Group Policy Can't Be Used To Manage Nano Server

Microsoft's emerging Nano Server deployment option can't be managed using Group Policy controls, the company noted this week, in an announcement.

Nano Server is Microsoft's minimal-footprint option for its emerging Windows Server 2016 product, now at Technical Preview 5 release. The Nano Server option is about 20 times smaller than Server Core, another Windows Server deployment option. Microsoft stripped out a bunch of code to create the "headless" Nano Server option. Consequently, it can only be managed remotely via a command-line interface tool or a Web browser. Its lacks the usual graphical user interface (GUI) for management interactions.

This code removal resulted in some speed improvements for Nano Server, as well as a reduced footprint that reduces patching time and security risks. However, in removing the GUI, Microsoft also eliminated the use of Group Policy for management. Here's how Microsoft explained it:

To achieve this speed and small physical footprint, Nano Server has the absolute minimum amount of inbox components. As a result, Group Policy and the associated Group Policy Management Console (GPMC), editor (GPMC), Group Policy client and local policy editor (GPEdit) tools are not present on Nano Server. This is expected as they are graphical components and Nano Server is headless and remotely managed. Even when domain joined, Nano Server will not consume and enact Group Policy settings.

For some reason, Microsoft has been rather low key in explaining that Group Policy won't be part of its Nano Server plans. Plenty of IT pros have a lot of time invested in using Group Policy to manage computing environments, so it might not be a welcome takeaway.

Microsoft is planning to release a series of PowerShell blog posts to explain the management options available with Nano Server. It seems that Microsoft is proposing to release some new PowerShell cmdlets for the purpose. The first of these cmdlets are called "securityCmdlets," according to the initial post of the PowerShell blog series.

In the end, though, Desired State Configuration, a PowerShell push-pull approach for maintaining server states, is seen as the future replacement for Group Policy when it comes to managing Nano Server. That idea comes not from Microsoft's announcement, but from a Twitter post by Jeffrey Snover, a Microsoft Technical Fellow and the inventor of PowerShell.

Microsoft MVP Rod Trent noted Snover's Twitter post in this WindowsITPro article.

When Snover was asked in his Twitter thread if Microsoft eventually planned to deprecate Group Policy he simply replied that "Group Policy is very well suited to client scenarios, which is why you saw a big set of new GPs for Win 10."

Windows Server 2016, scheduled to arrive in Q3 of this year, will have three deployment options. It still has an option for organizations to deploy it with the traditional GUI. That capability was added back into Technical Preview 3. Also, it will have the Server Core option, which first appeared with the Windows Server 2008 product. However, Windows Server 2016 with Server Core loses the ability (as seen in Windows Server 2012) to switch between the GUI version and the non-GUI version after installation. Lastly, it will have the Nano Server option.

It's only the Nano Server option that loses Group Policy management. Windows Server 2016 is actually getting some new Group Policy controls, Microsoft's announcement explained.

At Microsoft's Build developer event last month, Snover had explained that Windows Server 2016 will have a different installation approach, too. It will follow the Windows Server Applications (.appx) model, an approach used by Windows Store apps. IT pros will install Nano Server via the declarative approach of APPX, instead of using MSI (.msi) install packages, he explained.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus