You’ve installed Windows Server 2012 Core and then decide you need the GUI. With “Features on Demand”, this is easy! All you have to do is go into PowerShell, and type Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-GUI-Shell.
Easy, that is, unless you’ve patched Windows Server in any way, shape or form because as soon as you update Windows Server, the install media is seen as out-of-date and there’s a good chance there will be something preventing the server contacting Microsoft Update (i.e. the internet site, NOT WSUS) directly. This is important, because the above command can ONLY use Microsoft Update, it won’t pay any attention to in-house WSUS installs.
Trying to resolve this issue got so annoying that I now have a case open with MS to try and fix it. I’ve tried this site, and it started crashing half way through the patching of updates onto the WIM file (I’d written a batch file to apply each update sequentially, there was no way I was going to manually install each update on the WIM).
My colleague suggested- and then found- the process outlined on this site. This didn’t work either: the (test) server loses its WSUS settings fine, but then I’m presuming either can’t find its way out through the core switch (by design, obviously, as nothing is allowed out directly through the firewall) or presumably can’t use a proxy server. And with the firewall admins unavailable, I can’t re-configure it to see what happens if it is allowed directly through. I tried sticking WireShark on this box to see what happens but all I got was vast amounts of ARP traffic (I didn’t filter it because I didn’t know where this traffic might be going or even what protocol it was using). Anyway, that’s beside the point: if the above command can’t cope with a proxy server, then we’d have to allow each affected server out directly through the firewall AFTER having applied the right Group Policy to it and then run gpupdate /force for the changes to take effect, which is a lot of effort to go to just to achieve something that’s supposedly “built-in”.
At the moment, I really don’t know what MS’s answer is going to be. I’ve run through a lot of tests which has only proven that the above behaviour works 100% of the time- you can install the GUI from the build media only if the server hasn’t been updated. The moment you patch the server this command stops working assuming your servers don’t have direct access to the internet. If MS could even somehow get our internal WSUS site to patch the WIM file as per the first link above that would be something, as at least we’d maintain a consistent set of patches. I’ve seen suggestions that you always install the GUI version of Windows to start with and then omit the -remove switch when going back to Core so that the GUI installer files remain on the server to get patched but this seems daft when the whole point of Server Core is that the installation payloads aren’t left lying around for a “hacker” to install.