Deltas Between Windows Server 2016 “Desktop Experience” and “Core”
Context
In working with customers building migration plans for Windows Server 'X' to Windows Server 2016, one of the new things to be aware of is that you can no longer "move" between a "Core" install and a "Full"/"Desktop Experience" install. Even further is that Core now only supports a subset of features of "Desktop Experience" version. This is identified on Technet where supported workloads for Core are documented. However, I found that that said detail was not enough to interrogate the environment to determine which servers could vs. could not be upgraded to Core (preferred).
https://technet.microsoft.com/en-us/windows-server-docs/get-started/getting-started-with-server-core
Discovery
I wrote a PowerShell script that exported the list of Windows Server 2016 features from both Core and Desktop Experience. The script is attached to the blog entry should you be curious. It requires an online Desktop Experience and Core version, as well as the "WIM" for the install of each. I know there are more elegant ways to do this:
- (Invoke-command for the Get-WindowsOptionalFeature) so all that is needed are the online installs.
- All of this could be done with the Get-WindowsOptionalFeature, but that gave me a raw list with none of the parent/child relationships that Get-WindowsFeature provided so it was a little rough to understand.
However, this got the job done and was not worth a re-write.
Script: Compare Windows Server 2016 Desktop Experience and Core.ps1
Results
Here is a table of the Windows Features missing from core (see full spreadsheet Features Missing from Windows Server 2016 Core, includes insight into subfeature for which there is partial support of the top level feature):
| IsNotInCore | DisplayName | Name | IsRSATSubFeature |
| TRUE | Fax Server | Fax | FALSE |
| TRUE | MultiPoint Services | MultiPointServerRole | FALSE |
| TRUE | Network Policy and Access Services | NPAS | FALSE |
| TRUE | |-Distributed Scan Server | Print-Scan-Server | FALSE |
| TRUE | |-Internet Printing | Print-Internet | FALSE |
| TRUE | |-Remote Desktop Gateway | RDS-Gateway | FALSE |
| TRUE | |-Remote Desktop Session Host | RDS-RD-Server | FALSE |
| TRUE | |-Remote Desktop Web Access | RDS-Web-Access | FALSE |
| TRUE | |-|-IIS Management Console | Web-Mgmt-Console | FALSE |
| TRUE | |-|-|-IIS 6 Management Console | Web-Lgcy-Mgmt-Console | FALSE |
| TRUE | Windows Deployment Services | WDS | FALSE |
| TRUE | |-Deployment Server | WDS-Deployment | FALSE |
| TRUE | |-Transport Server | WDS-Transport | FALSE |
| TRUE | |-IIS Server Extension | BITS-IIS-Ext | FALSE |
| TRUE | BitLocker Network Unlock | BitLocker-NetworkUnlock | FALSE |
| TRUE | Direct Play | Direct-Play | FALSE |
| TRUE | Internet Printing Client | Internet-Print-Client | FALSE |
| TRUE | LPR Port Monitor | LPR-Port-Monitor | FALSE |
| TRUE | |-|-Multicasting Support | MSMQ-Multicasting | FALSE |
| TRUE | RAS Connection Manager Administration Kit (CMAK) | CMAK | FALSE |
| TRUE | Remote Assistance | Remote-Assistance | FALSE |
| TRUE | Simple TCP/IP Services | Simple-TCPIP | FALSE |
| TRUE | SMTP Server | SMTP-Server | FALSE |
| TRUE | TFTP Client | TFTP-Client | FALSE |
| TRUE | Windows Biometric Framework | Biometric-Framework | FALSE |
| TRUE | |-GUI for Windows Defender | Windows-Defender-Gui | FALSE |
| TRUE | Windows Identity Foundation 3.5 | Windows-Identity-Foundation | FALSE |
| TRUE | |-Windows PowerShell ISE | PowerShell-ISE | FALSE |
| TRUE | Windows Search Service | Search-Service | FALSE |
| TRUE | Windows TIFF IFilter | Windows-TIFF-IFilter | FALSE |
| TRUE | Wireless LAN Service | Wireless-Networking | FALSE |
| TRUE | XPS Viewer | XPS-Viewer | FALSE |
NOTE: You will notice that there is a column about whether or not this is an RSAT SubFeature. For functional purposes we do not care when upgrading whether or not someone has installed administration tools that are dependent on the GUI. Since we don’t want admins logging on to the boxes to do administration.
Building on top of this information
I used this information in System Center Configuration Manager to create two collections, one of systems that can be upgraded to Core and one of systems that must be upgraded to Desktop Experience.
Here are the respective SCCM Collection Queries (note that there may be better/performing ways to write these):
- Servers that can not be upgraded to core based on features installed
select distinct SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SERVER_FEATURE on SMS_G_System_SERVER_FEATURE.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVER_FEATURE.Name in ("Fax Server","MultiPoint Services","Network Policy and Access Services","Distributed Scan Server","Internet Printing","Remote Desktop Gateway","Remote Desktop Session Host","Remote Desktop Web Access","IIS Management Console","IIS 6 Management Console","Windows Deployment Services","Deployment Server","Transport Server","IIS Server Extension","BitLocker Network Unlock","Direct Play","Internet Printing Client","LPR Port Monitor","Multicasting Support","RAS Connection Manager Administration Kit (CMAK)","Remote Assistance","Simple TCP/IP Services","SMTP Server","TFTP Client","Windows Biometric Framework","GUI for Windows Defender","Windows Identity Foundation 3.5","Windows PowerShell ISE","Windows Search Service","Windows TIFF IFilter","Wireless LAN Service","XPS Viewer") and SMS_G_System_SYSTEM.SystemRole = "Server" - Servers that can be upgraded to core based on features installed (excluding RSAT features):
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SYSTEM.SystemRole = "Server" AND SMS_R_System.Name NOT IN (select distinct SMS_R_System.Name from SMS_R_System inner join SMS_G_System_SERVER_FEATURE on SMS_G_System_SERVER_FEATURE.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVER_FEATURE.Name in ("Fax Server","MultiPoint Services","Network Policy and Access Services","Distributed Scan Server","Internet Printing","Remote Desktop Gateway","Remote Desktop Session Host","Remote Desktop Web Access","IIS Management Console","IIS 6 Management Console","Windows Deployment Services","Deployment Server","Transport Server","IIS Server Extension","BitLocker Network Unlock","Direct Play","Internet Printing Client","LPR Port Monitor","Multicasting Support","RAS Connection Manager Administration Kit (CMAK)","Remote Assistance","Simple TCP/IP Services","SMTP Server","TFTP Client","Windows Biometric Framework","GUI for Windows Defender","Windows Identity Foundation 3.5","Windows PowerShell ISE","Windows Search Service","Windows TIFF IFilter","Wireless LAN Service","XPS Viewer") and SMS_G_System_SYSTEM.SystemRole = "Server")
(Update) PowerShell command string to determine which roles prevent a system from being core:
Get-WindowsFeature|Where-Object {$_.Installed -and ($_.DisplayName -EQ “Fax Server" -or $_.DisplayName -EQ "MultiPoint Services" -or $_.DisplayName -EQ "Network Policy and Access Services" -or $_.DisplayName -EQ "Distributed Scan Server" -or $_.DisplayName -EQ "Internet Printing" -or $_.DisplayName -EQ "Remote Desktop Gateway" -or $_.DisplayName -EQ "Remote Desktop Session Host" -or $_.DisplayName -EQ "Remote Desktop Web Access" -or $_.DisplayName -EQ "IIS Management Console" -or $_.DisplayName -EQ "IIS 6 Management Console" -or $_.DisplayName -EQ "Windows Deployment Services" -or $_.DisplayName -EQ "Deployment Server" -or $_.DisplayName -EQ "Transport Server" -or $_.DisplayName -EQ "IIS Server Extension" -or $_.DisplayName -EQ "BitLocker Network Unlock" -or $_.DisplayName -EQ "Direct Play" -or $_.DisplayName -EQ "Internet Printing Client" -or $_.DisplayName -EQ "LPR Port Monitor" -or $_.DisplayName -EQ "Multicasting Support" -or $_.DisplayName -EQ "Multicasting Support" -or $_.DisplayName -EQ "RAS Connection Manager Administration Kit (CMAK)" -or $_.DisplayName -EQ "Remote Assistance" -or $_.DisplayName -EQ "Simple TCP/IP Services" -or $_.DisplayName -EQ "SMTP Server" -or $_.DisplayName -EQ "TFTP Client" -or $_.DisplayName -EQ "Windows Biometric Framework" -or $_.DisplayName -EQ "GUI for Windows Defender" -or $_.DisplayName -EQ "Windows Identity Foundation 3.5" -or $_.DisplayName -EQ "Windows PowerShell ISE" -or $_.DisplayName -EQ "Windows Search Service" -or $_.DisplayName -EQ "Windows TIFF IFilter" -or $_.DisplayName -EQ "Wireless LAN Service" -or $_.DisplayName -EQ "XPS Viewer")}