Jaa


Deltas Between Windows Server 2016 “Desktop Experience” and “Core”

Context

In working with customers building migration plans for Windows Server 'X' to Windows Server 2016, one of the new things to be aware of is that you can no longer "move" between a "Core" install and a "Full"/"Desktop Experience" install. Even further is that Core now only supports a subset of features of "Desktop Experience" version. This is identified on Technet where supported workloads for Core are documented. However, I found that that said detail was not enough to interrogate the environment to determine which servers could vs. could not be upgraded to Core (preferred).

https://technet.microsoft.com/en-us/windows-server-docs/get-started/getting-started-with-server-core

Discovery

I wrote a PowerShell script that exported the list of Windows Server 2016 features from both Core and Desktop Experience. The script is attached to the blog entry should you be curious. It requires an online Desktop Experience and Core version, as well as the "WIM" for the install of each. I know there are more elegant ways to do this:

  • (Invoke-command for the Get-WindowsOptionalFeature) so all that is needed are the online installs.
  • All of this could be done with the Get-WindowsOptionalFeature, but that gave me a raw list with none of the parent/child relationships that Get-WindowsFeature provided so it was a little rough to understand.

However, this got the job done and was not worth a re-write.

Script:  Compare Windows Server 2016 Desktop Experience and Core.ps1

Results

Here is a table of the Windows Features missing from core (see full spreadsheet Features Missing from Windows Server 2016 Core, includes insight into subfeature for which there is partial support of the top level feature):

IsNotInCore DisplayName Name IsRSATSubFeature
TRUE Fax Server Fax

FALSE

TRUE MultiPoint Services MultiPointServerRole

FALSE

TRUE Network Policy and Access Services NPAS

FALSE

TRUE |-Distributed Scan Server Print-Scan-Server

FALSE

TRUE |-Internet Printing Print-Internet

FALSE

TRUE |-Remote Desktop Gateway RDS-Gateway

FALSE

TRUE |-Remote Desktop Session Host RDS-RD-Server

FALSE

TRUE |-Remote Desktop Web Access RDS-Web-Access

FALSE

TRUE |-|-IIS Management Console Web-Mgmt-Console

FALSE

TRUE |-|-|-IIS 6 Management Console Web-Lgcy-Mgmt-Console

FALSE

TRUE Windows Deployment Services WDS

FALSE

TRUE |-Deployment Server WDS-Deployment

FALSE

TRUE |-Transport Server WDS-Transport

FALSE

TRUE |-IIS Server Extension BITS-IIS-Ext

FALSE

TRUE BitLocker Network Unlock BitLocker-NetworkUnlock

FALSE

TRUE Direct Play Direct-Play

FALSE

TRUE Internet Printing Client Internet-Print-Client

FALSE

TRUE LPR Port Monitor LPR-Port-Monitor

FALSE

TRUE |-|-Multicasting Support MSMQ-Multicasting

FALSE

TRUE RAS Connection Manager Administration Kit (CMAK) CMAK

FALSE

TRUE Remote Assistance Remote-Assistance

FALSE

TRUE Simple TCP/IP Services Simple-TCPIP

FALSE

TRUE SMTP Server SMTP-Server

FALSE

TRUE TFTP Client TFTP-Client

FALSE

TRUE Windows Biometric Framework Biometric-Framework

FALSE

TRUE |-GUI for Windows Defender Windows-Defender-Gui

FALSE

TRUE Windows Identity Foundation 3.5 Windows-Identity-Foundation

FALSE

TRUE |-Windows PowerShell ISE PowerShell-ISE

FALSE

TRUE Windows Search Service Search-Service

FALSE

TRUE Windows TIFF IFilter Windows-TIFF-IFilter

FALSE

TRUE Wireless LAN Service Wireless-Networking

FALSE

TRUE XPS Viewer XPS-Viewer

FALSE

NOTE:  You will notice that there is a column about whether or not this is an RSAT SubFeature.  For functional purposes we do not care when upgrading whether or not someone has installed administration tools that are dependent on the GUI.  Since we don’t want admins logging on to the boxes to do administration.

Building on top of this information

I used this information in System Center Configuration Manager to create two collections, one of systems that can be upgraded to Core and one of systems that must be upgraded to Desktop Experience.

Here are the respective SCCM Collection Queries (note that there may be better/performing ways to write these):

  • Servers that can not be upgraded to core based on features installed
    select distinct SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SERVER_FEATURE on SMS_G_System_SERVER_FEATURE.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVER_FEATURE.Name in ("Fax Server","MultiPoint Services","Network Policy and Access Services","Distributed Scan Server","Internet Printing","Remote Desktop Gateway","Remote Desktop Session Host","Remote Desktop Web Access","IIS Management Console","IIS 6 Management Console","Windows Deployment Services","Deployment Server","Transport Server","IIS Server Extension","BitLocker Network Unlock","Direct Play","Internet Printing Client","LPR Port Monitor","Multicasting Support","RAS Connection Manager Administration Kit (CMAK)","Remote Assistance","Simple TCP/IP Services","SMTP Server","TFTP Client","Windows Biometric Framework","GUI for Windows Defender","Windows Identity Foundation 3.5","Windows PowerShell ISE","Windows Search Service","Windows TIFF IFilter","Wireless LAN Service","XPS Viewer") and SMS_G_System_SYSTEM.SystemRole = "Server"
  • Servers that can be upgraded to core based on features installed (excluding RSAT features):
    select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SYSTEM.SystemRole = "Server"  AND SMS_R_System.Name NOT IN (select distinct SMS_R_System.Name from  SMS_R_System inner join SMS_G_System_SERVER_FEATURE on SMS_G_System_SERVER_FEATURE.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVER_FEATURE.Name in ("Fax Server","MultiPoint Services","Network Policy and Access Services","Distributed Scan Server","Internet Printing","Remote Desktop Gateway","Remote Desktop Session Host","Remote Desktop Web Access","IIS Management Console","IIS 6 Management Console","Windows Deployment Services","Deployment Server","Transport Server","IIS Server Extension","BitLocker Network Unlock","Direct Play","Internet Printing Client","LPR Port Monitor","Multicasting Support","RAS Connection Manager Administration Kit (CMAK)","Remote Assistance","Simple TCP/IP Services","SMTP Server","TFTP Client","Windows Biometric Framework","GUI for Windows Defender","Windows Identity Foundation 3.5","Windows PowerShell ISE","Windows Search Service","Windows TIFF IFilter","Wireless LAN Service","XPS Viewer") and SMS_G_System_SYSTEM.SystemRole = "Server")

 

(Update) PowerShell command string to determine which roles prevent a system from being core:

Get-WindowsFeature|Where-Object {$_.Installed -and ($_.DisplayName -EQ “Fax Server" -or $_.DisplayName -EQ "MultiPoint Services" -or $_.DisplayName -EQ "Network Policy and Access Services" -or $_.DisplayName -EQ "Distributed Scan Server" -or $_.DisplayName -EQ "Internet Printing" -or $_.DisplayName -EQ "Remote Desktop Gateway" -or $_.DisplayName -EQ "Remote Desktop Session Host" -or $_.DisplayName -EQ "Remote Desktop Web Access" -or $_.DisplayName -EQ "IIS Management Console" -or $_.DisplayName -EQ "IIS 6 Management Console" -or $_.DisplayName -EQ "Windows Deployment Services" -or $_.DisplayName -EQ "Deployment Server" -or $_.DisplayName -EQ "Transport Server" -or $_.DisplayName -EQ "IIS Server Extension" -or $_.DisplayName -EQ "BitLocker Network Unlock" -or $_.DisplayName -EQ "Direct Play" -or $_.DisplayName -EQ "Internet Printing Client" -or $_.DisplayName -EQ "LPR Port Monitor" -or $_.DisplayName -EQ "Multicasting Support" -or $_.DisplayName -EQ "Multicasting Support" -or $_.DisplayName -EQ "RAS Connection Manager Administration Kit (CMAK)" -or $_.DisplayName -EQ "Remote Assistance" -or $_.DisplayName -EQ "Simple TCP/IP Services" -or $_.DisplayName -EQ "SMTP Server" -or $_.DisplayName -EQ "TFTP Client" -or $_.DisplayName -EQ "Windows Biometric Framework" -or $_.DisplayName -EQ "GUI for Windows Defender" -or $_.DisplayName -EQ "Windows Identity Foundation 3.5" -or $_.DisplayName -EQ "Windows PowerShell ISE" -or $_.DisplayName -EQ "Windows Search Service" -or $_.DisplayName -EQ "Windows TIFF IFilter" -or $_.DisplayName -EQ "Wireless LAN Service" -or $_.DisplayName -EQ "XPS Viewer")}