I'm at Kona Loa in Mission Viejo, Calif swarmapp.com/c/aLwux4rD92F:: 5 hours ago

5 game losing streak now for the @angels. Now 3.5 games back in the 2nd wildcard behind MN. Going the wrong way! :/ #angels #mlb:: 16 hours ago

Well, that escalated predictably. :/ #angels #mlb #nobullpen:: 17 hours ago

.@VictorRojas You know how many @angels fans are booing Pierzynski right now? ;) #angels #mlb:: 19 hours ago

Did you miss my #DirectAccess and @NetMotion webinar this week? Watch the recording online here. rmhci.co/2walG1c:: 21 hours ago

Follow @richardhicks

DirectAccess on Windows Server 2016 Core

Deploying DirectAccess on Windows Server 2016 core is recommended to ensure the highest level of security and availability for the remote access solution. Server core is a stripped-down, command-line only version of Windows that removes many features unnecessary to support common server workloads. It’s reduced attack surface improves security, and this leaner version of the Windows OS requires less maintenance (patching), requiring fewer reboots which increases overall availability. It has a smaller disk and memory footprint too which results in quicker system restarts, when required.

Removing the GUI

Historically I’ve recommended that DirectAccess administrators deploy Windows server with the full GUI first, then remove it later after validation testing is complete. Prior to placing it in production, the GUI can be removed by running the following PowerShell command.

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -Restart

This works flawlessly in Windows Server 2012 and Windows Server 2012 R2. However, when running this command on a Windows Server 2016 server you will receive the following error message.

Uninstall-WindowsFeature : ArgumentNotValid: The role, role service, or feature name is not valid:
‘Server-Gui-Mgmt-Infra’. The name was not found.

Changes in Windows Server 2016

This happens because Microsoft quietly removed the option to switch back and forth between the full GUI version and the core version of Windows beginning with Windows Server 2016.

Source: https://docs.microsoft.com/en-us/windows-server/get-started/getting-started-with-server-core

It is still recommended that DirectAccess be deployed on server core to provide the most secure and reliable experience. However, since it is no longer possible to switch from GUI to core, it must be deployed in serve core configuration upon initial installation.

Additional Information

DirectAccess and Windows Server 2012 R2 Core

Configure Windows Server Core to use PowerShell by Default

Planning and Implementing DirectAccess with Windows Server 2016 Video Training Course

Managing and Supporting DirectAccess with Windows Server 2016 Video Training Course

Implementing DirectAccess with Windows Server 2016 Book

2 Comments

by Richard M. Hicks on August 28, 2017 • Permalink

Posted in DirectAccess, PowerShell, Remote Access, Security, VPN, Windows 10, Windows Server 2012 R2, Windows Server 2016

Tagged availability, command line, Core, DirectAccess, GUI, performance, PowerShell, Remote Access, security, Server Core, VPN, Windows Server 2016, Windows server core

Posted by Richard M. Hicks on August 28, 2017

https://directaccess.richardhicks.com/2017/08/28/directaccess-on-windows-server-2016-core/

Richard M. Hicks Consulting, Inc.

MVP Profile

Training

Connect

Mailing List

Buy This!

@richardhicks

Facebook

RSS Feed

Archives

Categories

Tag Cloud

All posts tagged command line

DirectAccess on Windows Server 2016 Core

DirectAccess Book

Consulting

NetMotion Mobility

KEMP Technologies

PointSharp ID

Recent Posts

DirectAccess Resources

Richard M. Hicks Consulting, Inc.

MVP Profile

Training

Connect

Mailing List

Buy This!

@richardhicks

Facebook

RSS Feed

Archives

Categories

Tag Cloud

All posts tagged command line

DirectAccess on Windows Server 2016 Core

Share this:

Like this:

DirectAccess Book

Consulting

NetMotion Mobility

KEMP Technologies

PointSharp ID

Recent Posts

DirectAccess Resources