I would like to modify Windows 2016 core to reduce its attack surface and get rid of features I don't need. For the purpose of an ADDC, what are the services to disable the scheduled tasks to disable Windows component packages I can remove the firewall rules to set Here I'm interested in the absolute minimum. Windows packages that are protected can be removed by editing the registry, so I guess it is like hacking server core to be more like nano. Any idea?
Maybe adding the package of ADDC(?) to nano can make more clear picture what is needed but im not sure