Mastering Windows Server 2019 - Second Edition

Mastering Windows Server 2019 - Second Edition

by Jordan Krause
Released March 2019
Publisher(s): Packt Publishing
ISBN: 9781789804539

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

New edition of the bestselling guide to Mastering Windows Server, updated to Windows Server 2022 with improved security, better platform flexibility, new windows admin center, upgraded Hyper-V manager and hybrid cloud support

Key Features

  • Develop necessary skills to design and implement Microsoft Server 2019 in enterprise environment
  • Provide support to your medium to large enterprise and leverage your experience in administering Microsoft Server 2019
  • Effectively administering Windows server 2019 with the help of practical examples

Book Description

Mastering Windows Server 2019 – Second Edition covers all of the essential information needed to implement and utilize this latest-and-greatest platform as the core of your data center computing needs. You will begin by installing and managing Windows Server 2019, and by clearing up common points of confusion surrounding the versions and licensing of this new product. Centralized management, monitoring, and configuration of servers is key to an efficient IT department, and you will discover multiple methods for quickly managing all of your servers from a single pane of glass. To this end, you will spend time inside Server Manager, PowerShell, and even the new Windows Admin Center, formerly known as Project Honolulu. Even though this book is focused on Windows Server 2019 LTSC, we will still discuss containers and Nano Server, which are more commonly related to the SAC channel of the server platform, for a well-rounded exposition of all aspects of using Windows Server in your environment. We also discuss the various remote access technologies available in this operating system, as well as guidelines for virtualizing your data center with Hyper-V. By the end of this book, you will have all the ammunition required to start planning for, implementing, and managing Windows.

What you will learn

  • Work with the updated Windows Server 2019 interface, including Server Core and Windows Admin Center
  • Secure your network and data with new technologies in Windows Server 2019
  • Learn about containers and understand the appropriate situations to use Nano Server
  • Discover new ways to integrate your data center with Microsoft Azure
  • Harden your Windows Servers to help keep the bad guys out
  • Virtualize your data center with Hyper-V

Who this book is for

If you are a System Administrator or an IT professional interested in designing and deploying Windows Server 2019 then this book is for you. Previous experience of Windows Server operating systems and familiarity with networking concepts is required.

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Mastering Windows Server 2019 Second Edition
  3. About Packt
    1. Why subscribe?
    2. Packt.com
  4. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Conventions used
    4. Get in touch
      1. Reviews
  6. Getting Started with Windows Server 2019
    1. The purpose of Windows Server
    2. It's getting cloudy out there
      1. Public cloud
      2. Private cloud
    3. Windows Server versions and licensing
      1. Standard versus Datacenter
      2. Desktop Experience/Server Core/Nano Server
        1. Desktop Experience
        2. Server Core
        3. Nano Server
      3. Licensing models - SAC and LTSC
        1. Semi-Annual Channel (SAC)
        2. Long-Term Servicing Channel (LTSC)
    4. Overview of new and updated features
      1. The Windows 10 experience continued
      2. Hyper-Converged Infrastructure
      3. Windows Admin Center
      4. Windows Defender Advanced Threat Protection
      5. Banned Passwords
      6. Soft restart
      7. Integration with Linux
      8. Enhanced Shielded Virtual Machines
      9. Azure Network Adapter
      10. Always On VPN
    5. Navigating the interface
      1. The updated Start menu
      2. The Quick Admin Tasks menu
      3. Using the Search function
      4. Pinning programs to the taskbar
        1. The power of right-clicking
    6. Using the newer Settings screen
      1. Two ways to do the same thing
        1. Creating a new user through Control Panel
        2. Creating a new user through the Settings menu
    7. Task Manager
    8. Task View
    9. Summary
    10. Questions
  7. Installing and Managing Windows Server 2019
    1. Technical requirements
    2. Installing Windows Server 2019
      1. Burning that ISO
      2. Creating a bootable USB stick
      3. Running the installer
    3. Installing roles and features
      1. Installing a role using the wizard
      2. Installing a feature using PowerShell
    4. Centralized management and monitoring
      1. Server Manager
      2. Remote Server Administration Tools (RSAT)
      3. Does this mean RDP is dead?
        1. Remote Desktop Connection Manager
    5. Windows Admin Center (WAC)
      1. Installing Windows Admin Center
      2. Launching Windows Admin Center
      3. Adding more servers to Windows Admin Center
      4. Managing a server with Windows Admin Center
    6. Enabling quick server rollouts with Sysprep
      1. Installing Windows Server 2019 onto a new server
      2. Configuring customizations and updates onto your new server
      3. Running Sysprep to prepare and shut down your master server
      4. Creating your master image of the drive
      5. Building new servers using copies of the master image
    7. Summary
    8. Questions
  8. Core Infrastructure Services
    1. What is a Domain Controller?
      1. Active Directory Domain Services
    2. Using AD DS to organize your network
      1. Active Directory Users and Computers
        1. User accounts
        2. Security Groups
        3. Prestaging computer accounts
      2. Active Directory Domains and Trusts
      3. Active Directory Sites and Services
      4. Active Directory Administrative Center
        1. Dynamic Access Control
      5. Read-Only Domain Controllers (RODC)
    3. The power of Group Policy
      1. The Default Domain Policy
      2. Creating and linking a new GPO
      3. Filtering GPOs to particular devices
    4. Domain Name System (DNS)
      1. Different kinds of DNS records
        1. Host record (A or AAAA)
        2. ALIAS record - CNAME
        3. Mail Exchanger record (MX)
        4. Name Server (NS) record
        5. ipconfig /flushdns
    5. DHCP versus static addressing
      1. The DHCP scope
      2. DHCP reservations
    6. Back up and restore
      1. Schedule regular backups
      2. Restoring from Windows
      3. Restoring from the installer disc
    7. MMC and MSC shortcuts
    8. Summary
    9. Questions
  9. Certificates in Windows Server 2019
    1. Common certificate types
      1. User certificates
      2. Computer certificates
      3. SSL certificates
        1. Single-name certificates
        2. Subject Alternative Name certificates
        3. Wildcard certificates
    2. Planning your PKI
      1. Role services
      2. Enterprise versus Standalone
      3. Root versus Subordinate (issuing)
      4. Naming your CA server
      5. Can I install the CA role onto a domain controller?
    3. Creating a new certificate template
    4. Issuing your new certificates
      1. Publishing the template
      2. Requesting a cert from MMC
      3. Requesting a cert from the Web interface
    5. Creating an auto-enrollment policy
    6. Obtaining a public-authority SSL certificate
      1. Public/private key pair
      2. Creating a Certificate Signing Request
      3. Submitting the certificate request
      4. Downloading and installing your certificate
    7. Exporting and importing certificates
      1. Exporting from MMC
      2. Exporting from IIS
      3. Importing into a second server
    8. Summary
    9. Questions
  10. Networking with Windows Server 2019
    1. Introduction to IPv6
      1. Understanding IPv6 IP addresses
    2. Your networking toolbox
      1. ping
      2. tracert
      3. pathping
      4. Test-Connection
      5. telnet
      6. Test-NetConnection
      7. Packet tracing with Wireshark or Message Analyzer
      8. TCPView
    3. Building a routing table
      1. Multi-homed servers
      2. Only one default gateway
      3. Building a route
        1. Adding a route with the Command Prompt
        2. Deleting a route
        3. Adding a route with PowerShell
    4. NIC Teaming
    5. Software-defined networking
      1. Hyper-V Network Virtualization
        1. Private clouds
        2. Hybrid clouds
        3. How does it work?
          1. System Center Virtual Machine Manager
          2. Network controller
          3. Generic Routing Encapsulation
          4. Microsoft Azure Virtual Network
          5. Windows Server Gateway/SDN Gateway
        4. Virtual network encryption
      2. Bridging the gap to Azure
    6. Azure Network Adapter
    7. Summary
    8. Questions
  11. Enabling Your Mobile Workforce
    1. Always On VPN
      1. Types of AOVPN tunnel
        1. User Tunnels
        2. Device Tunnels
      2. Device Tunnel requirements
      3. AOVPN client requirements
        1. Domain-joined
      4. Rolling out the settings
      5. AOVPN server components
        1. Remote Access Server
          1. IKEv2
          2. SSTP
          3. L2TP
          4. PPTP
        2. Certification Authority (CA)
        3. Network Policy Server (NPS)
    2. DirectAccess
      1. The truth about DirectAccess and IPv6
      2. Prerequisites for DirectAccess
        1. Domain-joined
        2. Supported client operating systems
        3. DirectAccess servers get one or two NICs
          1. Single NIC Mode
          2. Dual NICs
          3. More than two NICs
        4. To NAT or not to NAT?
          1. 6to4
          2. Teredo
          3. IP-HTTPS
          4. Installing on the true edge – on the internet
          5. Installing behind a NAT
        5. Network Location Server
        6. Certificates used with DirectAccess
          1. SSL certificate on the NLS web server
          2. SSL certificate on the DirectAccess server
          3. Machine certificates on the DA server and all DA clients
      3. Do not use the Getting Started Wizard (GSW)!
    3. Remote Access Management Console
      1. Configuration
      2. Dashboard
      3. Operations Status
      4. Remote Client Status
      5. Reporting
      6. Tasks
    4. DA, VPN, or AOVPN? Which is best?
      1. Domain-joined or not?
      2. Auto or manual launch
      3. Software versus built-in
      4. Password and login issues with traditional VPNs
      5. Port-restricted firewalls
      6. Manual disconnect
      7. Native load-balancing capabilities
      8. Distribution of client configurations
    5. Web Application Proxy
      1. WAP as AD FS Proxy
    6. Requirements for WAP
    7. Latest improvements to WAP
      1. Preauthentication for HTTP Basic
      2. HTTP to HTTPS redirection
      3. Client IP addresses forwarded to applications
      4. Publishing Remote Desktop Gateway
      5. Improved administrative console
    8. Summary
    9. Questions
  12. Hardening and Security
    1. Windows Defender Advanced Threat Protection
      1. Installing Windows Defender AV
      2. Exploring the user interface
      3. Disabling Windows Defender
      4. What is ATP, anyway?
      5. Windows Defender ATP Exploit Guard
    2. Windows Defender Firewall – no laughing matter
      1. Three Windows Firewall administrative consoles
        1. Windows Defender Firewall (Control Panel)
        2. Firewall & network protection (Windows Security Settings)
        3. Windows Defender Firewall with Advanced Security (WFAS)
      2. Three different firewall profiles
      3. Building a new inbound firewall rule
      4. Creating a rule to allow pings (ICMP)
      5. Managing WFAS with Group Policy
    3. Encryption technologies
      1. BitLocker and the virtual TPM
      2. Shielded VMs
      3. Encrypted virtual networks
      4. Encrypting File System
      5. IPsec
        1. Configuring IPsec
          1. Server policy
          2. Secure Server policy
          3. Client policy
          4. IPsec Security Policy snap-in
          5. Using WFAS instead
    4. Banned passwords
    5. Advanced Threat Analytics
    6. General security best practices
      1. Getting rid of perpetual administrators
      2. Using distinct accounts for administrative access
      3. Using a different computer to accomplish administrative tasks
      4. Never browse the internet from servers
      5. Role-Based Access Control (RBAC)
      6. Just Enough Administration (JEA)
    7. Summary
    8. Questions
  13. Server Core
    1. Why use Server Core?
      1. No more switching back and forth
    2. Interfacing with Server Core
      1. PowerShell
        1. Using cmdlets to manage IP addresses
        2. Setting the server hostname
        3. Joining your domain
      2. Remote PowerShell
      3. Server Manager
      4. Remote Server Administration Tools
      5. Accidentally closing Command Prompt
    3. Windows Admin Center for managing Server Core
    4. The Sconfig utility
    5. Roles available in Server Core
    6. What happened to Nano Server?
    7. Summary
    8. Questions
  14. Redundancy in Windows Server 2019
    1. Network Load Balancing (NLB)
      1. Not the same as round-robin DNS
      2. What roles can use NLB?
      3. Virtual and dedicated IP addresses
      4. NLB modes
        1. Unicast
        2. Multicast
        3. Multicast IGMP
    2. Configuring a load-balanced website
      1. Enabling NLB
        1. Enabling MAC address spoofing on VMs
      2. Configuring NLB
      3. Configuring IIS and DNS
      4. Testing it out
      5. Flushing the ARP cache
    3. Failover clustering
      1. Clustering Hyper-V hosts
        1. Virtual machine load balancing
      2. Clustering for file services
        1. Scale-out file server
    4. Clustering tiers
      1. Application-layer clustering
      2. Host-layer clustering
      3. A combination of both
      4. How does failover work?
    5. Setting up a failover cluster
      1. Building the servers
      2. Installing the feature
      3. Running the failover cluster manager
      4. Running cluster validation
      5. Running the Create Cluster wizard
    6. Recent clustering improvements in Windows Server
      1. True two-node clusters with USB witnesses
      2. Higher security for clusters
      3. Multi-site clustering
      4. Cross-domain or workgroup clustering
        1. Migrating cross-domain clusters
      5. Cluster operating-system rolling upgrades
      6. Virtual machine resiliency
      7. Storage Replica (SR)
    7. Storage Spaces Direct (S2D)
      1. New in Server 2019
    8. Summary
    9. Questions
  15. PowerShell
    1. Why move to PowerShell?
      1. Cmdlets
      2. PowerShell is the backbone
      3. Scripting
      4. Server Core
    2. Working within PowerShell
      1. Launching PowerShell
        1. Default Execution Policy
          1. Restricted
          2. AllSigned
          3. RemoteSigned
          4. Unrestricted
        2. The Bypass mode
      2. Using the Tab key
      3. Useful cmdlets for daily tasks
      4. Using Get-Help
      5. Formatting the output
        1. Format-Table
        2. Format-List
    3. PowerShell Integrated Scripting Environment
      1. PS1 files
      2. PowerShell Integrated Scripting Environment
    4. Remotely managing a server
      1. Preparing the remote server
        1. The WinRM service
        2. Enable-PSRemoting
        3. Allowing machines from other domains or workgroups
      2. Connecting to the remote server
        1. Using -ComputerName
        2. Using Enter-PSSession
    5. Desired State Configuration
    6. Summary
    7. Questions
  16. Containers and Nano Server
    1. Understanding application containers
      1. Sharing resources
      2. Isolation
      3. Scalability
    2. Containers and Nano Server
    3. Windows Server containers versus Hyper-V containers
      1. Windows Server Containers
      2. Hyper-V Containers
    4. Docker and Kubernetes
      1. Linux containers
      2. Docker Hub
      3. Docker Trusted Registry
      4. Kubernetes
    5. Working with containers
      1. Installing the role and feature
      2. Installing Docker for Windows
        1. Docker commands
          1. docker --help
          2. docker images
          3. docker search
          4. docker pull
          5. docker run
          6. docker ps -a
          7. docker info
      3. Downloading a container image
      4. Running a container
    6. Summary
    7. Questions
  17. Virtualizing Your Data Center with Hyper-V
    1. Designing and implementing your Hyper-V Server
      1. Installing the Hyper-V role
    2. Using virtual switches
      1. The external virtual switch
      2. The internal virtual switch
      3. The private virtual switch
    3. Creating a new virtual switch
    4. Implementing a new virtual server
      1. Starting and connecting to the VM
      2. Installing the operating system
    5. Managing a virtual server
      1. Hyper-V Manager
      2. The Settings menu
        1. Checkpoints
      3. Hyper-V Console, Remote Desktop Protocol (RDP), or PowerShell
      4. Windows Admin Center (WAC)
    6. Shielded VMs
      1. Encrypting VHDs
      2. Infrastructure requirements for shielded VMs
        1. Guarded hosts
        2. Host Guardian Service (HGS)
      3. Host attestations
        1. TPM-trusted attestations
        2. Host key attestations
        3. Admin-trusted attestation – deprecated in 2019
    7. Integrating with Linux
    8. ReFS deduplication
      1. ReFS
      2. Data deduplication
      3. Why is this important to Hyper-V?
    9. Hyper-V Server 2019
    10. Summary
    11. Questions
  18. Assessments
    1. Chapter 1: Getting Started with Windows Server 2019
    2. Chapter 2: Installing and Managing Windows Server 2019
    3. Chapter 3: Core Infrastructure Services
    4. Chapter 4: Certificates in Windows Server 2019
    5. Chapter 5: Networking with Windows Server 2019
    6. Chapter 6: Enabling Your Mobile Workforce
    7. Chapter 7: Hardening and Security
    8. Chapter 8: Server Core
    9. Chapter 9: Redundancy in Windows Server 2019
    10. Chapter 10: PowerShell
    11. Chapter 11: Containers and Nano Server
    12. Chapter 12: Virtualizing Your Data Center with Hyper-V
  19. Another Book You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Mastering Windows Server 2019 - Second Edition
  • Author(s): Jordan Krause
  • Release date: March 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781789804539