Perhaps the most important way to increase security in your organization is to lower the security threshold, or footprint, of your servers and infrastructure. In other words, if there are any services running or ports open on your servers that aren't actually being used purposefully, you should disable or turn that particular service off. Now, hardening a Windows Server by disabling services and uninstalling things isn't an easy job; you can quickly turn something off that is important to the operating system and cause all kinds of problems on that server. Thankfully, there is a much safer and more secure way to harden your servers, but it requires planning from the beginning of your server build.
Server Core is a version of Windows Server 2016 that is essentially a headless operating system; all of your interaction with it is either command-line driven or done remotely from other servers or systems. Server Core is an alternate installation method to the full Windows desktop version of Server 2016. It installs the necessary technical componentry to behave as a Windows Server, join to your domain, and host the roles and services you need it to host, but it does all of that without a graphical desktop interface. This dramatically lowers the security vulnerability footprint and attack vectors on the server, but does mean you have to re-wire your brain in how you interact with these servers. We will work more with Server Core and the even newer Nano Server coming up in Chapter 11, Nano Server and Server Core, but since Server Core is a big leap forward for security in many companies, it is appropriate that we start working with it here in our chapter regarding security. Let's take a quick look at the installation process for it, and an initial glance at the interface, so you get familiar with the console you will be looking at on these new, hardened servers you are going to start using.
We are going to build a new instance of Windows Server 2016 but will be making sure to choose the appropriate options for installing Server Core and not the full desktop experience version of the operating system. Our new server will be a VM; it doesn't have to be actual hardware.
Here is a procedure that will get you started rolling out your first instance of Windows Server 2016, Server Core:
powershell
in order to move over into the PowerShell interface and start working from there, just like you would with PowerShell on any Windows Server 2016.
notepad.exe
and press Enter, the Notepad application will appear, within which you can utilize your mouse as well as the keyboard.
We will discuss Server Core in more depth in Chapter 11, Nano Server and Server Core, but it is critical that server administrators know this technology exists, and start to use it in their day-to-day server workloads. A quick recipe in order to get the operating system up and running is a good start, but working with Server Core regularly and learning the common commands that you will need to use is essential information to really get started interacting with these headless versions of the operating system. Make sure to follow up with the information later in this book so that you can make Server Core a reality in your infrastructure, and not just one of those things you know you should be doing but don't, simply because you are not familiar with it. Server Core can be an enormous security benefit; all you need to do is start using it!
Chapter 11, Nano Server and Server Core
3.142.119.8