How to Set Up Windows Server 2016 Nano Server
Windows Server 2016 Nano Server is a remotely administered, minimal-footprint server option designed for cloud-native and container workloads. Unlike the full Server Core installation, Nano Server has no local logon capability and supports only 64-bit applications, drivers, and agents. This dramatically reduces the attack surface, patch frequency, and resource consumption, making it an ideal choice for scale-out compute, DNS hosts, and IIS deployments. This tutorial walks through preparing a Nano Server image, deploying it to Hyper-V, and performing initial remote configuration.
Prerequisites
Before building a Nano Server image you need a Windows Server 2016 installation media or ISO, a management workstation running Windows 10 or Windows Server 2016 with the Remote Server Administration Tools installed, and sufficient disk space for the resulting VHDX file. You also need the NanoServerImageGenerator PowerShell module, which ships on the installation media under the NanoServer folder. All commands in this guide are run in an elevated PowerShell session on the management workstation unless stated otherwise.
Step 1: Import the NanoServerImageGenerator Module
Mount the Windows Server 2016 ISO and copy the contents of the NanoServer directory to a local path such as C:NanoServer. Then import the module into your PowerShell session.
Import-Module C:NanoServerNanoServerImageGeneratorNanoServerImageGenerator.psm1 -VerboseConfirm the module loaded successfully by listing its exported commands.
Get-Command -Module NanoServerImageGeneratorStep 2: Create the Nano Server VHDX Image
Use the New-NanoServerImage cmdlet to create a VHDX image. The following example creates a Generation 2 VHDX suitable for a Hyper-V virtual machine, adds the IIS package, and sets the computer name and administrator password. Adjust the MediaPath to match your mounted ISO drive letter.
New-NanoServerImage `
-Edition Standard `
-DeploymentType Guest `
-MediaPath 'D:' `
-TargetPath 'C:NanoImagesNanoServer.vhdx' `
-MaxSize 8GB `
-ComputerName 'NANO01' `
-AdministratorPassword (ConvertTo-SecureString 'P@ssw0rd123!' -AsPlainText -Force) `
-Package Microsoft-NanoServer-IIS-PackageThe Package parameter accepts multiple comma-separated values. Other commonly used packages include Microsoft-NanoServer-DNS-Package, Microsoft-NanoServer-DSC-Package, and Microsoft-NanoServer-Containers-Package. Choose only the packages your workload requires to keep the image as small as possible.
Step 3: Deploy to Hyper-V
Create a new Generation 2 virtual machine in Hyper-V Manager or with PowerShell, attach the VHDX as the boot disk, disable Secure Boot for compatibility with the unsigned Nano boot files, and start the VM.
New-VM -Name 'NANO01' `
-MemoryStartupBytes 1GB `
-VHDPath 'C:NanoImagesNanoServer.vhdx' `
-SwitchName 'External Switch' `
-Generation 2
Set-VMFirmware -VMName 'NANO01' -EnableSecureBoot Off
Start-VM -Name 'NANO01'Step 4: Use the Nano Server Recovery Console
After the VM boots you will see the minimal Nano Server Recovery Console via the Hyper-V console. The recovery console allows you to set the IP address, join a workgroup or domain, and manage firewall rules. Use the arrow keys and Enter to navigate. Select Networking to configure a static IP address if DHCP is not available in your environment.
Step 5: Enable Remote PowerShell Management
All ongoing administration of Nano Server is performed remotely because there is no interactive local shell. From your management workstation, add the Nano Server IP to the WinRM trusted hosts list and open a remote PowerShell session.
Set-Item WSMan:localhostClientTrustedHosts '192.168.1.50' -Concatenate -Force
$cred = Get-Credential administrator
Enter-PSSession -ComputerName '192.168.1.50' -Credential $credStep 6: Join the Domain with Djoin
Because Nano Server cannot contact a domain controller directly during provisioning, use djoin.exe to generate an offline provisioning blob on a domain-joined machine, transfer the file to the Nano Server, and apply it.
# Run on a domain-joined management machine:
djoin.exe /provision /domain corp.local /machine NANO01 /savefile C:TempNanoDomain.txt
# Transfer the blob then run inside the PSSession:
djoin.exe /requestODJ /loadfile C:NanoDomain.txt /windowspath C:Windows /localosRestart the Nano Server to complete the domain join process.
Restart-Computer -ForceStep 7: Verify IIS Is Running
After the restart, reconnect the remote session and confirm that the IIS service is running and set to start automatically.
Get-Service W3SVC
Start-Service W3SVC
Set-Service W3SVC -StartupType AutomaticStep 8: Apply Windows Updates Remotely
Nano Server uses the Windows Update Agent accessible through a CIM session. The following commands scan for and apply all available updates from inside a remote PowerShell session on the Nano Server.
$sess = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate `
-ClassName MSFT_WUOperationsSession
Invoke-CimMethod -InputObject $sess -MethodName ScanForUpdates `
-Arguments @{SearchCriteria='IsInstalled=0'; OnlineScan=$true}
Invoke-CimMethod -InputObject $sess -MethodName ApplyApplicableUpdates
Restart-Computer -ForceStep 9: Retrieve Event Logs Remotely
Because Nano Server has no local Event Viewer interface, use Get-WinEvent with a CIM session from your management workstation to query logs.
$cim = New-CimSession -ComputerName '192.168.1.50' -Credential $cred
Get-WinEvent -CimSession $cim -LogName System -MaxEvents 50
Get-WinEvent -CimSession $cim -LogName Application -MaxEvents 50Step 10: Add Additional Packages to a Running Nano Server
You can add packages to an existing running Nano Server image using the NanoServerPackage provider available from the PowerShell Gallery. Install it on your management machine, then apply packages to the remote Nano Server.
Install-PackageProvider NanoServerPackage -Force
Import-PackageProvider NanoServerPackage
Find-NanoServerPackage
Install-NanoServerPackage -Name Microsoft-NanoServer-DNS-Package `
-ToVhd 'C:NanoImagesNanoServer.vhdx'Windows Server 2016 Nano Server delivers a radically reduced server footprint that is well-suited for containerized and scale-out workloads. By following the steps in this guide you can build, deploy, and remotely manage a Nano Server instance with IIS or DNS services while maintaining a minimal attack surface. Keep your package selections lean, automate image builds with PowerShell scripts, and use Windows Server Update Services or Windows Update to keep the image current. Consistent use of remoting tools and CIM sessions ensures that even without a local interface you maintain full administrative control over your Nano Server fleet.
