Trial #17: Set PowerShell as Default Shell for Server Core

2 minute read

Problem:

When you log onto a server Core instance. CMD.exe is the default shell. It can get quite frustrating launching PowerShell on every login if this is your preferred Shell.

Solution:

From Server 2012? there is a registry hive

Richard J Green has a great solution here. I fear this might be a little heavy handed. If this policy was accidentally applied to a client machine or gui server then the default value of explorer.exe would be over-written and the results are interesting to imagine (I haven’t tested it out).

However his WMI query is discussed later for those wanting extra filtering on what I understand to be a safer registry edit.

I chose a slightly different strategy as suggested by Carlos Perez at Dark Operator to create a new key (REG_SZ) called 40000 in a different hive:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells

with the following value

powershell.exe -noexit -command "& {set-location $env:userprofile; clear-host}"

As Carlos explains this has an added complexity. You must change the owner of the hive otherwise a any attempt to create a new key will fail.

For this reason my GPO has two elements, a security setting and a registry key.

wmi query

For an extra level of safety and mainly to keep things neat you might add a wmi query to your gpo.

Here is an example from Richard J Green’s solution which is very neat but only seems to only work for 2012R2 and not 2016 Core servers.

SELECT InstallState FROM Win32_OptionalFeature WHERE (Name = "Server-Gui-Shell") AND (InstallState = "2")

And another from technet which was actually useless to me as almost all my servers had a SKU of 7 no mater what version or if they were core or not.

SELECT OperatingSystemSKU FROM Win32_OperatingSystem WHERE OperatingSystemSKU = 12 OR OperatingSystemSKU = 39 OR OperatingSystemSKU= 14 OR OperatingSystemSKU = 41 OR OperatingSystemSKU = 13 OR OperatingSystemSKU = 40 OR OperatingSystemSKU = 29

I settled on targeting 2012R2 and 2016 Servers as I have tested for unwanted effects on gui servers.

select * from Win32_OperatingSystem where Version like "6.3%" or Version like "10%"
SELECT * FROM Win32_OperatingSystem WHERE ProductType = 2 OR ProductType = 3

Pitfalls:

  • When testing for unwanted outcomes on a Server 2008 and 2016 edition with a gui, the key was ignored when running Alternate Shell from Safe Mode. This is fine but shows a limit to the extent of this particular key.
  • The AlternateShell key may not be effective on older servers. I haven’t tested on anything older the 2012R2. The hive was not originally present on older instances and therefore unlikely to be queried.

Updated:

Leave a comment