Deploying DirectAccess on Windows Server 2016 core is recommended to ensure the highest level of security and availability for the remote access solution. Server core is a stripped-down, command-line only version of Windows that removes many features unnecessary to support common server workloads. It’s reduced attack surface improves security, and this leaner version of the Windows OS requires less maintenance (patching), resulting in fewer reboots which increases overall availability. It has a smaller disk and memory footprint too which results in quicker system restarts, when required.
Removing the GUI
Historically I’ve recommended that DirectAccess administrators deploy Windows server with the full GUI first, then remove it later after validation testing is complete. Prior to placing it in production, the GUI can be removed by running the following PowerShell command.
Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -Restart
This works flawlessly in Windows Server 2012 and Windows Server 2012 R2. However, when running this command on a Windows Server 2016 server you will receive the following error message.
Uninstall-WindowsFeature : ArgumentNotValid: The role, role service, or feature name is not valid:
‘Server-Gui-Mgmt-Infra’. The name was not found.
Changes in Windows Server 2016
This happens because Microsoft quietly removed the option to switch back and forth between the full GUI version and the core version of Windows beginning with Windows Server 2016.
Source: https://docs.microsoft.com/en-us/windows-server/get-started/getting-started-with-server-core
It is still recommended that DirectAccess be deployed on server core to provide the most secure and reliable experience. However, since it is no longer possible to switch from GUI to core, it must be deployed in serve core configuration upon initial installation.
Additional Information
DirectAccess and Windows Server 2012 R2 Core
Configure Windows Server Core to use PowerShell by Default
Planning and Implementing DirectAccess with Windows Server 2016 Video Training Course
Managing and Supporting DirectAccess with Windows Server 2016 Video Training Course
