Windows Server Core offers a streamlined approach to server deployment, focusing on essential functionalities while minimizing the operating system’s footprint. This installation option is designed for efficiency and security, providing a robust foundation for specific Server Roles. While it’s common to discuss what’s not included in Server Core, this article takes a different perspective, offering a comprehensive overview of the roles, role services, and features that are integral to Windows Server Core. Understanding these components is crucial for determining if Server Core aligns with your environment’s needs and optimizing your server infrastructure. This guide serves as your central resource to navigate the landscape of server roles within Windows Server Core.
Roles Included in Server Core
Server Core is designed to host specific server roles efficiently. These roles are the core functionalities a server provides within a network. Below is a table detailing the server roles available in the Server Core installation option. Note that while these roles are included, they are not installed by default, allowing administrators to select and deploy only the necessary roles for their specific scenarios.
| Role | Name | Installed by Default? | Description |
|---|---|---|---|
| Active Directory Certificate Services | AD-Certificate | No | Provides services for creating, managing, distributing, and revoking digital certificates. Essential for secure communication and authentication within a domain. |
| Active Directory Domain Services | AD-Domain-Services | No | The foundation of Active Directory, managing users, computers, and resources in a domain. Crucial for centralized identity and access management. |
| Active Directory Federation Services | ADFS-Federation | No | Enables federated identity management and single sign-on (SSO) across organizational boundaries. Supports secure access to applications and services. |
| Active Directory Lightweight Directory Services | ADLDS | No | A lightweight directory service providing flexible support for directory-enabled applications, without the dependencies of AD DS. |
| Active Directory Rights Management Services | ADRMS | No | Protects sensitive information from unauthorized access by controlling usage rights to documents and emails. |
| Device Health Attestation | DeviceHealthAttestationService | No | Allows enterprises to ensure that only healthy devices can access their resources, enhancing security posture. |
| DHCP Server | DHCP | No | Dynamically assigns IP addresses and network configuration parameters to devices on a network, simplifying network administration. |
| DNS Server | DNS | No | Translates domain names into IP addresses, enabling users to access websites and services using familiar names. A fundamental networking service. |
| File and Storage Services | FileAndStorage-Services | Yes | Provides core file server capabilities, allowing users to store and share files. Installed by default for basic file serving functionality. |
| Host Guardian Service | HostGuardianServiceRole | No | A critical component for shielded virtual machines, ensuring only authorized and healthy Hyper-V hosts can run shielded VMs. |
| Hyper-V | Hyper-V | No | Microsoft’s virtualization platform, enabling the creation and management of virtual machines. Allows for efficient resource utilization and server consolidation. |
| Print and Document Services | Print-Services | No | Enables server-based print management, allowing users to share printers across a network. |
| Remote Access | RemoteAccess | No | Provides VPN and DirectAccess capabilities, enabling secure remote connections for users to access network resources. |
| Remote Desktop Services | Remote-Desktop-Services | No | Enables users to access applications and desktops remotely. Note that some RDS services are not available in Server Core. |
| Volume Activation Services | VolumeActivation | No | Simplifies and manages the activation of Microsoft software volumes, ensuring license compliance. |
| Web Server IIS | Web-Server | No | Internet Information Services (IIS) provides a platform for hosting websites and web applications. A powerful and flexible web server. |
| Windows Server Essentials Experience | ServerEssentialsRole | No | Tailored for small businesses, offering features like simplified management and remote access. |
| Windows Server Update Services | UpdateServices | No | Centralizes and manages the distribution of updates and patches to computers in a network, improving security and stability. |
Role Services Included in Server Core
Role services are granular components that extend the functionality of server roles. They allow for customization and the deployment of only the specific features needed for a particular role. The following table details the role services available within the Server Core installation option, categorized by their respective roles.
| Role | Role Service | Name | Installed by Default? | Description |
|---|---|---|---|---|
| Active Directory Certificate Services | Certification Authority | ADCS-Cert-Authority | No | Issues and manages digital certificates, forming the core of a public key infrastructure (PKI). |
| Certificate Enrollment Policy Web Service | ADCS-Enroll-Web-Pol | No | Allows users and computers to retrieve certificate enrollment policies via the web. | |
| Certificate Enrollment Web Service | ADCS-Enroll-Web-Svc | No | Enables certificate enrollment through a web interface, simplifying the certificate request process. | |
| Certification Authority Web Enrollment | ADCS-Web-Enrollment | No | Provides a web interface for users to request and renew certificates from a certification authority. | |
| Network Device Enrollment Service | ADCS-Device-Enrollment | No | Enables network devices like routers and switches to obtain certificates automatically. | |
| Online Responder | ADCS-Online-Cert | No | Provides real-time certificate revocation status information, crucial for maintaining trust in certificates. | |
| Active Directory Rights Management | Active Directory Rights Management Server | ADRMS-Server | No | The server component of ADRMS, responsible for issuing licenses and managing protected content. |
| Identity Federation Support | ADRMS-Identity | No | Enables ADRMS to integrate with federated identity systems, extending protection across organizations. | |
| File and Storage Services | File and iSCSI Services | File-Services | No | Provides core file server functionalities and iSCSI target capabilities. |
| File Server | FS-FileServer | No | The fundamental service for sharing files and folders on a network. | |
| BranchCache for Network Files | FS-BranchCache | No | Optimizes network bandwidth by caching frequently accessed files locally in branch offices. | |
| Data Deduplication | FS-Data-Deduplication | No | Reduces storage space consumption by eliminating redundant copies of data. | |
| DFS Namespaces | FS-DFS-Namespace | No | Creates logical namespaces for shared folders, simplifying access to distributed file resources. | |
| DFS Replication | FS-DFS-Replication | No | Replicates files across multiple servers, ensuring data availability and redundancy. | |
| File Server Resource Manager | FS-Resource-Manager | No | Provides tools to manage and classify files, enforce storage quotas, and generate reports. | |
| File Server VSS Agent Service | FS-VSS-Agent | No | Enables Volume Shadow Copy Service (VSS) snapshots of files on file shares for backup and recovery. | |
| iSCSI Target Server | iSCSITarget-Server | No | Turns the server into an iSCSI target, providing block-level storage to other servers and devices. | |
| iSCSI Target Storage Provider (VDS and VSS hardware providers) | iSCSITarget-VSS-VDS | No | Enables hardware providers to manage iSCSI target storage through Virtual Disk Service (VDS) and VSS. | |
| Server for NFS | FS-NFS-Service | No | Allows sharing files with UNIX and Linux clients using the Network File System (NFS) protocol. | |
| Work Folders | FS-SyncShareService | No | Enables users to synchronize work files between their devices and a central file server. | |
| Storage Services | Storage-Services | Yes | Provides foundational storage management services. Installed by default as part of File and Storage Services. | |
| Print and Document Services | Print Server | Print-Server | No | Centralizes print management, allowing administrators to manage printers and print queues. |
| LPD Service | Print-LPD-Service | No | Supports the Line Printer Daemon (LPD) protocol, enabling printing from UNIX and Linux systems. | |
| Remote Access | DirectAccess and VPN (RAS) | DirectAccess-VPN | No | Provides both DirectAccess for seamless always-on connectivity and traditional VPN for remote access. |
| Routing | Routing | No | Enables the server to act as a router, forwarding network traffic between different network segments. | |
| Web Application Proxy | Web-Application-Proxy | No | Provides reverse proxy functionality for web applications, enhancing security and manageability. | |
| Remote Desktop Services | Remote Desktop Connection Broker* | RDS-Connection-Broker | No | Manages and directs user connections to remote desktop session hosts or virtual desktops. |
| Remote Desktop Licensing | RDS-Licensing | No | Manages Remote Desktop Services client access licenses (CALs), ensuring license compliance. | |
| Remote Desktop Virtualization Host | RDS-Virtualization | No | Enables hosting virtual desktops using Hyper-V, providing a virtual desktop infrastructure (VDI). | |
| Web Server (IIS) | Web Server | Web-WebServer | No | The core web server service of IIS, responsible for processing HTTP requests and serving web content. |
| Common HTTP Features | Web-Common-Http | No | Includes essential HTTP features like default documents, directory browsing, and HTTP errors. | |
| Default Document | Web-Default-Doc | No | Configures the default document served when a user accesses a website without specifying a file name. | |
| Directory Browsing | Web-Dir-Browsing | No | Enables users to view a list of files and folders in a website directory if no default document is found. | |
| HTTP Errors | Web-Http-Errors | No | Allows customization of HTTP error pages displayed to users. | |
| Static Content | Web-Static-Content | No | Enables serving static content like HTML files, images, and CSS files efficiently. | |
| HTTP Redirection | Web-Http-Redirect | No | Redirects HTTP requests to different URLs, useful for website restructuring or maintenance. | |
| WebDAV Publishing | Web-DAV-Publishing | No | Enables Web Distributed Authoring and Versioning (WebDAV) for collaborative web content authoring. | |
| Health and Diagnostics | Web-Health | No | Includes features for monitoring the health and performance of IIS, such as HTTP logging and request monitoring. | |
| HTTP Logging | Web-Http-Logging | No | Logs HTTP requests and responses, providing valuable data for website traffic analysis and troubleshooting. | |
| Custom Logging | Web-Custom-Logging | No | Allows customization of HTTP logging to capture specific data points. | |
| Logging Tools | Web-Log-Libraries | No | Provides libraries and tools for working with IIS logs. | |
| ODBC Logging | Web-ODBC-Logging | No | Enables logging website activity to an ODBC database. | |
| Request Monitor | Web-Request-Monitor | No | Provides real-time monitoring of HTTP requests being processed by IIS. | |
| Tracing | Web-Http-Tracing | No | Enables detailed tracing of HTTP requests for debugging and performance analysis. | |
| Performance | Web-Performance | No | Includes features to optimize IIS performance, such as static and dynamic content compression. | |
| Static Content Compression | Web-Stat-Compression | No | Compresses static content before serving it to clients, reducing bandwidth usage and improving page load times. | |
| Dynamic Content Compression | Web-Dyn-Compression | No | Compresses dynamic content, such as ASP.NET pages, before serving it to clients. | |
| Security | Web-Security | No | Includes security features to protect IIS websites, such as request filtering and authentication methods. | |
| Request Filtering | Web-Filtering | No | Filters HTTP requests based on various criteria, such as URL, headers, and file extensions, to prevent malicious requests. | |
| Basic Authentication | Web-Basic-Auth | No | Enables basic authentication, prompting users for usernames and passwords for access. | |
| Centralized SSL Certificate Support | Web-CertProvider | No | Simplifies management of SSL certificates for multiple websites on the same server. | |
| Client Certificate Mapping Authentication | Web-Client-Auth | No | Authenticates users based on client certificates. | |
| Digest Authentication | Web-Digest-Auth | No | Enables digest authentication, a more secure form of authentication than basic authentication. | |
| IIS Client Certificate Mapping Authentication | Web-Cert-Auth | No | Maps client certificates to Active Directory user accounts for authentication. | |
| IP and Domain Restrictions | Web-IP-Security | No | Restricts access to websites based on IP addresses or domain names. | |
| URL Authorization | Web-Url-Auth | No | Authorizes access to specific URLs based on user roles or permissions. | |
| Windows Authentication | Web-Windows-Auth | No | Integrates IIS authentication with Windows domain accounts for seamless single sign-on within a domain. | |
| Application Development | Web-App-Dev | No | Includes features for developing web applications, such as .NET extensibility, ASP, and CGI support. | |
| .NET Extensibility 3.5 | Web-Net-Ext | No | Enables running web applications built on .NET Framework 3.5. | |
| .NET Extensibility 4.6 | Web-Net-Ext45 | No | Enables running web applications built on .NET Framework 4.6. | |
| Application Initialization | Web-AppInit | No | Pre-loads web applications when IIS starts, improving responsiveness for initial requests. | |
| ASP | Web-ASP | No | Supports Active Server Pages (ASP) for dynamic web content generation. | |
| ASP.NET 3.5 | Web-Asp-Net | No | Supports ASP.NET 3.5 for building web applications. | |
| ASP.NET 4.6 | Web-Asp-Net45 | No | Supports ASP.NET 4.6 for building web applications. | |
| CGI | Web-CGI | No | Supports Common Gateway Interface (CGI) for running executable programs to generate dynamic content. | |
| ISAPI Extensions | Web-ISAPI-Ext | No | Supports Internet Server Application Programming Interface (ISAPI) extensions for high-performance web application modules. | |
| ISAPI Filters | Web-ISAPI-Filter | No | Supports ISAPI filters for intercepting and modifying HTTP requests and responses. | |
| Server Side Includes | Web-Includes | No | Supports Server Side Includes (SSI) for embedding dynamic content in HTML pages. | |
| WebSocket Protocol | Web-WebSockets | No | Enables WebSocket support for real-time, bidirectional communication between web servers and clients. | |
| FTP Server | Web-Ftp-Server | No | Enables hosting FTP sites for file transfer. | |
| FTP Service | Web-Ftp-Service | No | The core FTP service of IIS. | |
| FTP Extensibility | Web-Ftp-Ext | No | Provides extensibility for the IIS FTP server. | |
| Management Tools | Web-Mgmt-Tools | No | Includes tools for managing IIS, such as IIS Manager and command-line tools. | |
| IIS 6 Management Compatibility | Web-Mgmt-Compat | No | Provides compatibility with IIS 6 management tools for managing older IIS configurations. | |
| IIS 6 Metabase Compatibility | Web-Metabase | No | Enables compatibility with the IIS 6 metabase configuration system. | |
| IIS 6 Scripting Tools | Web-Lgcy-Scripting | No | Provides scripting tools for managing IIS 6. | |
| IIS 6 WMI Compatibility | Web-WMI | No | Enables management of IIS 6 using Windows Management Instrumentation (WMI). | |
| IIS Management Scripts and Tools | Web-Scripting-Tools | No | Includes scripts and command-line tools for managing IIS. | |
| Management Service | Web-Mgmt-Service | No | Enables remote management of IIS using IIS Manager and other management tools. | |
| Windows Server Update Services | WID Connectivity | UpdateServices-WidDB | No | Enables WSUS to use the Windows Internal Database (WID) for storing update metadata. |
| WSUS Services | UpdateServices-Services | No | The core services of WSUS, responsible for synchronizing updates and managing client computers. | |
| SQL Server Connectivity | UpdateServices-DB | No | Enables WSUS to use a SQL Server database for storing update metadata (alternative to WID). |
*Services indicated with a * are no longer available in server core starting with Server 2019 1803.
Features Included in Server Core
Features are additional functionalities that are not directly server roles but provide support and enhancements to the operating system and its roles. These can range from .NET Framework components to management tools and networking enhancements. Below is a table of features included in Server Core.
| Feature | Name | Installed by Default? | Description |
|---|---|---|---|
| .NET Framework 3.5 Features | NET-Framework-Features | No | Enables support for applications that require .NET Framework 3.5. Includes compatibility for applications built on older .NET versions. |
| .NET Framework 3.5 (includes .NET 2.0 and 3.0) | NET-Framework-Core | (removed) | |
| HTTP Activation | NET-HTTP-Activation | No | |
| Non-HTTP Activation | NET-Non-HTTP-Activ | No | |
| .NET Framework 4.6 Features | NET-Framework-45-Features | Yes | Provides the core components of .NET Framework 4.6, essential for many modern server applications and management tools. |
| .NET Framework 4.6 | NET-Framework-45-Core | Yes | |
| ASP.NET 4.6 | NET-Framework-45-ASPNET | No | |
| WCF Services | NET-WCF-Services45 | Yes | |
| HTTP Activation | NET-WCF-HTTP-Activation45 | No | |
| Message Queuing (MSMQ) Activation | NET-WCF-MSMQ-Activation45 | No | |
| Named Pipe Activation | NET-WCF-Pipe-Activation45 | No | |
| TCP Activation | NET-WCF-TCP-Activation45 | No | |
| TCP Port Sharing | NET-WCF-TCP-PortSharing45 | Yes | |
| Background Intelligent Transfer Service (BITS) | BITS | No | Enables background file transfers, used by Windows Update and other applications. |
| Compact Server | BITS-Compact-Server | No | |
| BitLocker Drive Encryption | BitLocker | No | Provides full disk encryption to protect data at rest. |
| BranchCache | BranchCache | No | Caches frequently accessed content locally, reducing bandwidth usage in branch offices. |
| Client for NFS | NFS-Client | No | Enables access to Network File System (NFS) shares on UNIX and Linux servers. |
| Containers | Containers | No | Supports containerization technologies, allowing for application isolation and efficient deployment. |
| Data Center Bridging | Data-Center-Bridging | No | Enhances Ethernet networks for data center environments with features like priority-based flow control. |
| Enhanced Storage | EnhancedStorage | No | Supports enhanced storage features, such as hardware encryption and diagnostics. |
| Failover Clustering | Failover-Clustering | No | Enables high availability for server roles by clustering multiple servers together for redundancy. |
| Group Policy Management | GPMC | No | Group Policy Management Console for managing Group Policy settings in an Active Directory environment. |
| I/O Quality of Service | DiskIo-QoS | No | Enables quality of service (QoS) for disk I/O, allowing prioritization of critical applications. |
| IIS Hostable Web Core | Web-WHC | No | Allows hosting web applications within custom processes, outside of the full IIS environment. |
| IP Address Management (IPAM) Server | IPAM | No | Provides centralized management of IP address space, DNS, and DHCP services. |
| iSNS Server service | ISNS | No | Internet Storage Name Service (iSNS) server, used for discovering iSCSI targets in a storage network. |
| Management OData IIS Extension | ManagementOdata | No | Enables management of IIS using OData-based APIs. |
| Media Foundation | Server-Media-Foundation | No | Provides multimedia platform support for applications that require media playback or processing. |
| Message Queuing | MSMQ | No | Enables asynchronous message queuing for application communication. |
| Message Queuing Services | MSMQ-Services | No | |
| Message Queuing Server | MSMQ-Server | No | |
| Directory Service Integration | MSMQ-Directory | No | |
| HTTP Support | MSMQ-HTTP-Support | No | |
| Message Queuing Triggers | MSMQ-Triggers | No | |
| Routing Service | MSMQ-Routing | No | |
| Message Queuing DCOM Proxy | MSMQ-DCOM | No | |
| Multipath I/O | Multipath-IO | No | Enables multiple network paths for storage connections, improving resilience and performance. |
| MultiPoint Connector | MultiPoint-Connector | No | Enables integration with Windows MultiPoint Server for shared computing environments. |
| MultiPoint Connector Services | MultiPoint-Connector-Services | No | |
| MultiPoint Manager and MultiPoint Dashboard | MultiPoint-Tools | No | |
| Network Load Balancing | NLB | No | Distributes network traffic across multiple servers, improving scalability and availability for network services. |
| Peer Name Resolution Protocol | PNRP | No | Enables peer-to-peer name resolution for decentralized applications. |
| Quality Windows Audio Video Experience | qWave | No | Quality Windows Audio Video Experience (qWave) for network prioritization of multimedia streams. |
| Remote Differential Compression | RDC | No | Efficiently transfers only changed portions of files over a network, reducing bandwidth usage. |
| Remote Server Administration Tools | RSAT | No | Suite of tools for remotely managing Windows Servers from a client computer. |
| Feature Administration Tools | RSAT-Feature-Tools | No | |
| BitLocker Drive Encryption Administration Utilities | RSAT-Feature-Tools-BitLocker | No | |
| DataCenterBridging LLDP Tools | RSAT-DataCenterBridging-LLDP-Tools | No | |
| Failover Clustering Tools | RSAT-Clustering | No | |
| Failover Cluster Module for Windows PowerShell | RSAT-Clustering-PowerShell | No | |
| Failover Cluster Automation Server | RSAT-Clustering-AutomationServer | No | |
| Failover Cluster Command Interface | RSAT-Clustering-CmdInterface | No | |
| IP Address Management (IPAM) Client | IPAM-Client-Feature | No | |
| Shielded VM Tools | RSAT-Shielded-VM-Tools | No | |
| Storage Replica Module for Windows PowerShell | RSAT-Storage-Replica | No | |
| Role Administration Tools | RSAT-Role-Tools | No | |
| AD DS and AD LDS Tools | RSAT-AD-Tools | No | |
| Active Directory module for Windows PowerShell | RSAT-AD-PowerShell | No | |
| AD DS Tools | RSAT-ADDS | No | |
| Active Directory Administrative Center | RSAT-AD-AdminCenter | No | |
| AD DS Snap-Ins and Command-Line Tools | RSAT-ADDS-Tools | No | |
| AD LDS Snap-Ins and Command-Line Tools | RSAT-ADLDS | No | |
| Hyper-V Management Tools | RSAT-Hyper-V-Tools | No | |
| Hyper-V Module for Windows PowerShell | Hyper-V-PowerShell | No | |
| Windows Server Update Services Tools | UpdateServices-RSAT | No | |
| API and PowerShell cmdlets | UpdateServices-API | No | |
| DHCP Server Tools | RSAT-DHCP | No | |
| DNS Server Tools | RSAT-DNS-Server | No | |
| Remote Access Management Tools | RSAT-RemoteAccess | No | |
| Remote Access module for Windows PowerShell | RSAT-RemoteAccess-PowerShell | No | |
| RPC over HTTP Proxy | RPC-over-HTTP-Proxy | No | Enables RPC over HTTP for accessing Exchange Server and other RPC-based applications over the internet. |
| Setup and Boot Event Collection | Setup-and-Boot-Event-Collection | No | Enables collecting setup and boot events for troubleshooting and analysis. |
| Simple TCP/IP Services | Simple-TCPIP | No | Includes simple TCP/IP services like echo, daytime, and chargen (often disabled for security reasons). |
| SMB 1.0/CIFS File Sharing Support | FS-SMB1 | Yes | Supports the older SMB 1.0/CIFS protocol for file sharing (generally recommended to disable for security). |
| SMB Bandwidth Limit | FS-SMBBW | No | Enables bandwidth limiting for SMB file shares. |
| SNMP Service | SNMP-Service | No | Simple Network Management Protocol (SNMP) service for network device monitoring. |
| SNMP WMI Provider | SNMP-WMI-Provider | No | WMI provider for SNMP, allowing access to SNMP data through WMI. |
| Telnet Client | Telnet-Client | No | Telnet client for connecting to remote Telnet servers (generally discouraged for security reasons). |
| VM Shielding Tools for Fabric Management | FabricShieldedTools | No | Tools for managing shielded virtual machines in a Hyper-V fabric. |
| Windows Defender Features | Windows-Defender-Features | Yes | Core Windows Defender features, providing basic anti-malware protection. |
| Windows Defender | Windows-Defender | Yes | |
| Windows Internal Database | Windows-Internal-Database | No | Windows Internal Database (WID), a lightweight database engine used by some Windows features. |
| Windows PowerShell | PowerShellRoot | Yes | Foundational Windows PowerShell components. Installed by default. |
| Windows PowerShell 5.1 | PowerShell | Yes | |
| Windows PowerShell 2.0 Engine | PowerShell-V2 | (removed) | |
| Windows PowerShell Desired State Configuration Service | DSC-Service | No | |
| Windows PowerShell Web Access | WindowsPowerShellWebAccess | No | |
| Windows Process Activation Service | WAS | No | Windows Process Activation Service (WAS), used by IIS and WCF for process management. |
| Process Model | WAS-Process-Model | No | |
| .NET Environment 3.5 | WAS-NET-Environment | No | |
| Configuration APIs | WAS-Config-APIs | No | |
| Windows Server Backup | Windows-Server-Backup | No | Provides tools for backing up and restoring Windows Servers. |
| Windows Server Migration Tools | Migration | No | Tools for migrating server roles and features to newer versions of Windows Server. |
| Windows Standards-Based Storage Management | WindowsStorageManagementService | No | Enables standards-based storage management through SMI-S providers. |
| WinRM IIS Extension | WinRM-IIS-Ext | No | Windows Remote Management (WinRM) extension for IIS, enabling remote management of IIS using WinRM. |
| WINS Server | WINS | No | Windows Internet Name Service (WINS) server for NetBIOS name resolution (legacy, typically replaced by DNS). |
| WoW64 Support | WoW64-Support | Yes | Windows 32-bit on Windows 64-bit (WoW64) support, allowing 32-bit applications to run on 64-bit Server Core. Installed by default. |
This detailed breakdown of roles, role services, and features included in Windows Server Core provides a solid foundation for understanding its capabilities. By carefully selecting the necessary components, administrators can leverage Server Core to create efficient, secure, and purpose-built server deployments. Remember to consult the official Microsoft documentation for the most up-to-date information and specific version details.
