🏹 👩🏿‍💼 🧔🏾 Push Windows Server onto a low-powered VPS using Windows Server Core 🎚️ 👩‍👧 🧝🏽

Due to the gluttony of Windows systems, lightweight Linux distributions dominate the VPS environment: Mint, Colibri OS, Debian or Ubuntu, which are deprived of the unnecessary, heavyweight desktop environment as part of our tasks. As they say, only the console, only hardcore! And in fact, this is not an exaggeration at all: the same Debian starts on 256 MB of memory and one core with a clock cycle of 1 Ghz, that is, on almost any “stump”. For comfortable work, you will need from 512 MB and a processor a little faster. But what if we tell you that roughly the same can be done on Windows VPS? What does not need to roll heavy Windows Server, which requires three to four hectares of RAM and a minimum of a couple of cores with a clock speed of 1.4 GHz? Just use the Windows Server Core - get rid of the GUI and some services. We will talk about how to do this in an article.

Who is this your Windows Server Core?

There is no clear information about what Windows (server) Core is even on the official website of Mikes, or rather, everything is so confusing that you won’t understand right away, but the first references date back to the era of Windows Server 2008. In fact, Windows Core is a workable Windows kernel Server (suddenly!), “Lost weight” by the size of its own GUI and about half of the side services.

The main feature of Windows Core is low hardware requirements and fully console management through PowerShell.

If you go to the Microsoft website and check the technical requirements, then to start Windows Server 2016/2019 you will need 2 gigs of RAM and at least one core with a clock speed of 1.4 GHz. But we all understand that with this configuration we can only expect the system to start, but certainly not the comfortable operation of our OS. For this reason, Windows Server is usually allocated more memory and at least 2 cores / 4 threads from the processor, if they do not provide it with an expensive physical machine on some Xeon, instead of a cheap virtual machine.

At the same time, the core of the server system itself requires only 512 MB of memory, and those processor resources that were consumed by the GUI just to simply render on the screen and keep their numerous services running can be used for something more useful.

Here is a comparison of supported out-of-the-box Windows Core services and full-fledged Windows Server from the official Microsoft website:

application	server core	server with desktop experience
Command prompt	available	available
Windows PowerShell / Microsoft .NET	available	available
Perfmon.exe	not available	available
Windbg (GUI)	supported	available
Resmon.exe	not available	available
Regedit	available	available
Fsutil.exe	available	available
Disksnapshot.exe	not available	available
Diskpart.exe	available	available
Diskmgmt.msc	not available	available
Devmgmt.msc	not available	available
Server manager	not available	available
Mmc.exe	not available	available
Eventvwr	not available	available
Wevtutil (Event queries)	available	available
Services.msc	not available	available
Control panel	not available	available
Windows Update (GUI)	not available	available
Windows explorer	not available	available
Taskbar	not available	available
Taskbar notifications	not available	available
Taskmgr	available	available
Internet Explorer or Edge	not available	available
Built-in help system	not available	available
Windows 10 Shell	not available	available
Windows Media Player	not available	available
Powerhell	available	available
PowerShell ISE	not available	available
PowerShell IME	available	available
Mstsc.exe	not available	available
Remote Desktop Services	available	available
Hyper-V Manager	not available	available

As you can see, a lot has been cut out of Windows Core. Services and processes associated with the GUI of the system went under the knife, as well as any "garbage" that definitely would not be needed on our console virtual machine, for example, Windows Media Player.

Almost like Linux but not him

I really want to compare Windows Server Core with Linux distributions, but in reality this is not entirely correct. Yes, these systems are similar to each other in terms of reduced resource consumption due to the abandonment of the GUI and many side services, but in terms of operation and some assembly approaches, it is still Windows, and not a unix system.

The simplest example is that with the help of manual assembly of the Linux kernel and the subsequent installation of packages and services, even the lightest Linux distribution can be turned into something heavy and similar to a Swiss knife (I really want to play jokey about Python and insert a picture from the series “If Programming Languages Were Weapons ”, but we will not). In Windows Core, this freedom is much less, because we, nevertheless, are dealing with a Microsoft product.

Windows Server Core comes with a ready-made assembly, the default configuration of which can be estimated from the table above. If you need something from the list of unsupported, you will have to add the missing elements online through the console. However, do not forget about Feature on demand and the ability to deflate components as .cab files, which you can then add to the assembly before installation. But this scenario does not work if you already found in the process that you are missing one of the cut services.

But what distinguishes the Core version from the full one is the ability to update the system and add services without stopping work. Windows Core supports rolling hot packages without reboot. As a result, based on practical observations: a machine running Windows Core needs to be restarted ~ 6 times less often than running Windows Server, that is, once every six months, and not once a month.

A nice bonus for administrators is that if you use the system as intended - through the console, without RDP - and do not make a second Windows Server out of it, then it becomes extremely secure compared to the full version. After all, most of the vulnerabilities in Windows Server fall on RDP and the actions of a user who, through this same RDP, does what should not. This is similar to the story with Henry Ford and his relation to the color of the car: "Any customer can have a car painted any color that he wants so long as it is black ." So it is with the system: the user can communicate in any way with the system, the main thing is that he does this through the console .

Install and manage Windows Server 2019 Core

We mentioned earlier that Windows Core is actually a Windows Server without a GUI wrapper. That is, you can use almost any version of Windows Server as the core version, that is, abandon the GUI. For products of the Windows Server 2019 family, this is 3 of 4 server builds: the core mode is available for Windows Server 2019 Standard Edition, Windows Server 2019 Datacenter and Hyper-V Server 2019, that is, only Windows Server 2019 Essentials falls out of this list.

At the same time, the installation package for Windows Server Core does not need to be searched. In the standard installer from Microsoft, the core version is offered literally by default, when you must manually select the version with the GUI:

There are actually more options for managing the system than the one mentioned by PowerShell, which is offered by the manufacturer by default. There are at least five different ways to manage a virtual machine on Windows Server Core:

Remote PowerShell
Remote Server Administration Tools (RSAT);
Windows Admin Center
Sconfig;
Server Manager

The first three positions are of most interest: standard PowerShell, RSAT and Windows Admin Center. However, it is important to understand that when we gain the benefits of one of the tools, we also get the limitations imposed by it.

We will not describe the capabilities of the console; PowerShell is PowerShell, with its obvious pros and cons. RSAT and WAC are a little more complicated.

WAC gives you access to important system controls such as registry editing and disk and device management. RSAT in the first case works only in the viewing mode and will not allow any changes to be made, and for managing disks and physical devices of Remote Server Administration Tools you need a GUI, which is not about our case. In general, RSAT cannot work with files and, accordingly, updates, installing / uninstalling programs in editing the registry.

▍ System Management

	Wac	RSAT
Component management	Yes	Yes
Registry Editor	Yes	No
Network management	Yes	Yes
Event Viewer	Yes	Yes
Shared Folders	Yes	Yes
Drive management	Yes	Only for servers with a GUI
Task Scheduler	Yes	Yes
Device management	Yes	Only for servers with a GUI
File management	Yes	No
user management	Yes	Yes
Group management	Yes	Yes
Certificate management	Yes	Yes
Updates	Yes	No
Uninstall programs	Yes	No
System monitor	Yes	Yes

On the other hand, RSAT gives us full control over the roles on the machine, when, like the Windows Admin Center, it can literally do nothing. Here is a comparison of the capabilities of RSAT and WAC in this aspect, for clarity:

▍Management roles

	Wac	RSAT
Advanced thread protection	TEXT	No
Windows defender	TEXT	Yes
Containers	TEXT	Yes
AD Administrative Center	TEXT	Yes
AD Domain and Trusts	No	Yes
AD sites and services	No	Yes
DHCP	TEXT	Yes
DNS	TEXT	Yes
DFS Manager	No	Yes
GPO Manager	No	Yes
IIS Manager	No	Yes

That is, it is already clear that if you abandon the GUI and PowerShell in favor of other controls, getting rid of using some kind of mono tool will not work: for full administration on all fronts, we need at least a bunch of RSAT and WAC.

It should be remembered that the use of WAC will have to pay 150-180 megabytes of RAM. When connected, the Windows Admin Center creates 3-4 sessions on the server side, which are not killed even when the tool is disconnected from the virtual machine. WAC also does not work with older versions of PowerShell, so you will need a minimum of PowerShell 5.0. All this runs counter to our paradigm of austerity of resources, but you have to pay for comfort. In our case, by RAM.

Another option for managing Server Core is installing third-party GUIs so as not to drag those tons of garbage that come in a full assembly along with the interface.

In this case, we have two options: roll out the original Explorer to the system or use Explorer ++. As an alternative to the latter, any file manager is suitable: Total Commander, FAR Manager, Double Commander and so on. The latter is preferable if the memory saving is critical for you. You can add Explorer ++ or any other file manager by creating a network folder and launching it through the console or scheduler.

Installing a full-fledged Explorer will give us more options in terms of working with software equipped with a UI. For this we will have to contactServer Core App Compatibility Feature on Demand (FOD) which will return to the system MMC, Eventvwr, PerfMon, Resmon, Explorer.exe and even Powershell ISE. However, you will have to pay for this, as is the case with WAC: we will irretrievably lose about 150-200 megabytes of RAM, which merrily devour explorer.exe and other services. Even if the machine does not have an active user.

This is how the memory consumption of the system on machines with and without the native Explorer package looks like.

This raises the logical question: why all these dances with PowerShell, FOD, file managers, if any step left-right leads to an increase in RAM consumption? Why cover yourself with a bunch of tools and shy from side to side to ensure comfortable work on Windows Server Core, when you can just roll Windows Server 2016/2019 and live like a white person?

There are several reasons for using Server Core. First: the current is almost half the memory consumption. If you remember, this condition was the basis of our article at the very beginning. For comparison, the memory consumption of Windows Server 2019, compare with the screenshots just above:

And so, 1146 MB of consumed memory instead of 655 MB on Core.

Assuming you don’t need WAC and you use Explorer ++ instead of the original Explorer, you will still win almost half a hectare on every virtual machine running Windows Server. If there is only one virtual machine, then the growth is insignificant, but if there are five of them? Here the presence of a GUI matters, especially if you do not need it.

Secondly, any dancing around Windows Server Core will not lead you to the fight against the main problem of operating Windows Server - RDP and its safety (more precisely, its complete absence). Windows Core even in the form of FOD, RSAT and WAC is still a server without RDP, that is, it is not subject to 95% of existing attacks.

In the balance

In general, Windows Core is only slightly “fatter” than any stock Linux distribution, but much more functional. If you need freeing up resources and you are ready to work with the console, WAC and RSAT, use file managers instead of a full GUI, then Core is worth paying attention to. Moreover, it will not be possible to pay extra for a full-fledged Windows, and spend the money saved on the upset of your VPS by adding, for example, RAM. For convenience, we have added Windows Server Core to our marketplace .