How to Set Up Windows Server 2025 Core (Minimal Installation)

How to Set Up Windows Server 2025 Core (Minimal Installation)

Windows Server Core is a minimal installation option for Windows Server 2025 that omits the Desktop Experience shell (Explorer, Internet Explorer, most GUI management tools) while retaining the full server role capability of the operating system. The result is a dramatically reduced attack surface — fewer binaries, fewer running services, and fewer components requiring security patches. Microsoft has invested heavily in Server Core as the strategic deployment model for modern Windows Server workloads, and Windows Server 2025 makes Server Core more manageable than ever through tools like sconfig.exe, PowerShell remoting, and Windows Admin Center. This tutorial walks you through selecting, configuring, and managing a Windows Server 2025 Core installation from initial setup through production-ready role deployment.

Prerequisites

• Windows Server 2025 ISO or deployment infrastructure (WDS, MDT, or cloud image)
• A machine or VM with at least 2 GB RAM and 32 GB disk (Server Core is leaner than Desktop Experience)
• A separate Desktop Experience server or Windows 11 workstation for remote management (optional but recommended)
• Network access to the Core server (SSH, PowerShell remoting, or direct console)
• Administrator credentials

Step 1: Choose Server Core During Installation

When booting from the Windows Server 2025 ISO, the installer presents an edition selection screen. For Server Core, select Windows Server 2025 Standard or Windows Server 2025 Datacenter — the options without the “(Desktop Experience)” suffix. The Desktop Experience variants carry an extra ~4 GB of binaries. Once installed, the server boots to a command prompt (cmd.exe) rather than a graphical shell.

After first boot, Windows will prompt you to set the Administrator password. Set a strong password meeting complexity requirements, then press Enter. You will land at a C:UsersAdministrator> command prompt.

Step 2: Initial Configuration with sconfig.exe

Type sconfig and press Enter to launch the Server Configuration tool. This text-based menu provides access to the most common initial configuration tasks:

sconfig

The sconfig menu options most relevant for initial setup are:

• Option 1 — Domain/Workgroup: Join this server to an Active Directory domain or workgroup
• Option 2 — Computer Name: Set the hostname (do this before domain join)
• Option 5 — Windows Update Settings: Configure automatic or manual updates
• Option 6 — Download and Install Updates: Run Windows Update immediately
• Option 7 — Remote Desktop: Enable or disable RDP
• Option 8 — Network Settings: Configure IP addresses, DNS, and gateway
• Option 15 — Exit to Command Line: Return to cmd.exe

Work through options 2 (hostname), 8 (network), and 1 (domain join) in that order, rebooting when prompted.

Step 3: Configure Network Settings via PowerShell

While sconfig covers basic network setup, PowerShell gives you full control. After accessing PowerShell (type powershell at the cmd prompt), set a static IP:

# Find the adapter name
Get-NetAdapter

# Assign a static IP address
New-NetIPAddress `
  -InterfaceAlias "Ethernet" `
  -IPAddress "10.10.1.50" `
  -PrefixLength 24 `
  -DefaultGateway "10.10.1.1"

# Set DNS servers
Set-DnsClientServerAddress `
  -InterfaceAlias "Ethernet" `
  -ServerAddresses "10.10.0.10","10.10.0.11"

# Verify
Get-NetIPAddress -InterfaceAlias "Ethernet"
Get-DnsClientServerAddress -InterfaceAlias "Ethernet"

Step 4: Rename the Server and Join the Domain

# Rename the computer (requires reboot)
Rename-Computer -NewName "WS2025-CORE-01" -Restart

# After reboot, join Active Directory domain
Add-Computer `
  -DomainName "contoso.local" `
  -Credential (Get-Credential) `
  -OUPath "OU=Servers,OU=Infrastructure,DC=contoso,DC=local" `
  -Restart

Step 5: Enable PowerShell Remoting

PowerShell remoting (WinRM) is essential for managing Server Core from a remote workstation. On Windows Server 2025, WinRM is enabled by default for domain-joined machines, but it is good practice to confirm and configure it:

# Confirm WinRM is running
Get-Service WinRM

# Enable PS remoting explicitly (also configures firewall rules)
Enable-PSRemoting -Force

# On the REMOTE management machine, add the Core server to trusted hosts if not on the same domain
Set-Item WSMan:localhostClientTrustedHosts -Value "10.10.1.50" -Concatenate

# Connect to the Core server from remote management workstation
Enter-PSSession -ComputerName "WS2025-CORE-01" -Credential (Get-Credential)

Once inside the remote session, you can run any PowerShell cmdlet as if you were at the server’s console.

Step 6: Install Server Roles on Server Core

All Windows Server roles and features available in Desktop Experience are also available in Server Core. Use Install-WindowsFeature (or its alias Add-WindowsFeature):

# List available features
Get-WindowsFeature | Where-Object {$_.InstallState -eq "Available"} | Format-Table Name, DisplayName

# Install IIS (Web-Server role) without the GUI management tools
Install-WindowsFeature -Name Web-Server -IncludeManagementTools

# Install DNS Server
Install-WindowsFeature -Name DNS -IncludeManagementTools

# Install Hyper-V (requires reboot)
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart

# Verify installed features
Get-WindowsFeature | Where-Object {$_.InstallState -eq "Installed"} | Format-Table DisplayName

Step 7: Manage Server Core from a Remote Desktop Experience Server

You can add a Server Core machine to Server Manager on a Desktop Experience server and manage it from the familiar GUI. On the Desktop Experience server:

1. Open Server Manager
2. Click Manage > Add Servers
3. Search for the Core server by name or DNS
4. Once added, right-click to manage roles, open Event Viewer, view performance data, and more

You can also use RSAT (Remote Server Administration Tools) on a Windows 11 workstation to manage Server Core remotely. Install RSAT on Windows 11:

# On a Windows 11 management workstation
Add-WindowsCapability -Online -Name "Rsat.ServerManager.Tools~~~~0.0.1.0"
Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0"

Step 8: Enable RDP on Server Core (Optional)

Server Core supports Remote Desktop for cases where a graphical session is needed. Enable it via sconfig (Option 7) or PowerShell:

# Enable Remote Desktop
Set-ItemProperty `
  -Path "HKLM:SystemCurrentControlSetControlTerminal Server" `
  -Name "fDenyTSConnections" `
  -Value 0

# Open firewall for RDP
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

# Optionally require Network Level Authentication (NLA)
Set-ItemProperty `
  -Path "HKLM:SystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" `
  -Name "UserAuthentication" `
  -Value 1

Step 9: Converting Between Core and Desktop Experience

Windows Server 2025 supports converting between installation options without a full reinstall in some scenarios, though this is not officially supported for production and may have limitations. The cleaner path is to add or remove the Desktop Experience feature:

# Add Desktop Experience to a Core server (adds the shell — large download/reboot)
Install-WindowsFeature -Name Server-Gui-Shell -Restart

# Remove Desktop Experience (convert back to Core)
Remove-WindowsFeature -Name Server-Gui-Shell -Restart

Step 10: Key Security and Operational Benefits of Server Core

Server Core’s smaller footprint delivers measurable security benefits:

• Reduced attack surface: No browser, no Windows Explorer, no unnecessary COM components
• Fewer CVEs requiring patching: Historically 40–60% fewer patches per month compared to Desktop Experience
• Faster patch cycles: Smaller cumulative updates mean shorter maintenance windows
• Lower memory footprint: Server Core typically uses 1–2 GB less RAM at idle

# Check current patch level
Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 10

# Configure Windows Update to auto-install all updates
$AUSettings = (New-Object -ComObject "Microsoft.Update.AutoUpdate").Settings
$AUSettings.NotificationLevel = 4  # 4 = Auto download and install
$AUSettings.Save()

Conclusion

Windows Server 2025 Core is the right choice for any workload where you prioritize security, operational efficiency, and patch velocity over direct GUI access. With sconfig.exe handling initial configuration, PowerShell remoting enabling full scriptable management, and Server Manager providing a familiar remote GUI for teams that need it, there is no longer a practical barrier to adopting Server Core as your default deployment model. Start with Server Core for new deployments, use PowerShell remoting and Windows Admin Center for day-to-day management, and enjoy a server environment with a meaningfully smaller attack surface than traditional Desktop Experience installations.