taskschd.msc) reduces this complexity, allowing administrators to use the GUI they are likely already experienced with.

Resource and Performance Monitor

Both the Resource Monitor (resmon.exe) and Performance Monitor (perfmon.exe) are essential tools for troubleshooting resource consumption and performance bottleneck issues on Windows Server. Both tools are included with this feature.

Resource Monitor (resmon.exe)

Performance Monitor (perfmon.exe)

What’s Missing

Sadly, installing the Application Compatibility Feature on Demand for Windows Server Core does not add GUI support for user and device certificate stores (certmgr.msc and certlm.msc, respectively). Administrators must continue to use certutil.exe or PowerShell to manage certificate stores on Windows Server Core. Alternatively, administrators can use a remote management workstation to perform these tasks using the GUI. However, even with this limitation, the Application Compatibility Feature on Demand greatly improves the Server Core administration experience.

Additional Tools

This feature update includes many other GUI tools in addition to the popular administrative GUI tools listed above. These are available ad hoc using the generic Microsoft Management Console (mmc.exe). Here are a few more GUI tools you might find helpful.

Routing and Remote Access Management Console – This will be especially helpful for Always On VPN administrators using RRAS in their environments.

Windows Firewall with Advanced Security – Managing Windows Firewall and IPsec Connection Security policies is now much easier using the same GUI included with Windows Server Desktop Experience.

Local Users and Groups – Local user and group administration tasks can now be performed using the same GUI that administrators are already comfortable with.

Group Policy, Security Policy, and Resultant Set of Policy (RSoP) – GUI management tools are now available for common local group and security policy administration. In addition, administrators have access to the RSoP policy GUI for GPO troubleshooting.

Other Tools – Administrators will also find the Hyper-V Manager and Failover Cluster Manager GUI consoles are included with this feature update.

Run mmc.exe at the command line and choose File > Add/Remove Snap-in to access these GUI tools.

Summary

Don’t let the lack of a full GUI stop you from deploying Server Core! The Application Compatibility Feature on Demand makes Server Core accessible without sacrificing its core benefits. If command-line concerns have held you back from deploying Server Core, this feature removes that barrier. Start with a test deployment on a non-critical server and experience how Server Core’s reduced attack surface and lower maintenance overhead can work in your environment—without abandoning the GUI tools you rely on.

Additional Information

Application Compatibility Feature on Demand for Windows Server Core

Always On VPN and RRAS on Windows Server Core

10 PowerShell Commands Always On VPN Administrators Should Know

Always On VPN DPC Commercial Support

The Always On VPN Dynamic Profile Configurator (DPC) is a free, open-source solution that helps administrators deploy and manage Always On VPN client configuration settings using Active Directory, Group Policy, or Microsoft Intune. Since version 5.0, DPC has been publicly available and widely adopted. Until now, support has been limited to the community Discord channel. Many organizations, however, require formal support before they can deploy software, even open-source solutions. To meet this need, Leo D’Arcy and I are now offering a commercial support option for DPC.

Why Commercial Support Matters

Enterprises rely on accountability and timely assistance to ensure business-critical services run smoothly. Open source provides flexibility and cost savings, but it often lacks the reliability guarantees companies require. Commercial support bridges that gap—delivering confidence, faster resolutions, and compliance with internal support standards.

Customer Success Story

A UK National Health Service (NHS) Trust, an early customer of the support program, praised the impact of DPC on its remote access strategy. An infrastructure engineer at the NHS trust has this to say about DPC and commercial support:

“We have recently transitioned from SSL VPN to AOVPN and took the opportunity to use DPC to manage our configuration and deployment. We’ve previously experimented with Microsoft’s officially documented process, but DPC really simplifies and streamlines the implementation and management of the AOVPN tunnels.

During rollout, we discovered an issue that caused the user tunnel config to become corrupt. Being able to directly communicate and troubleshoot with Leo and the team meant that we were quickly able to have a fix and a new version of the client ready for deployment.

We are now running DPC and AOVPN on around 4000 endpoints with around 2000 concurrent connections each day. Feedback from users is very positive, and DPC simplifies ongoing management.”

Value Added

This real-world experience highlights the two most significant benefits of DPC with commercial support: rapid issue resolution (direct access to the people who build the software) and confidence at scale (thousands of endpoints, thousands of daily connections).

What DPC Commercial Support Includes

Purchasing a commercial support package provides:

  • 1 year of support services (renewable)
  • Direct access to Leo D’Arcy, lead developer of DPC
  • Support from Richard Hicks for DPC-related queries
  • Enhanced troubleshooting beyond community channels
  • Prioritized bug fixes
  • Early consideration for new feature requests
  • Dedicated private channels for secure communication

Don’t Wait

With a commercial support package, your organization gains expert guidance, faster issue resolution, and direct access to the team that builds and maintains DPC. DPC commercial support ensures smooth deployments, reduced risks, and compliance with internal support requirements

Learn More

Interested in a commercial support contract for Always On VPN DPC? Email us at [email protected] or complete the form below, and we’ll get back to you with more information.

Additional Information

Always On VPN DPC Open Source

Always On VPN DPC Features

Always On VPN DPC Advanced Features

Migrating from Always On VPN DPC Commercial to Open Source

Always On VPN DPC with Microsoft Intune

Always On VPN Discord Channel

Always On VPN DPC Commercial Support

The Always On VPN Dynamic Profile Configurator (DPC) is a free, open-source solution that helps administrators deploy and manage Always On VPN client configuration settings using Active Directory, Group Policy, or Microsoft Intune. Since version 5.0, DPC has been publicly available and widely adopted. Until now, support has been limited to the community Discord channel. Many organizations, however, require formal support before they can deploy software, even open-source solutions. To meet this need, Leo D’Arcy and I are now offering a commercial support option for DPC.

Why Commercial Support Matters

Enterprises rely on accountability and timely assistance to ensure business-critical services run smoothly. Open source provides flexibility and cost savings, but it often lacks the reliability guarantees companies require. Commercial support bridges that gap—delivering confidence, faster resolutions, and compliance with internal support standards.

Customer Success Story

A UK National Health Service (NHS) Trust, an early customer of the support program, praised the impact of DPC on its remote access strategy. An infrastructure engineer at the NHS trust has this to say about DPC and commercial support:

“We have recently transitioned from SSL VPN to AOVPN and took the opportunity to use DPC to manage our configuration and deployment. We’ve previously experimented with Microsoft’s officially documented process, but DPC really simplifies and streamlines the implementation and management of the AOVPN tunnels.

During rollout, we discovered an issue that caused the user tunnel config to become corrupt. Being able to directly communicate and troubleshoot with Leo and the team meant that we were quickly able to have a fix and a new version of the client ready for deployment.

We are now running DPC and AOVPN on around 4000 endpoints with around 2000 concurrent connections each day. Feedback from users is very positive, and DPC simplifies ongoing management.”

Value Added

This real-world experience highlights the two most significant benefits of DPC with commercial support: rapid issue resolution (direct access to the people who build the software) and confidence at scale (thousands of endpoints, thousands of daily connections).

What DPC Commercial Support Includes

Purchasing a commercial support package provides:

  • 1 year of support services (renewable)
  • Direct access to Leo D’Arcy, lead developer of DPC
  • Support from Richard Hicks for DPC-related queries
  • Enhanced troubleshooting beyond community channels
  • Prioritized bug fixes
  • Early consideration for new feature requests
  • Dedicated private channels for secure communication

Don’t Wait

With a commercial support package, your organization gains expert guidance, faster issue resolution, and direct access to the team that builds and maintains DPC. DPC commercial support ensures smooth deployments, reduced risks, and compliance with internal support requirements

Learn More

Interested in a commercial support contract for Always On VPN DPC? Email us at [email protected] or complete the form below, and we’ll get back to you with more information.

Additional Information

Always On VPN DPC Open Source

Always On VPN DPC Features

Always On VPN DPC Advanced Features

Migrating from Always On VPN DPC Commercial to Open Source

Always On VPN DPC with Microsoft Intune

Always On VPN Discord Channel