Reducing the Attack Surface on Windows Server Platforms
Some Windows Server OSs offer installation options that provide a more secure alternative to the classic full-blown GUI-based administration interface.
March 13, 2014
Q: Because Microsoft Internet Explorer (IE) is an all-time favorite malware target, we want to get rid of IE to reduce the attack surface on our Windows Server platforms. What options do we have? Are there any new features in Windows Server 2012 to help us out?
A: Some Windows Server OSs offer installation options that provide a more secure alternative to the classic full-blown GUI-based administration interface. These installation options are Server Core (available in Windows Server 2008 and later) and Minimal Server Interface (available in Windows Server 2012 and later).
Microsoft introduced Server Core in Server 2008 to restrict administrators to the command line for server management. In Server 2008, administrators have to choose between the Server Core and Full installation options.
In Server 2012, Microsoft introduced the Minimal Server Interface, which is an intermediate state between the Full and Server Core installation options. The Minimal Server Interface contains almost everything that the server with a GUI has, with the exceptions of IE and the Windows Explorer shell—the two largest components of the Windows GUI. The Minimal Server Interface doesn't include the Windows desktop or Metro application support. In addition, a number of Control Panel applets (the applets implemented as shell extensions) aren't available. These include the Programs and Features, Network and Sharing Center, Devices and Printers, Display, Windows Firewall, Windows Update, Fonts, and Storage Spaces applets. Important management tools such as the Microsoft Management Console (MMC) and Server Manager are still available in the Minimal Server Interface.
In Server 2012, a Minimal Server Interface installation can be easily changed to a full-blown GUI or Server Core installation or the other way around. (Changing from Server Core to the full GUI or vice versa isn't a trivial task in Server 2008.)
About the Author
You May Also Like