Windows Server codename "Longhorn" – Server Core Install

This past weekend I dug into an aspect of Windows Server codename “Longhorn” to personally check out something that I’ve been excited about for a while – a “server core” installation.

Doing the Installation

After burning myself a Beta3 disk, I fired it up and after a few basic screens (USEnglish keyboard, etc), I got this screen:

Longhorn Server - install choice

I selected the CORE installation and proceeded.  Chose “new installation” and a disk partition for the install and zoom:

core-installing

This installation went by very quickly, rebooted once and was ready to go.  I then had to login as Administrator, setup a password, enable the firewall and do some other basic stuff.

Anyway, then I did a recursive dir starting at the root to see what footprint the server core had in relation to a normal Windows Server.

core-footprint

Look at that, only 1.775GB installed on the entire disk.  To contrast that, I installed a default build of the regular Longhorn server on a 14.6GB partition and it only had 3.79GB remaining free space.  Doing the math, I get:

  • Longhorn Server Core footprint:  1.78 GB
  • Longhorn Server default footprint:  10.81 GB

So, the Server Core installation is only 16% of a default Windows Server installation.

Why This is Cool for Security

Can you say “reduced attack surface area”?  The disk space measurement is really just a proxy for the amount of code installed that the IT manager has to worry about in terms of managing security risk.  I’m not claiming this was a Microsoft innovation, but it is chock full of security goodness.

Much of what normal users think of as “part of” Windows is not present in a Server Core deployment.  All of these are absent:

  • The Windows Graphical User Interface … gone
    • (a minimal set of graphics capability is present)
  • Internet Explorer … gone
  • File Explorer … gone
  • Media Player … gone
  • Internet Information Server … gone
  • much, much more … gone

In fact, this link describes the roles that are available in Server Core:

    •Active Directory Domain Services

    •Active Directory Lightweight Directory Services (AD LDS)

    •Dynamic Host Configuration Protocol (DHCP) Server

    •DNS Server

    •File Services

    •Print Server

    •Streaming Media Services

Additionally, there are some other optional features (e.g. Subsystem for Unix Applications, Failover) available.

What IF?

My next step is to go back through Windows Server 2003 vulnerabilities over the past few years and see how many would have not been applicable for a theoretical “Server Core” build of WS2003.  This should give me a ballpark for how much Longhorn server security could benefit going forward.

~Jeff

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »