Observed Limitations of Windows Server 2008 R2 Core

To minimize attack surface area of our Windows servers we use a fair number of Windows Core 2K8 Installations where I work. Microsoft achieves this reduced surface area by not including as many features or options as they present in the full GUI Windows Installations.

This is meant to be something of a Living article. As I find more limitations and perceived 'gotchas', I will post them here

Categories of limitations:

Missing UI or higher-level Features

• No MMC (Microsoft Management Console) available from the command prompt
  • You can remotely connect to Windows Core for MMC if the firewall permits it
• No Control panel
  • The sconfig command will be your friend
• Missing GUI Windows Event Viewer
  • While there is a command-line utility, I put together a GUI Event Viewer using C#.NET
• Missing ZIP / UnZip functionality
  • Work-around is to use the makecab executable

Missing .NET APIs / other programming limitations

• Certificate Management, deleting certificates
  • Unable to use .Remove() to delete certificates from a certificate store (Support for this was added in 2K8 R2 SP1)
  • Unable to use Powershell to delete certificates from a certificate store(Could be in 2K8 R2 SP1 (?))
  • Not able to use certutil.exe to remove certificates ( certutil.exe -delstore STORENAME Serial#OfCert ) 

There are 2 work-around to this problem:

• Use CertMgr.exe (http://msdn.microsoft.com/en-us/library/e78byta0(v=VS.90).aspx)
• Perform your certificate removals by accessing Certificate Stores via the registry. You can find Certificates in these Registry locations:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates 
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates 
  • For more information, see CA Certificate Registry Entries in this MS Article

Note: The sub keys are the SHA1 Hash of the certificate. Delete the entire key represented by the SHA1 hash to remove the certificate