- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
When Microsoft announced that Windows Server 2008 R2 is the first 64-bit-only Windows version, there was quite an outcry on the web. What about all those 32-bit applications that are still needed? Of course, the fact that all Windows Server 2008 R2 components are 64-bit doesn't mean that you can't run 32-bit applications on Windows Server 2008 R2. Thanks to the Windows 32-bit on Windows 64-bit (WoW64) subsystem, Windows Server 2008 R2 can—like any other 64-bit Windows—run 32-bit applications without problems.
This is also true for Server Core. However, there is a difference between Server Core and the other Windows Server 2008 R2 editions. On Server Core, WoW64 can be uninstalled. In the Server 2008 R2 Server Core beta, WoW64 wasn't running by default. Microsoft changed this after the beta phase because it turned out that many setup programs for 64-bit server applications are 32-bit. However, the fact that Microsoft originally planned to leave out WoW64 in default Server Core installations shows that it makes sense to uninstall it if you don't need 32-bit applications.
Some sites recommend disabling WoW64 because this would result in a smaller footprint. However, when I uninstalled 32-bit support on Server Core, I didn't notice any significant change on the available disk space or RAM. You can only save disk space by completely removing the WoW64 package. I plan to write about this in a later post.
The main reason why you should disable WoW64 on Server Core is that it reduces the attack surface significantly, simply because most of the malware and hacker tools are 32-bit. Hence, if security matters on your servers and you are sure that you don't need any 32-bit applications, you should disable WoW64.
To check whether you have 32-bit applications on your Server Core machine, you can start the Task Manager (press CTRL+ALT+DEL) and check if there are any processes with "*32" behind the process name. Please note that some server roles and features require WoW64. Most of them are only needed by 32-bit applications. To my knowledge, the only important server roles that require WoW64 are the Active Directory and Active Directory Lightweight Directory Services roles. Thus, if your Server Core machine is a domain controller, you can't disable WoW64. Member servers, however, don't require WoW64.
You can disable WoW64 on Server Core with this command:
dism /online /disable-feature /featurename:ServerCore-WoW64
After the server has rebooted, run this command to make sure WoW64 is really disabled:
dism /online /get-features /format:table
Note that if you try to run a 32-bit application with disabled WoW64, you will only get somewhat cryptic messages such as "The subsystem needed to support the image type is not present." If you suspect that an application has 32-bit components, you can run it on a 64-bit Windows machine with enabled WoW64 and check its processes in Task Manager.
If you later find out that you need 32-bit support on Server Core, you need this command to install WoW64 again:
dism /online /enable-feature /featurename:ServerCore-WOW64