2 Windows Server features worth a second look

Server Core and DirectAccess are underused by IT admins, but recent changes in Windows Server 2012 make them valuable

Two Windows Server features that have been widely ignored by the enterprise community deserve a second look -- especially because Microsoft has enhanced them in Windows Server 2012: Server Core and DirectAccess.

Here's what you should know about each, so you can take advantage of their underused potential.

[ Get ready for Windows Server 2012 with the Windows Server 2012 Deep Dive PDF special report. | Stay atop key Microsoft technologies in our Technology: Microsoft newsletter. ]

The simple power of Server Core

Server Core is the stripped-down interface for Windows Server, and as such, it eliminates the GUI services and dependencies that can be used to attack the system. In Windows Server 2012, Server Core has been expanded to include most roles -- it can do almost everything, unlike its predecessor.

Server Core still starts with a cmd.exe shell rather than PowerShell because of the dependencies of PowerShell, which is a bit of a drag; it'd be nice if Microsoft retired cmd.exe. But you can swing into PowerShell from Server Core's cmd.exe by typing powershell. (and you can edit the registry to make PowerShell the default shell.)

Should you want to switch into the GUI, type Add-WindowsFeature Server-GUI-Shell to install the Server GUI. (When you want to remove the GUI, open PowerShell and type Remove-WindowsFeature Server-GUI-Shell.) It's easy to swap back and forth between these two modes.

But really you don't need or want to run the GUI on your servers. Remember: Servers are meant to be workhorses. Having a resource-intensive GUI only robs your system of the processor and memory it needs to do its job. It's better to use the command line through remote PowerShell.

You might be thinking you can have your GUI and full server resources too by remoting into the server from your desktop; that way, you use the desktop's resources instead of the server's to get the GUI interface you know and love. Don Jones, a PowerShell expert and Microsoft MVP, says you shouldn't get comfortable in doing that. He believes Windows Server 2012 is a "shot across the bow" for a future Windows Server that will have no GUI at all. His advice: "Stay off the console."

This time, DirectAccess really lets you lose the VPN

Originally released in Windows Server 2008, DirectAccess promised to eliminate the need for VPN connection setup woes by allowing systems to connect directly to their internal LAN. This was supposed to allow domain-managed clients to access their corporate network any time they were on the Internet without having to go through a VPN.

But due to the complexity of setup (such as the requirement of having IPv6 on the internal network) and finicky nature of DirectAccess, many companies avoided it. Instead, most either stayed with traditional SSL VPNs or used Forefront Unified Access Gateway (UAG) to provide secure remote access. Some used DirectAccess with UAG, which made DirectAccess work better but also greatly increased the complexity of setup and management.

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies