Two Windows Server features that have been widely ignored by the enterprise community deserve a second look -- especially because Microsoft has enhanced them in Windows Server 2012: Server Core and DirectAccess.
Here's what you should know about each, so you can take advantage of their underused potential.
The simple power of Server Core
Server Core is the stripped-down interface for Windows Server, and as such, it eliminates the GUI services and dependencies that can be used to attack the system. In Windows Server 2012, Server Core has been expanded to include most roles -- it can do almost everything, unlike its predecessor.
Server Core still starts with a cmd.exe shell rather than PowerShell because of the dependencies of PowerShell, which is a bit of a drag; it'd be nice if Microsoft retired cmd.exe. But you can swing into PowerShell from Server Core's cmd.exe by typing
powershell. (and you can edit the registry to make PowerShell the default shell.)
Should you want to switch into the GUI, type
Add-WindowsFeature Server-GUI-Shell to install the Server GUI. (When you want to remove the GUI, open PowerShell and type
Remove-WindowsFeature Server-GUI-Shell.) It's easy to swap back and forth between these two modes.
But really you don't need or want to run the GUI on your servers. Remember: Servers are meant to be workhorses. Having a resource-intensive GUI only robs your system of the processor and memory it needs to do its job. It's better to use the command line through remote PowerShell.
You might be thinking you can have your GUI and full server resources too by remoting into the server from your desktop; that way, you use the desktop's resources instead of the server's to get the GUI interface you know and love. Don Jones, a PowerShell expert and Microsoft MVP, says you shouldn't get comfortable in doing that. He believes Windows Server 2012 is a "shot across the bow" for a future Windows Server that will have no GUI at all. His advice: "Stay off the console."
This time, DirectAccess really lets you lose the VPN
Originally released in Windows Server 2008, DirectAccess promised to eliminate the need for VPN connection setup woes by allowing systems to connect directly to their internal LAN. This was supposed to allow domain-managed clients to access their corporate network any time they were on the Internet without having to go through a VPN.
But due to the complexity of setup (such as the requirement of having IPv6 on the internal network) and finicky nature of DirectAccess, many companies avoided it. Instead, most either stayed with traditional SSL VPNs or used Forefront Unified Access Gateway (UAG) to provide secure remote access. Some used DirectAccess with UAG, which made DirectAccess work better but also greatly increased the complexity of setup and management.