Windows Server 2016: Unleashed

Windows Server 2016: Unleashed

by Rand Morimoto, Jeffrey Shapiro, Guy Yardeni, Omar Droubi, Michael Noel, Andrew Abbate, Chris Amaris
Released September 2017
Publisher(s): Sams
ISBN: 9780134583822

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Book + Content Update Program

This is the most comprehensive and realistic guide to Windows Server 2016 planning, design, prototyping, implementation, migration, administration, and support. Extensively updated, it contains unsurpassed independent and objective coverage of Windows Server 2016’s key innovations, from the cloud and containers to security and mobility.

Windows Server 2016 Unleashed reflects the authors’ extraordinary experience implementing Windows Server 2016 in large-scale environments since its earliest alpha releases. Microsoft MVP Rand Morimoto and colleagues fully address all aspects of deploying and operating Windows Server 2016, including Active Directory, networking, application services, security, administration, business continuity, virtualization, optimization, and troubleshooting. You’ll find up-to-the-minute coverage of new features ranging from Storage Spaces Direct to Cluster-Aware Updating, and Dynamic Access Control to Nano Server.

Valuable for Windows pros at all levels, this book will be indispensable especially for intermediate-to-advanced level professionals seeking expert, in-depth solutions. Every chapter contains tips, tricks, best practices, and lessons learned from actual deployments—practical help for solving real problems.

Detailed information on how to:

  • Take full advantage of key Windows Server 2016 innovations
  • Plan, prototype, install, migrate to, and deploy Windows Server 2016 and Server Core
  • Design a modern Windows Server Active Directory, from OUs and infrastructure to Federated Forests and Lightweight Directories
  • Deliver reliable networking services: DNS, WINS, DNSSEC, DHCP, IPv, IPAM, and IIS
  • Systematically harden server-level security
  • Protect data in transit with PKI, certificates, rights management, and IPsec encryption
  • Safely provide appropriate remote and mobile access for your users
  • Efficiently administer, automate, maintain, and document Windows Server production environments
  • Control Windows devices centrally with Group Policies and Policy Management
  • Implement advanced fault tolerance, clustering, and other business continuity features
  • Optimize, tune, and debug Windows Server, and plan for growth
  • Leverage integrated application services, including SharePoint and Hyper-V

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Contents at a Glance
  5. Table of Contents
  6. Foreword
  7. About the Authors
  8. Dedication
  9. Acknowledgments
  10. We Want to Hear from You!
  11. Reader Services
  12. Introduction
    1. How This Book Is Organized
  13. Part I: Windows Server 2016 Overview
    1. Chapter 1. Windows Server 2016 Technology Primer
      1. Windows Server 2016 Defined
        1. Windows Server 2016 Under the Hood
        2. Visual Changes in Windows Server 2016
        3. Windows Server 2016 as an Application Server
        4. Windows Server 2016 Active Directory
      2. When Is the Right Time to Migrate?
        1. Adding a Windows Server 2016 System to a Windows Server 2008 or Later Environment
        2. Migrating from Windows Server 2008 and Windows Server 2012/R2 Active Directory to Windows Server 2016 Active Directory
      3. Versions of Windows Server 2016
        1. Windows Server 2016 Standard Edition
        2. Windows Server 2016 Datacenter Edition
        3. Windows Server 2016 Server Core
        4. Nano Server
      4. Improvements for Continuous Availability
        1. No Single Point of Failure in Clustering
        2. Stretched Clusters
        3. 64-Node Clusters
        4. Hyper-V Replication
        5. Cluster-Aware Updating
        6. DHCP Failover
        7. Improved Support for SANs
      5. Enhancements for Flexible Identity and Security
        1. Increased Support for Standards
        2. Enhancing the Windows Server 2016 Security Subsystem
        3. Server Core and Minimized User Interface
        4. Dynamic Access Control
        5. DNSSEC—Zone Signing
        6. Transport Security Using IPSec and Certificate Services
        7. Security Policies, Policy Management, and Policy Enforcement Tools
        8. BitLocker for Server Security
        9. Windows Rights Management Services
        10. Active Directory Unification for Various Directory Services
      6. Enabling Users to Work Anywhere
        1. Windows Server 2016 DirectAccess
        2. RODCs for the Branch Office
        3. BranchCache File Access
        4. Improvements for Thin-Client Remote Desktop Services
        5. Improvements in Remote Desktop Client
        6. RDS Web Access
        7. RDS Gateway
        8. RDS RemoteApps
        9. Remote Desktop Virtualization Host for VDI
        10. Windows to Go
      7. Simplifying the Datacenter
        1. Server Manager Tool
        2. Improvements in Distributed Administration
        3. PowerShell for Administrative Tasks
        4. Active Directory Administrative Center
        5. Storage Spaces
        6. Improvements in Group Policy Management
        7. IP Address Management
        8. Managing Windows 2016 with Performance and Reliability Monitoring Tools
        9. Leveraging the Best Practice Analyzer
        10. Windows Deployment Services Integration
        11. Distributed File System
      8. Addition of Migration Tools
        1. Operating System Migration Tools
        2. Server Role Migrations
      9. Identifying Which Windows Server 2016 Service to Install or Migrate to First
        1. Windows Server 2016 Core to an Active Directory Environment
        2. Windows Server 2016 Running Built-In Application Server Functions
        3. Utilizing Windows Server 2016 to Run Business Critical Server Applications
      10. Summary
      11. Best Practices
    2. Chapter 2. Planning, Prototyping, Migrating, and Deploying Windows Server 2016
      1. Determining the Scope of Your Project
      2. Identifying the Business Goals and Objectives to Implement Windows Server
        1. High-Level Business Goals
        2. Business Unit or Departmental Goals
      3. Identifying the Technical Goals and Objectives to Implement Windows Server
        1. Defining the Scope of the Work
        2. Determining the Time Frame for Implementation or Migration
        3. Defining the Participants of the Design and Deployment Teams
      4. The Discovery Phase: Understanding the Existing Environment
        1. Understanding the Geographical Depth and Breadth
        2. Managing Information Overload
      5. The Design Phase: Documenting the Vision and the Plan
        1. Collaboration Sessions: Making the Design Decisions
        2. Organizing Information for a Structured Design Document
        3. Windows Server 2016 Design Decisions
        4. Agreeing On the Design
      6. The Migration Planning Phase: Documenting the Process for Migration
        1. Time for the Project Plan
        2. Speed Versus Risk
        3. Creating the Migration Document
      7. The Prototype Phase: Creating and Testing the Plan
        1. How Do You Build the Lab?
        2. Results of the Lab Testing Environment
      8. The Pilot Phase: Validating the Plan to a Limited Number of Users
        1. The First Server in the Pilot
        2. Rolling Out the Pilot Phase
        3. Fixing Problems in the Pilot Phase
        4. Documenting the Results of the Pilot
      9. The Migration/Implementation Phase: Conducting the Migration or Installation
        1. Verifying End-User Satisfaction
        2. Supporting the New Windows Server 2016 Environment
      10. Summary
      11. Best Practices
        1. The Discovery Phase
        2. The Design Phase
        3. The Migration Planning Phase
        4. The Prototype Phase
        5. The Pilot Phase
        6. The Migration/Implementation Phase
    3. Chapter 3. Installing Windows Server 2016 and Server Core
      1. Planning for a Server Installation
        1. Minimum Hardware Requirements
        2. Choosing the Appropriate Windows Edition
        3. Choosing a New Installation or an Upgrade
        4. Determining the Type of Server to Install
        5. Preparing Configuration Information
        6. Backing Up Files
      2. Installing a Clean Version of Windows Server 2016 Operating System
        1. Customizing the Language, Time, Currency, and Keyboard Preferences
        2. The Install Now Page
        3. Selecting the Type of Operating System to Install
        4. Accepting the Terms of the Windows Server 2016 License
        5. Selecting the Type of Windows Server 2016 Installation
        6. Selecting the Location for the Installation
        7. Finalizing the Installation and Customizing the Configuration
      3. Upgrading to Windows Server 2016
        1. Backing Up the Server
        2. Verifying System Compatibility
        3. Ensuring the Drivers Are Digitally Signed
        4. Performing Additional Tasks
        5. Performing the Upgrade
      4. Understanding Server Core Installation
        1. Installing Server Core
      5. Managing and Configuring a Server Core Installation
        1. Launching the Command Prompt in a Server Core Installation
        2. Changing the Server Core Administrator’s Password
        3. Changing the Server Core Machine Name
        4. Assigning a Static IPV4 IP Address and DNS Settings
        5. Adding the Server Core System to a Domain
        6. Activating the Server Core System
        7. Using SCONFIG to Configure a Server Core Installation
        8. Server Core Roles and Feature Installations
        9. Installing the Active Directory Domain Services Role
      6. Performing an Unattended Windows Server 2016 Installation
      7. Nano Server
        1. What Is Nano Server?
        2. Deploying a Nano Server
        3. Configuring Nano Server After Deployment
        4. Connect to Nano Server Using PowerShell Direct
      8. Summary
      9. Best Practices
  14. Part II: Windows Server 2016 Active Directory
    1. Chapter 4. Active Directory Domain Services Primer
      1. The Evolution of Directory Services
        1. Reviewing the Original Microsoft Directory Systems
        2. Outlining the Key Features of Active Directory Domain Services
      2. Understanding the Development of AD DS
        1. Detailing Microsoft’s Adoption of Internet Standards
      3. AD DS Structure
        1. Understanding the AD DS Domain
        2. Describing AD DS Domain Trees
        3. Describing Forests in AD DS
        4. Understanding the AD DS Authentication Modes
        5. Outlining Functional Levels in Windows Server 2016 AD DS
      4. Outlining AD DS Components
        1. Understanding AD DS X.500 Roots
        2. Conceptualizing the AD DS Schema
        3. Defining the Lightweight Directory Access Protocol
        4. Detailing Multimaster Replication with AD DS Domain Controllers
        5. Global Catalog and Global Catalog Servers
        6. Defining the Operations Master Roles
      5. Understanding Domain Trusts
        1. Conceptualizing Transitive Trusts
        2. Explicit Trusts
      6. Defining Organizational Units
        1. Determining Domain Usage Versus OU Usage
      7. Outlining the Role of Groups in an AD DS Environment
        1. Choosing Between OUs and Groups
      8. Understanding AD DS Replication
        1. Sites, Site Links, and Site Link Bridgeheads
        2. Understanding Originating Writes
        3. Using PowerShell Replication Commandlets in Windows Server 2016
      9. Outlining the Role of DNS in AD DS
        1. Examining DNS Namespace Concepts
        2. Dynamic DNS
        3. Comparing Standard DNS Zones and AD-Integrated DNS Zones
        4. How AD DS DNS Works with Foreign DNS
      10. Outlining AD DS Security
        1. Understanding Kerberos Authentication
        2. Taking Additional Security Precautions
      11. Getting Familiar with AD DS Features in Windows Server 2016
        1. Restoring Deleted AD DS Objects Using the Active Directory Recycle Bin
        2. Restarting AD DS on a Domain Controller
        3. Implementing Multiple Password Policies per Domain
        4. Auditing Changes Made to AD Objects
        5. Reviewing Additional Active Directory Services
        6. Examining Additional Windows Server 2016 AD DS Features
        7. Reviewing Legacy Windows Server Active Directory Improvements
      12. Summary
      13. Best Practices
    2. Chapter 5. Designing a Windows Server 2016 Active Directory
      1. Understanding AD DS Domain Design
        1. Examining Domain Trusts
      2. Choosing a Domain Namespace
        1. Choosing an External (Published) Namespace
        2. Choosing an Internal Namespace
      3. Examining Domain Design Features
      4. Choosing a Domain Structure
      5. Understanding the Single-Domain Model
        1. Choosing the Single-Domain Model
        2. Exploring a Single-Domain Real-World Design Example
      6. Understanding the Multiple-Domain Model
        1. Deciding When to Add Additional Domains
        2. Exploring a Multiple-Domain Real-World Design Example
      7. Understanding the Multiple Trees in a Single-Forest Model
        1. Deploying a Multiple-Tree Domain Model
        2. Exploring a Multiple-Tree Domain Real-World Design Example
      8. Reviewing the Federated-Forests Model
        1. Choosing Federated Forests
        2. Federated-Forests Real-World Design Example
      9. Understanding the Empty-Root Domain Model
        1. Determining When to Choose the Empty-Root Model
        2. Exploring a Real-World Empty-Root Domain Design Example
      10. Understanding the Placeholder Domain Model
        1. Exploring a Placeholder Domain Real-World Design Example
      11. Understanding the Special-Purpose Domain Model
        1. Exploring a Special-Purpose Domain Real-World Design Example
      12. Renaming an AD DS Domain
        1. Domain Rename Limitations
        2. Outlining Domain Rename Prerequisites
        3. Renaming a Domain
      13. Summary
      14. Best Practices
    3. Chapter 6. Designing Organizational Unit and Group Structure
      1. Defining Organizational Units in AD DS
      2. Defining AD Groups
        1. Outlining Group Types: Security or Distribution
        2. Understanding Group Scope
      3. OU and Group Design
      4. Starting an OU Design
        1. Overuse of OUs in Domain Design
        2. OU Flexibility
      5. Using OUs to Delegate Administration
      6. Group Policies and OU Design
      7. Understanding Group Design
        1. Detailing Best Practice for Groups
        2. Establishing Group Naming Standards
        3. Group Nesting
        4. Designing Distribution Groups
      8. Exploring Sample Design Models
        1. A Business Function-Based Design
        2. Understanding Geographically Based Design
      9. Summary
      10. Best Practices
    4. Chapter 7. Active Directory Infrastructure
      1. Understanding AD DS Replication in Depth
        1. The Role of Replication in AD DS
        2. Outlining Multimaster Topology Concepts
        3. Explaining Update Sequence Numbers
        4. Resolving Replication Collisions
        5. Applying Property Version Numbers
        6. Establishing Connection Objects
        7. Understanding Replication Latency
      2. Understanding Active Directory Sites
        1. Windows Server 2016 Site Functionality
        2. Associating Subnets with Sites
        3. Creating Site Links
        4. Turning Off Site Link Bridging
        5. Understanding the Knowledge Consistency Checker and the Intersite Topology Generator
        6. Determining Site Cost
        7. Utilizing Preferred Site Link Bridgeheads
        8. Deploying AD DS DCs on Server Core
      3. Planning Replication Topology
        1. Mapping Site Design into Network Design
        2. Establishing Sites
        3. Choosing Between One Site or Many Sites
        4. Optimizing Subnet Site Associations
        5. Determining Site Links and Site Link Costs
        6. Choosing Replication Scheduling
        7. Choosing SMTP or IP Replication
        8. Windows Server 2016 Replication
        9. DC Promotion from Media
        10. Identifying Linked-Value Replication/Universal Group Membership Caching
        11. Removing Lingering Objects
        12. Disabling Replication Compression
        13. Understanding How AD Avoids Full Synchronization of Global Catalog with Schema Changes
        14. The Intersite Topology Generator Algorithm
      4. Windows Server 2016 IPv6 Support
        1. Defining the Structure of IPv6
        2. Understanding IPv6 Addressing
        3. Migrating to IPv6
        4. Making the Leap to IPv6
      5. Detailing Real-World Replication Designs
        1. Viewing a Hub-and-Spoke Replication Design
        2. Decentralized Replication Design
      6. Deploying Read-Only Domain Controllers
        1. Understanding the Need for RODCs
        2. Features of RODCs
        3. Deploying an RODC
      7. Deploying a Clone Virtualized DC
        1. Prerequisites for Virtualized DC Cloning
        2. Adding the Source Virtual DC to the Cloneable DC Group
        3. Running the Excluded App List and New Clone Config File Commandlet
        4. Exporting and Importing the Source DC Virtual Machine
        5. Restarting the Source DC and Bringing the Clone DC Online
      8. Summary
      9. Best Practices
    5. Chapter 8. Creating Federated Forests and Lightweight Directories
      1. Keeping a Distributed Environment in Sync
        1. Active Directory Lightweight Directory Services
        2. Understanding the Need for AD LDS
        3. Features of AD LDS
        4. Installing AD LDS
      2. Active Directory Federation Services
        1. Understanding the Key Components of AD FS
        2. Installing AD FS with Windows Server 2016
        3. Working with AD FS
      3. Synchronizing Directory Information with Microsoft Identity Manager
        1. Understanding MIM
        2. Understanding MIM Concepts
        3. Exploring MIM Account Provisioning
        4. Understanding the Role of Management Agents in MIM
        5. Managing Groups with MIM
      4. Harnessing the Power and Potential of MIM
        1. Managing Identities with MIM
        2. Provisioning and Deprovisioning Accounts with MIM
      5. Summary
      6. Best Practices
  15. Part III: Networking Services
    1. Chapter 9. Domain Name System, WINS, and DNSSEC
      1. The Need for DNS
        1. History of DNS
        2. Establishing a Framework for DNS
        3. Explaining the DNS Hierarchy
        4. The DNS Namespace
      2. Getting Started with DNS on Windows Server 2016
        1. Installing DNS Using the Add Roles Wizard
      3. Resource Records
        1. Start of Authority (SOA) Records
        2. Host (A) Records
        3. Name Server (NS) Records
        4. Service (SRV) Records
        5. Mail Exchanger (MX) Records
        6. Pointer (PTR) Records
        7. Canonical Name (CNAME) Records
        8. Other DNS Record Types
      4. Understanding DNS Zones
        1. Forward Lookup Zones
        2. Reverse Lookup Zones
        3. Primary Zones
        4. Secondary Zones
        5. Stub Zones
      5. Performing Zone Transfers
        1. Performing Full Zone Transfers
        2. Initiating Incremental Zone Transfers
      6. Understanding DNS Queries
        1. Performing Recursive Queries
        2. Performing Iterative Queries
      7. Other DNS Components
        1. Dynamic DNS
        2. The Time-to-Live Value
        3. Performing Secure Updates
        4. Exploring Aging and Scavenging for DNS
        5. Examining Root Hints
        6. Understanding the Role of Forwarders
        7. Using WINS for Lookups
      8. Understanding the Evolution of Microsoft DNS
        1. Active Directory-Integrated Zones
        2. Dynamic Updates
        3. Unicode Character Support
      9. DNS in Windows Server 2016
        1. Application Partition
        2. Automatic Creation of DNS Zones
        3. Fix to the “Island” Problem
        4. Forest Root Zone for _msdcs
      10. DNS in an Active Directory Domain Services Environment
        1. The Impact of DNS on AD DS
        2. AD DS in Non-Microsoft DNS Implementations
        3. Using Secondary Zones in an AD DS Environment
        4. SRV Records and Site Resolution
        5. GlobalNames Zone
      11. Troubleshooting DNS
        1. Using the DNS Event Viewer to Diagnose Problems
        2. Using Performance Monitor to Monitor DNS
        3. Client-Side Cache and HOST Resolution Problems
        4. Using the Nslookup Command-Line Utility
        5. Using the Ipconfig Command-Line Utility
        6. Using the Tracert Command-Line Utility
        7. Using the DNSCmd Command-Line Utility
        8. Managing DNS with PowerShell
      12. Secure DNS with DNSSEC
        1. DNSSEC Components
        2. Important Performance Considerations for DNSSEC
        3. Configuring a DNSSEC Zone
      13. Reviewing the Windows Internet Naming Service
        1. Understanding the Need for Legacy Microsoft NetBIOS Resolution
      14. Installing and Configuring WINS
        1. Installing WINS
        2. Configuring Push/Pull Partners
        3. Examining WINS Replication
        4. Understanding NetBIOS Client Resolution and the LMHOSTS File
      15. Planning, Migrating, and Maintaining WINS
        1. Upgrading a WINS Environment
        2. Exploring WINS and DNS Integration
      16. Summary
      17. Best Practices
    2. Chapter 10. DHCP, IPv6, IPAM
      1. Understanding the Components of an Enterprise Network
        1. The Importance of Network Addressing
        2. Name Resolution
        3. Name Resolution and Directory Integration
        4. DHCP Failover
        5. Windows Server 2016 IPAM Overview
      2. Exploring DHCP
        1. The Need for DHCP
        2. Outlining DHCP Predecessors: RARP and BOOTP
        3. Exploring the DHCP Server Service
        4. Examining the DHCP Client Service
        5. Automatic Private IP Addressing
        6. DHCP Relay Agents
        7. DHCP and Dynamic DNS Integration
        8. Installing DHCP Server and Server Tools
        9. Creating IPv4 DHCP Scopes
      3. Exploring DHCP Changes in Windows Server 2016
        1. Migrating DHCP Servers Using Windows Server Migration Tools
        2. Migrating DHCP Services from 2012 R2 to Windows Server 2016
        3. Understanding DHCP Client Alternate Network Capability
      4. Enhancing DHCP Reliability
        1. Link-Layer Filtering
        2. DHCP Reservations
        3. DHCP Name Protection
        4. DHCP and Dynamic DNS Configuration
        5. Access DHCP Activity and Event Logs
        6. Implementing Redundant DHCP Services
        7. Windows Server 2016 DHCP Failover
      5. Exploring Advanced DHCP Concepts
        1. Understanding DHCP Superscopes
        2. Examining DHCP Multicast Scopes
        3. Delegating Administration of DHCP
        4. DHCP Netsh and PowerShell Administration
      6. Securing DHCP
      7. IPv6 Introduction
        1. IPv6 Addressing
        2. Comprehending IPv6 Addressing
        3. IPv6 Transition Technologies
      8. Configuring IPv6 on Windows Server 2016
        1. Creating an IPv6 Subnet in Active Directory
        2. Manually Setting the IPv6 Address on Windows Server 2016
        3. Creating IPv6 DNS Records and Zones
        4. Setting Up Windows Server 2016 DHCP IPv6 Scopes
      9. IP Address Management
        1. IP Address Tracking Today
      10. Installing the IPAM Server and Client Features
        1. Connecting to the IPAM Server
        2. Configuring IPAM Server Provisioning
        3. Configuring Servers for IPAM Management
        4. Configuring Server Discovery
        5. Defining Discovered Servers as IPAM Managed
        6. Defining IP Address Blocks
        7. Collecting Server Data
      11. Exploring the IPAM Console
        1. Overview Node
        2. Server Inventory Node
        3. IP Address Space Node
        4. IP Address Block Node
        5. IP Address Inventory Node
        6. IP Address Ranges Node
        7. Monitor and Manage Node
        8. DNS and DHCP Servers
        9. DHCP Scopes Node
        10. DNS Zone Monitoring Node
        11. Event Catalog Node
      12. Summary
      13. Best Practices
    3. Chapter 11. Internet Information Services
      1. Understanding Internet Information Services 10
        1. IIS 10 Advanced Functionality
        2. Understanding the IIS Manager Tools
        3. Exploring the IIS Manager Administration Panes
        4. IIS Manager Administration Nodes in the Connections Pane
      2. Planning and Designing IIS 10
        1. Determining Server Requirements
        2. Determining Fault-Tolerance Requirements
      3. Installing and Upgrading IIS 10
        1. Understanding the Modular Approach to Installing IIS 10
        2. Installing the Web Server (IIS) Role
        3. Upgrading from Other Versions of IIS
      4. Installing and Configuring Websites
        1. Creating a Website with IIS 10
        2. Creating a Virtual Directory
        3. Configuring IIS 8 Website Properties
      5. Installing and Configuring FTP Services
        1. IIS 10 FTP Server Service Features
        2. Installing the FTP Server
        3. Creating a Secure FTP 10 Site Using SSL
        4. Configuring FTP 10 Features and Properties
      6. Securing IIS 10
        1. Windows Server 2016 Security
        2. IIS Authentication
        3. Auditing Web Services
        4. Using SSL Certificates
        5. Administering IIS 10 Administrator and User Security
        6. Creating an IIS 10 User Account
        7. Assigning Permissions to an IIS 10 User Account
        8. Configuring Feature Delegation
        9. Using IIS Logging
      7. Summary
      8. Best Practices
  16. Part IV: Security
    1. Chapter 12. Server-Level Security
      1. Defining Windows Server 2016 Security
        1. Common Language Runtime
        2. Understanding the Layered Approach to Server Security
      2. Deploying Physical Security
        1. Restricting Physical Access
        2. Restricting Logon Access
        3. Using Smart Cards for Logon Access
        4. Securing Wireless Networks
        5. Firewall Security
      3. Using the Integrated Windows Firewall with Advanced Security
        1. Understanding Windows Firewall Integration with Server Manager
        2. Creating Inbound and Outbound Rules on the Windows Firewall
      4. Hardening Servers
        1. Defining Server Roles
        2. Securing a Server Using Server Manager
        3. Reducing Attack Surface
        4. AppLocker
        5. Using Administration-Only Accounts with Run As
      5. Examining File-Level Security
        1. Understanding File System Security
        2. Dynamic Access Control
        3. Examining Share-Level Security
        4. Auditing File Access
        5. Encrypting Files with the Encrypting File System
        6. BitLocker for Servers
      6. Malware and Backup Protection
        1. Antivirus Precautions
        2. Trusted Boot Architecture with Secure Boot, AM Preloading, and Measured Boot
        3. Deploying Backup Security
      7. Windows Server Update
        1. Understanding the Background of WSUS: Windows Update
        2. Understanding the Automatic Updates Client
        3. Understanding the Development of Windows Server Update Services
        4. Examining WSUS Prerequisites
        5. Installing WSUS on a Windows Server 2016 Server
        6. Automatically Configuring Clients via Group Policy
        7. Deploying Security Patches with WSUS
      8. Summary
      9. Best Practices
    2. Chapter 13. Securing Data in Transit
      1. Introduction to Securing Data in Transit in Windows Server 2016
        1. The Need for Another Layer of Security
        2. Deploying Security Through Multiple Layers of Defense
        3. Understanding Encryption Basics
      2. Deploying a Public Key Infrastructure with Windows Server 2016
        1. Defining Private Key Versus Public Key Encryption
        2. Exploring Digital Certificates
      3. Understanding Active Directory Certificate Services in Windows Server 2016
        1. Reviewing the CA Roles in AD CS
        2. Detailing the Role Services in AD CS
        3. Installing AD CS
        4. Configuring Auto-Enrollment
        5. Using Smart Cards in a Public Key Infrastructure
        6. Using the Encrypting File System
        7. Integrating PKI with Non-Microsoft Kerberos Realms
      4. Active Directory Rights Management Services
        1. Understanding the Need for AD RMS
        2. Understanding AD RMS Prerequisites
        3. Installing AD RMS
      5. Using IPsec Encryption with Windows Server 2016
        1. Understanding the IPsec Principle
        2. Detailing Key IPsec Functionality
        3. Exploring IPsec NAT Traversal
      6. Summary
      7. Best Practices
    3. Chapter 14. Network Policy and Access Services, Routing and Remote Access and DirectAccess
      1. Installing a Network Policy Server
        1. Understanding RADIUS Support on a Network Policy Server
      2. Deploying a Virtual Private Network Using RRAS
        1. Exploring VPN Tunnels
        2. Tunneling Protocols
        3. PPTP and L2TP Protocols
        4. L2TP/IPSec Secure Protocol
        5. Enabling VPN Functionality on a Remote-Access Server
        6. Modifying the Remote Access Network Policy
      3. Configuring DirectAccess
      4. Summary
      5. Best Practices
  17. Part V: Migrating to Windows Server 2016
    1. Chapter 15. Migrating to Active Directory 2016
      1. Beginning the Migration Process
        1. Identifying Migration Objectives
        2. Establishing Migration Project Phases
        3. Comparing the In-Place Upgrade Versus New Hardware Migration Methods
        4. Identifying Migration Strategies: “Big Bang” Versus Phased Coexistence
        5. Exploring Migration Options
      2. Big Bang Migration
        1. Verifying Hardware Compatibility
        2. Verifying Application Readiness
        3. Backing Up and Creating a Recovery Process
        4. Virtual DC Rollback Option
        5. Performing an Upgrade on a Single DC Server
      3. Phased Migration
        1. Migrating DCs
        2. Preparing the Forest and Domains Using Adprep
        3. Upgrading Existing Domain Controllers
        4. Replacing Existing Domain Controllers
        5. Moving Operation Master Roles
        6. Retiring Existing Windows Server DCs
        7. Retiring “Phantom” DCs
        8. Upgrading Domain and Forest Functional Levels
        9. Moving AD-Integrated DNS Zones to Application Partitions
      4. Multiple Domain Consolidation Migration
        1. Understanding ADMT Functionality
        2. Using ADMT in a Lab Environment
        3. ADMT v3.2 Installation Procedure
        4. ADMT Domain Migration Prerequisites
        5. Exporting Password Key Information
        6. Installing PES on the Source Domain
        7. Setting Proper Registry Permissions
        8. Configuring Domains for SID Migration
        9. Migrating Groups
        10. Migrating User Accounts
        11. Migrating Computer Accounts
        12. Migrating Other Domain Functionality
      5. Summary
      6. Best Practices
    2. Chapter 16. Compatibility Testing
      1. The Importance of Compatibility Testing
      2. Preparing for Compatibility Testing
        1. Determining the Scope for Application Testing
        2. Defining the Goals for Compatibility Testing
        3. Documenting the Compatibility Testing Plan
      3. Researching Products and Applications
        1. Taking Inventory of Network Systems
        2. Taking Inventory of Applications on Existing Servers
        3. Understanding the Differences Between Applications and Windows Services
        4. Completing an Inventory Sheet per Application
        5. Prioritizing the Applications on the List
      4. Verifying Compatibility with Vendors
        1. Tracking Sheets for Application Compatibility Research
        2. Six States of Compatibility
        3. Creating an Upgrade Decision Matrix
        4. Assessing the Effects of the Compatibility Results on the Compatibility Testing Plan
      5. Microsoft Assessment and Planning Toolkit
      6. Lab-Testing Existing Applications
        1. Allocating and Configuring Hardware
        2. Allocating and Configuring Windows Server 2016
        3. Loading the Remaining Applications
        4. Certified for Windows Server 2016
        5. Testing the Migration and Upgrade Process
      7. Documenting the Results of the Compatibility Testing
      8. Determining Whether a Prototype Phase Is Required
      9. Summary
      10. Best Practices
  18. Part VI: Windows Server 2016 Administration and Management
    1. Chapter 17. Windows Server 2016 Administration
      1. Defining the Administrative Model
        1. The Centralized Administration Model
        2. The Distributed Administration Model
        3. The Mixed Administration Model
      2. Examining Active Directory Site Administration
        1. Sites
        2. Subnets
        3. Site Links
        4. Site Group Policies
      3. Configuring Sites
        1. Creating a Site
        2. Establishing Site Links
        3. Delegating Control at the Site Level
      4. Windows Server 2016 Active Directory Groups
        1. Group Types
        2. Group Scopes in Active Directory
      5. Creating Groups
        1. User Administration in a Single Domain
        2. User Administration in a Multidomain Forest
        3. Domain Functional Level and Groups
        4. Creating AD Groups
        5. Populating Groups
        6. Group Management
      6. Managing Users with Local Security and Group Policies
        1. Viewing Policies with the Group Policy Management Console
        2. Creating New Group Policies
        3. Configuring and Optimizing Group Policy
        4. Troubleshooting Group Policy Applications
      7. Managing Printers with the Print Management Console
        1. Installing the Print Management Console
        2. Configuring the Print Management Console
        3. Adding New Printers as Network Shared Resources
        4. Adding Print Servers to the Print Management Console
        5. Using the Print Management Console
      8. Summary
      9. Best Practices
    2. Chapter 18. Windows Server 2016 Group Policies and Policy Management
      1. Group Policy Overview
      2. Group Policy Processing: How Does It Work?
        1. Computer GPO Processing
        2. User GPO Processing
        3. Network Location Awareness
        4. Group Policy Client-Side Extensions
        5. Tuning Group Policy Processing with GPO Settings
      3. Local Group Policies
        1. Local Computer Policy
        2. Local User Policies for Nonadministrators and Administrators
      4. Domain-Based Group Policies
      5. Security Templates
      6. Understanding Group Policy
        1. Group Policy Objects
        2. GPO Storage and Replication
        3. The Group Policy Central Store
        4. Starter GPOs
        5. Policy Settings
        6. Preference Settings
        7. GPO Links
        8. Group Policy Link Enforcement
        9. Group Policy Inheritance
        10. Group Policy Block Inheritance
        11. Group Policy Order of Processing
        12. GPO Filtering
        13. Group Policy Loopback Processing
        14. Group Policy Slow-Link Detection and Network-Location Awareness
      7. Group Policy Policies Node
        1. Group Policy Administrative Templates
      8. Group Policy Preferences Node
      9. Policy Management Tools
        1. Group Policy Management Console
        2. Group Policy Object Editor
        3. Group Policy Management Editor
        4. Group Policy Starter GPO Editor
        5. Print Management Console
        6. Gpupdate.exe
        7. Group Policy Update from GPMC
        8. Group Policy Infrastructure Status
        9. PowerShell Management of Group Policies
        10. Event Viewer
        11. DFS Management
      10. Designing a Group Policy Infrastructure
        1. Active Directory Design and Group Policy
        2. Separation of GPO Functions
        3. Separation of GPO by Targeting Operating System
      11. GPO Administrative Tasks
        1. Installing the Group Policy Management Tools
        2. Creating a GPO Central Store
        3. Creating and Using Starter GPOs
        4. Creating New Domain Group Policies
        5. Creating and Configuring GPO Links
        6. Managing GPO Status
        7. Managing GPO Security Filtering
        8. Creating and Linking WMI Filters to GPOs
        9. Managing GPO Link Order of Processing
        10. Viewing GPO Settings and Creating Reports
        11. Backing Up and Restoring Domain GPOs
        12. Group Policy Modeling Operations
        13. Troubleshooting Group Policies
        14. GPO Administrative Delegation
      12. Summary
      13. Best Practices
    3. Chapter 19. Windows Server 2016 Management and Maintenance Practices
      1. Going Green with Windows Server 2016
      2. Server Manager Dashboard
      3. Managing Windows Server 2016 Roles and Features
        1. Roles in Windows Server 2016
        2. Features in Windows Server 2016
      4. Creating a Server Group
      5. Viewing Events
        1. Server Manager Performance Monitor
        2. Device Manager
        3. Task Scheduler
        4. Services and Applications
        5. WMI Control
        6. Windows Firewall with Advanced Security
      6. Server Manager Storage Page
        1. Windows Server Backup
        2. Disk Management
      7. Auditing the Environment
        1. Audit Policies
        2. Audit Policy Subcategories
        3. Auditing Resource Access
      8. Managing Windows Server 2016 Remotely
        1. Server Manager Remote Management
        2. Remote Server Administration Tools
        3. Windows Remote Management
        4. PowerShell
        5. Print Management Console
      9. Common Practices for Securing and Managing Windows Server 2016
        1. Identifying Security Risks
        2. Using System Center Operations Manager 2012 R2 to Simplify Management
        3. Leveraging Windows Server 2016 Maintenance Practices
      10. Keeping Up with Service Packs and Updates
        1. Manual Update or DVD Update
        2. Automatic Updates
        3. Windows Server Update Services
      11. Maintaining Windows Server 2016
        1. Daily Maintenance
        2. Weekly Maintenance
        3. Monthly Maintenance
        4. Quarterly Maintenance
      12. Summary
      13. Best Practices
    4. Chapter 20. Automating Tasks Using PowerShell Scripting
      1. Understanding Shells
        1. A Short History of Shells
      2. Introduction to PowerShell
        1. PowerShell Uses
        2. PowerShell Features
        3. PowerShell Features
      3. Understanding PowerShell Fundamentals
        1. Accessing PowerShell
        2. Command-Line Interface
        3. Navigating the CLI
        4. Command Types
        5. .NET Framework Integration
        6. The Pipeline
        7. Modules and Snap-Ins
        8. Remoting
        9. PowerShell ISE
        10. Variables
        11. Aliases
        12. Scopes
        13. Providers and Drives
        14. Security
      4. Using Windows PowerShell
        1. Exploring PowerShell
        2. Managing Services
        3. Gathering Event Log Information
        4. Managing the Files and Directories
        5. Managing the Registry
        6. Managing Processes
        7. Using WMI and CIM
        8. Using Snap-Ins
        9. Using Modules
        10. Using Remoting
        11. Using the New-Object Commandlet
      5. Summary
      6. Best Practices
    5. Chapter 21. Documenting a Windows Server 2016 Environment
      1. Benefits of Documentation
        1. Organizational Benefits
        2. Financial Benefits
      2. Types of Documents
      3. Planning to Document the Windows Server 2016 Environment
      4. Knowledge Sharing and Knowledge Management
      5. Windows Server 2016 Project Documents
        1. Project Plan
        2. Design and Planning Document
        3. Communication Plan
        4. Migration Plan
        5. Checklists
        6. Training Plan
        7. Test Plan
        8. Pilot Test Plan
        9. Support and Project Completion Document
      6. Administration and Maintenance Documents
        1. Step-by-Step Procedure Documents
        2. Policies
        3. Documented Checklists
        4. Active Directory Infrastructure
        5. Server Build Procedures
        6. Configuration (As-Built) Documentation
        7. Topology Diagrams
        8. Administration Manual
        9. Using Documentation for Troubleshooting Purposes
        10. Procedural Documents
      7. Network Infrastructure
        1. Documenting the WAN Infrastructure
        2. Network Device Documentation
      8. Disaster Recovery Documentation
        1. Disaster Recovery Planning
        2. Backup and Recovery Development
        3. Monitoring and Performance Documentation
        4. Windows System Failover Documentation
      9. Change Management Procedures
      10. Performance Documentation
      11. Baselining Records for Documentation Comparisons
      12. Routine Reporting
        1. Management-Level Reporting
        2. Technical Reporting
      13. Security Documentation
        1. Change Control
        2. Reviewing Reports
        3. Management-Level Reporting for Security Assessments
      14. Summary
      15. Best Practices
  19. Part VII: Remote and Mobile Technologies
    1. Chapter 22. Server-to-Client Remote and Mobile Access
      1. Remote Access in Windows Server 2016
      2. VPN in Windows Server 2016
        1. Components Needed to Create a Traditional VPN Connection
        2. The VPN Client
        3. The RAS Server
        4. The NPS System
        5. Certificate Server
        6. Active Directory
      3. RAS System Authentication Options
        1. Authentication Protocols for PPTP Connections
        2. EAP and PEAP Authentication Protocols
        3. Authentication Protocols for L2TP/IPsec Connections
        4. Choosing the Best Authentication Protocol
      4. VPN Protocols
        1. Tunneling Within a Windows Server 2016 Networking Environment
        2. Point-to-Point Tunneling Protocol
        3. Layer 2 Tunneling Protocol
        4. IP Security
        5. Secure Sockets Tunneling Protocol
      5. DirectAccess in Windows Server 2016
        1. DirectAccess and IPv6
        2. A Tale of Two Tunnels
        3. End-to-Edge DirectAccess Model
        4. End-to-End DirectAccess Model
        5. Managed-Out Support Model
        6. Internet Versus Intranet Traffic with DirectAccess
        7. DirectAccess Components
        8. Network Location Service
        9. DirectAccess Connection Process
      6. Choosing Between Traditional VPN Technologies and DirectAccess
        1. Advantages of L2TP/IPsec
        2. Advantages of PPTP
        3. Advantages of SSTP
        4. Advantages of DirectAccess
        5. Ports Affecting the VPN Connectivity
      7. Setting Up the Unified Remote Access Role
      8. DirectAccess Scenario
        1. Configuring the Infrastructure
        2. Configuring the DirectAccess Feature
        3. Testing DirectAccess
      9. VPN Scenario
        1. Certificate Auto-Enrollment
        2. Configuring the Network Policy Server
        3. Setting Up the RAS Server
        4. Setting Up the VPN Client
        5. Testing the VPN Connection
      10. Monitoring the Remote Access Server
        1. Dashboard
        2. Operations Status
        3. Remote Client Status
        4. Reporting
      11. Summary
      12. Best Practices
    2. Chapter 23. Remote Desktop Services
      1. Why Implement Remote Desktop Services?
        1. Remote Desktop for Administration
        2. Remote Desktop for Users
        3. Remote Desktop for Remote User Support
        4. Remote Desktop for Cloud Service Providers
      2. How Remote Desktop Works
        1. Modes of Operation
        2. Client-Side RDS
      3. Understanding the Name Change
      4. RDS Roles
        1. RD Session Host
        2. RD Virtualization Host
        3. RD Gateway
        4. RD Web Access
        5. RD Connection Broker
        6. RD Licensing
        7. RemoteApp and Desktop Connection
      5. Configuration Options and Fine-Tuning Terminology
        1. Granular Session Configuration Control
        2. Session 0 Isolation
        3. Local Resource Redirection
        4. Single Sign-On
        5. Remote Desktop Connection Display
      6. Planning for RDS
        1. Planning for Remote Desktop for Administration
        2. Planning for RD Session Host Requirements
        3. Planning for RD Session Host Sizing and Optimization
        4. Planning for RD Session Host Upgrades
        5. Planning the Physical Placement of RDS
        6. Planning for Networking Requirements
        7. Planning for RD Session Host Tolerance
      7. Deploying RDS
        1. Enabling Remote Desktop for Administration
        2. Deploying the Remote Desktop Service Role Service
        3. Making Applications Available for User Access
        4. Additional RD Session Host Server Configuration Tasks
      8. Deploying Virtual Desktops
        1. Installing the RD Virtualization Host Role Service and Configuration Settings
        2. Creating a Virtual Desktop Template
        3. Creating a Virtual Desktop Collection
        4. Accessing the VDI Guest Sessions
      9. Enabling RemoteFX
        1. Integrating and Supporting RemoteFX for VDI Guests
        2. Integrating and Supporting RemoteFX for RD Session Host Guests
      10. Securing and Supporting RDS
        1. Securely Building Remote Session Services
        2. Segmenting Resources
        3. Securing RDS with GPOs
        4. Network Level Authentication
        5. Changing the RDP Port
        6. Remotely Managing a Remote Desktop Session
        7. Managing RDS with PowerShell
        8. Group Policy for RD Session Host Servers
        9. Applying Service Packs and Updates
        10. Performing Disaster Recovery
      11. Summary
      12. Best Practices
  20. Part VIII: Desktop Administration
    1. Chapter 24. Windows Server 2016 Administration Tools for Desktops
      1. Managing Desktops and Servers
        1. Operating System Deployment to Bare-Metal Systems
        2. Managing Windows and Security Updates
        3. Supporting End Users and Remote Administration
      2. Operating System Deployment Options
        1. Manual Installation Using Installation Media
        2. Unattended Installation
        3. Manufacturer-Assisted Installation
        4. Cloning or Imaging Systems
      3. Windows Server 2016 Windows Deployment Services
        1. WDS Image Types
        2. Boot Images
        3. Installation Images
        4. Discover Images
        5. Capture Images
      4. Installing Windows Deployment Services
        1. Configuring the WDS Server
        2. DHCP Configuration
        3. Adding a Boot Image to the WDS Server
        4. Adding Install Images to the WDS Server
        5. Deploying the First Install Image
        6. Creating Multicast Images
      5. Customizing Boot Images
        1. Adding Drivers to Boot and Discover Images
        2. WDS Boot and Install Image Troubleshooting
      6. Creating Discover Images
      7. Pre-Creating Active Directory Computer Accounts for WDS (Prestaged Systems)
      8. Creating Custom Installations Using Capture Images
      9. Automating Image Deployment Using Unattend Files
      10. General Desktop Administration Tasks
      11. Summary
      12. Best Practices
    2. Chapter 25. Group Policy Management for Network Clients
      1. The Need for Group Policies
      2. Windows Group Policies
        1. Local Computer Policy
        2. Local Security Policy
        3. Local Administrators and Non-Administrators User Policies
        4. Domain Group Policies
        5. Security Configuration Wizard
        6. Policy Processing Overview
      3. Group Policy Feature Set
        1. Computer Configuration Policy Node
        2. User Configuration Policy Node
      4. Planning Workgroup and Standalone Local Group Policy Configuration
        1. Creating Local Administrators and Non-Administrators Policies
      5. Planning Domain Group Policy Objects
        1. Policies and Preferences
        2. Domain GPOs
        3. Domain Controller GPOs
        4. Active Directory Site GPOs
        5. Small Business
        6. Delegated Administration
      6. Managing Computers with Domain Policies
        1. Creating a New Domain Group Policy Object
        2. Creating and Configuring GPO Links
        3. Managing User Account Control Settings
        4. Creating Application Control Policies (AppLocker)
      7. Configuring Preference Item-Level Targeting
        1. Configuring Remote Desktop and Remote Administration Support
        2. Configuring Basic Firewall Settings with Group Policy
        3. Configuring Windows Update Settings
        4. Configuring Power Options Using Domain Policies
        5. Managing Scheduled Tasks and Immediate Tasks with Domain Policies
      8. Managing Users with Policies
        1. Configuring Folder Redirection
        2. Removable Storage Access
        3. Managing Microsoft Management Console Access
      9. Managing Active Directory with Policies
        1. Fine-Grained Password Policies
        2. Configuring Restricted Groups to manage Computer Local Groups
        3. Synchronous Foreground Refresh
        4. GPO Modeling and GPO Results in the GPMC
        5. Managing Group Policy from Administrative or Remote Workstations
      10. Summary
      11. Best Practices
    3. Chapter 26. Storage
      1. Storage Spaces and Storage Pools
        1. Storage Spaces Direct
        2. Storage Replicas
        3. Storage Quality of Service (QoS)
        4. Windows Disk Properties
        5. Virtual Hard Disks
      2. Managing Windows Server 2016 Disks
        1. The Disk Management MMC Snap-In
        2. Diskpart.exe Command-Line Utility
        3. PowerShell Disk Management Cmdlets
        4. Server Manager File and Storage Services
        5. Adding New Disks and Volumes to Windows
        6. Working with Virtual Hard Disk Files
      3. Configuring Storage Spaces Direct
        1. Creating Virtual Disks
      4. Summary
      5. Best Practices
  21. Part IX: Fault-Tolerance Technologies
    1. Chapter 27. File System Management
      1. File System Access Services and Technologies
        1. Windows Folder Sharing
        2. DFS Namespaces and Replication
        3. WWW Directory Publishing
        4. File Transfer Protocol Service
        5. Server and Client for NFS
        6. Volume Shadow Copy Service
        7. BranchCache for Network Files
        8. Data Deduplication Service
        9. Continuously Available File Shares
        10. Distributed File System
        11. Distributed File System Replication
        12. iSCSI Target Server Service
      2. Adding the File and Storage Services Role
      3. Managing Data Access Using Windows Server 2016 Shares
        1. Share Permissions
        2. Access-Based Enumeration
        3. Share Caching and Offline Files
        4. BranchCache
      4. File Server Resource Manager
        1. Uses of File Server Resource Manager
        2. Leveraging the FSRM Features
      5. The Distributed File System
        1. DFS Namespaces
        2. DFS Replication
        3. DFS Terminology
        4. DFS Replication Terminology
      6. Planning a DFS Deployment
        1. Choosing a DFS Namespace Type
        2. Planning for DFS Replication
        3. Determining the Replication Topology
      7. Installing and Configuring DFS
        1. Creating the DFS Namespace and Root
        2. Adding an Additional Namespace Server to a Domain-Based Namespace
        3. Creating a DFS Folder and Replication Group
        4. Enabling Access-Based Enumeration on a Domain-Based Namespace in Windows Server 2008 Mode
        5. Disabling Replication for Extended Downtime
      8. Using the Volume Shadow Copy Service
        1. Using VSS and Windows Server Backup
        2. Configuring Shadow Copies
        3. Recovering Data Using Shadow Copies
      9. Configuring Data Deduplication
      10. Dynamic Access Control
        1. Creating DAC Claim Types
        2. Configuring DAC Resource Properties
        3. Adding Configured Resource Properties to a Resource Property List
        4. Creating a Central Access Rule
        5. Creating a Central Access Policy
        6. Creating and Assigning a Central Access Policy GPO to File Servers
        7. Enabling Kerberos Armoring for Domain Controllers
        8. Creating and Updating a File Share to Leverage Dynamic Access Control
        9. Configuring User Accounts and Testing Data Access
      11. Summary
      12. Best Practices
    2. Chapter 28. Operational Fault Tolerance (Clustering / Network Load Balancing)
      1. Building Fault-Tolerant Windows Server 2016 Systems
        1. Powering the Computer and Network Infrastructure
        2. Designing Fault-Tolerant IP Networks
        3. Designing Fault-Tolerant Server Disks
        4. Increasing Windows Server 2016 Role Availability
      2. Windows Server 2016 Clustering Technologies
        1. Windows Server 2016 Cluster Terminology
      3. Determining the Correct Clustering Technology
        1. Failover Clusters
        2. Network Load Balancing
        3. Network Teaming
      4. Overview of Failover Clusters
        1. Failover Cluster Quorum Models
        2. Choosing Applications for Failover Clusters
        3. Shared Storage for Failover Clusters
        4. Failover Cluster Node Operating System Selection
      5. Deploying Failover Clusters
        1. Installing the Failover Clustering Feature and Tools
        2. Configuring Disks for Cluster Usage
        3. Running the Validate a Configuration Wizard
        4. Creating a Failover Cluster
        5. Configuring Cluster Networks
        6. Adding Nodes to the Cluster
        7. Adding Storage to the Cluster
        8. Cluster Quorum Configuration
        9. Enabling Cluster Shared Volumes
        10. Deploying Roles on Failover Clusters
        11. Configuring Failover and Failback
        12. Testing Failover Clusters
        13. Failover Cluster Maintenance
        14. Cluster-Aware Updating
        15. Removing Nodes from a Failover Cluster
        16. Cluster Migration and Upgrades
      6. Backing Up and Restoring Failover Clusters
        1. Failover Cluster Node: Backup Best Practices
        2. Restoring an Entire Cluster to a Previous State
      7. Deploying Network Load-Balancing Clusters
        1. NLB Applications and Services
        2. Installing the Network Load-Balancing Feature
        3. Creating Port Rules
        4. Port Rules Filtering Mode and Affinity
        5. Using Cluster Operation Mode
        6. Configuring Network Cards for NLB
        7. Creating an NLB Cluster
        8. Adding Additional Nodes to an Existing NLB Cluster
      8. Managing NLB Clusters
        1. Backing Up and Restoring NLB Nodes
        2. Performing Maintenance on an NLB Cluster Node
      9. Network Teaming
      10. Summary
      11. Best Practices
    3. Chapter 29. Backing Up the Windows Server 2016 Environment
      1. Understanding Your Backup and Recovery Needs and Options
        1. Identifying the Different Services and Technologies
        2. Identifying Single Points of Failure
        3. Evaluating Different Disaster Scenarios
        4. Prioritizing the Recovery
        5. Identifying Bare Minimum Services
      2. Creating the Disaster Recovery Solution
        1. Disaster Recovery Solution Overview Document
        2. Getting Disaster Recovery Solutions Approved
      3. Documenting the Enterprise
      4. Developing a Backup Strategy
        1. Assigning Tasks and Designating Team Members
        2. Creating Regular Backup Procedures
      5. Windows Server Backup Overview
        1. Backup Storage Support and Media Management
        2. Backup Media Files
        3. Backup Options
        4. Windows Server Backup Console
        5. Windows Backup Command-Line Utility
        6. Windows Server Backup PowerShell Cmdlets
      6. Using Windows Server Backup
        1. Installing Windows Server Backup
        2. Scheduling a Backup Using Windows Server Backup and Allocating Disks
        3. Running a Backup to a Shared Network Folder
        4. Storing a Backup on DVD
      7. Managing Backups Using the Command-Line Utility Wbadmin.exe and Windows PowerShell Cmdlets
        1. Viewing Backup History
        2. Running a Manual System-State Backup to Remote Storage Using Wbadmin.exe and PowerShell
        3. Backing Up the System State Using the GUI
      8. Backing Up Active Directory
        1. Exporting Active Directory Object Data Using PowerShell
        2. Accidental-Deletion Protection
        3. Using the Directory Services Restore Mode Password
        4. Active Directory Recycle Bin
      9. Backing Up Windows Server 2016 Roles
        1. Distributed File System Backup
        2. Internet Information Services
      10. Volume Shadow Copy Service
        1. Enabling Shadow Copies for Shared Volumes
      11. Extending Server Backup to the Enterprise with Data Protection Manager 2016
      12. Summary
      13. Best Practices
    4. Chapter 30. Recovering from a Disaster
      1. Ongoing Backup and Recovery Preparedness
        1. Project Management Office
        2. Change Control
        3. Disaster Recovery Delegation of Responsibilities
      2. When Disasters Strike
        1. Qualifying the Disaster or Failure
        2. Validating Priorities
        3. Synchronizing with Business Owners
        4. Communicating with Vendors and Staff
        5. Assigning Tasks and Scheduling Resources
        6. Recovering the Infrastructure
        7. Postmortem Meeting
      3. Disaster Scenario Troubleshooting
        1. Network Outage
        2. Physical Site Failure
        3. Server or System Failure
      4. Recovering from a Server or System Failure
        1. Access Issues
        2. Data Corruption and File and Folder Recovery
      5. Managing and Accessing Windows Server Backup Media
        1. Windows Server Backup Dedicated Disks
        2. Network Shared Folders
      6. Windows Server Backup Volume Recovery
        1. Windows Server 2016 Data Volume Recovery
        2. Windows Server 2016 System Volume Recovery
        3. Windows System Image Recovery
      7. Recovering Role Services and Features
        1. Windows Server 2016 System-State Recovery
        2. Active Directory Recycle Bin Recovery
        3. System-State Recovery for Domain Controllers
      8. Summary
      9. Best Practices
  22. Part X: Optimizing, Tuning, Debugging, and Problem Solving
    1. Chapter 31. Optimizing Windows Server 2016 for Branch Office Communications
      1. Key Branch Office Features in Windows Server 2016
      2. Understanding Read-Only Domain Controllers
        1. Branch Office Concerns and Dilemmas
        2. Understanding When to Leverage RODCs
        3. Installing a Read-Only Domain Controller
      3. Using BitLocker with Windows Server 2016
        1. Understanding BitLocker Drive Encryption in Windows Server 2016
        2. Comprehending BitLocker’s Drive Encryption Hardware Requirements
        3. Understanding BitLocker Deployment Scenarios
        4. Configuring BitLocker Drive Encryption on a Windows Server 2016 Branch Office Domain Controller
        5. Installing the BitLocker Drive Encryption Feature
        6. Configuring the System Partitions for BitLocker
        7. Enabling BitLocker Drive Encryption
        8. Utilizing the BitLocker Recovery Password
        9. Removing BitLocker Drive Encryption
      4. BranchCache in Windows Server 2016
        1. Features in Windows Server 2016 BranchCache
        2. Planning and Deploying BranchCache
      5. Printing with Branch Office Direct Printing
        1. Configuring Windows Server 2016 for Branch Office Direct Printing
      6. Summary
      7. Best Practices
    2. Chapter 32. Logging and Debugging
      1. Using the Task Manager for Logging and Debugging
        1. Monitoring Processes
        2. Monitoring Performance
        3. Monitoring User Activity
        4. Monitoring Details
        5. Monitoring Services
        6. Related PowerShell Functionality
        7. Examples
      2. Using Event Viewer for Logging and Debugging
        1. Examining the Event Viewer User Interface
        2. Conducting Additional Event Viewer Management Tasks
        3. Related PowerShell Functionality
      3. Performance Monitoring
        1. Performance Monitor Overview
        2. Performance Monitor
        3. Data Collector Sets
        4. Reports
        5. Resource Monitor
        6. Related PowerShell Functionality
        7. Server Manager
      4. Setting Baseline Values
        1. Reducing Performance Monitoring Overhead
        2. Important Objects to Monitor
      5. Using the Debugging Tools Available in Windows Server 2016
        1. Best Practices Analyzer Tools
        2. TCP/IP Tools
        3. Other Useful Troubleshooting Command-Line Tools
        4. System Startup and Recovery
        5. Windows Memory Diagnostics Tool
      6. Task Scheduler
        1. Understanding Task Scheduler
        2. Understanding Trigger Options and Settings
        3. Understanding the Advanced Settings Associated with Triggers
        4. Actions Associated with a Task
        5. Understanding Conditions Associated with a Task
        6. Understanding Task Settings
        7. Viewing Task History
      7. Summary
      8. Best Practices
    3. Chapter 33. Capacity Analysis and Performance Optimization
      1. Defining Capacity Analysis
        1. The Benefits of Capacity Analysis and Performance Optimization
        2. Establishing Policy and Metric Baselines
        3. Benchmark Baselines
      2. Using Capacity-Analysis Tools
        1. Task Manager
        2. Network Monitor
        3. Windows Performance Monitor
        4. Other Microsoft Assessment and Planning Tools
        5. Third-Party Toolset
      3. Monitoring System Performance
        1. Key Elements to Monitor for Bottlenecks
        2. Monitoring System Memory and Pagefile Usage
        3. Analyzing Processor Usage
        4. Evaluating the Disk Subsystem
        5. Monitoring the Network Subsystem
      4. Optimizing Performance by Server Roles
        1. Domain Controllers
        2. Remote Desktop Services Server
        3. Hyper-V Servers
      5. Summary
      6. Best Practices
  23. Part XI: Integrated Windows Application Services
    1. Chapter 34. SharePoint 2016 Products
      1. History of SharePoint Technologies
        1. Understanding the Need for SharePoint 2016 Products
      2. Identifying the Need for SharePoint 2016 Products
        1. Customizing SharePoint 2016 Products to Organizational Needs
        2. New Features and Services in SharePoint 2016
        3. Choosing Your SharePoint 2016 Service
      3. Designing a SharePoint 2016 Farm
        1. Outlining SharePoint 2016 Requirements
      4. Exploring a Basic SharePoint 2016 Site
      5. Lists and Libraries in SharePoint 2016
        1. Libraries in SharePoint 2016
        2. SharePoint 2016 Lists Demystified
      6. Managing the Site Collection
        1. Using the Site Settings Pages to Manage Sites and Subsites
        2. Reviewing Central Administration Tools
      7. Summary
      8. Best Practices
    2. Chapter 35. Windows Server Virtualization
      1. Understanding Microsoft’s Virtualization Strategy
        1. History of Windows Virtualization
      2. Integration of Hypervisor Technology in Windows Server
        1. Windows Server Hyper-V
        2. Microsoft Hyper-V Server as a Role in Windows Server 2016
        3. New and Improved Windows Server 2016 Hyper-V
        4. Production checkpoints
        5. Host Resource Protection
        6. Hot add and remove for network adapters and memory
        7. Discrete device assignment protection
        8. Nested virtualization
        9. Windows PowerShell Direct
        10. Linux Secure Boot
        11. Shared virtual hard disks
        12. Hyper-V Manager Improvements
        13. New Storage Quality of Service (QoS)
        14. Integration services delivered through Windows Update
      3. Windows Containers and Hyper-V Containers in Windows Server 2016
      4. Planning Your Implementation of Hyper-V
        1. Sizing Your Windows Server 2016 Server to Support Virtualization
        2. Running Other Services on the Hyper-V System
        3. Planning for the Use of Snapshots on the Hyper-V System
      5. Installing the Microsoft Hyper-V Role
        1. Installing Windows Server 2016 as the Host Operating System
        2. Running Server Manager to Add the Hyper-V Role
        3. Installing the Hyper-V Role Using PowerShell
      6. Becoming Familiar with the Hyper-V Administrative Console
        1. Launching the Hyper-V Administrative Console
        2. Navigating and Configuring Host Server Settings
      7. Installing a Guest Operating System Session
        1. Gathering the Components Needed for a Guest Session
        2. Beginning the Installation of the Guest Session
        3. Completing the Installation of the Guest Session
      8. Modifying Guest Session Configuration Settings
        1. Adding or Limiting the RAM of the Guest Session
        2. Changing Network Settings for the Guest Session
        3. Mounting a Physical CD/DVD Image or Mounting a CD/DVD Image File
        4. Other Settings to Modify for a Guest Session Configuration
      9. Launching a Hyper-V Guest Session
        1. Automatically Launching a Guest Session
        2. Manually Launching a Guest Session
        3. Save State of a Guest Session
      10. Using Snapshots of Guest Operating System Sessions
        1. Snapshots for Image Rollback
        2. Snapshots for Guest Session Server Fault Tolerance
        3. Creating a Snapshot of a Guest Image
        4. Rolling Back a Guest Image to a Previous Snapshot Image
        5. Reverting a Snapshot Session
      11. Quick Migration and Live Migration
        1. Quick Migration
        2. Live Migration
        3. Configuring the Cluster Quorum Witness Disk
        4. Installing the Failover Clustering Feature
        5. Running the Validate a Configuration Wizard
        6. Creating a Node and Disk Majority Cluster
        7. Adding Additional Shared Storage
        8. Configuring Hyper-V over SMB
        9. Deploying New Virtual Machines on a Hyper-V Failover Cluster
        10. Deploying Existing Virtual Machines on Failover Clusters
        11. Performing a Live Migration
        12. Performing a Quick Migration
      12. Utilizing Hyper-V Replica for Site-to-Site Redundancy
        1. Initial Hyper-V Replica Configuration
        2. Initiating a Guest Session to Replicate to Another Host Server
        3. Checking Hyper-V Replication Health
        4. Planned Failover from Source to Destination Hyper-V Replica
        5. Unplanned Failover to Destination Hyper-V Replica
        6. Options in Hyper-V Replication Failover
      13. Hyper-V Containers in Windows Server 2016
      14. Windows Docker Containers
        1. Build and run your first Windows Docker
      15. Summary
      16. Best Practices
    3. Chapter 36. Integrating System Center Operations Manager 2016 with Windows Server 2016
      1. Windows Server 2016 Monitoring
      2. Understanding How OpsMgr Works
        1. Processing Operational Data
        2. Generating Alerts and Responses
        3. Reporting from OpsMgr
      3. OpsMgr Architecture Components
        1. The Agent Component
        2. The Management Server Component
        3. The OperationsManager Database Component
        4. The Reporting Data Warehouse Component
        5. The Reporting Server Component
        6. The Operations Console Component
        7. The Web Console Component
        8. The Command Shell Component
        9. The Gateway Component
      4. Securing OpsMgr
        1. Role-Based Security Model
        2. Securing OpsMgr Agents
        3. Understanding Firewall Requirements
        4. Action and RunAs Account Security
        5. Securing DMZ Servers with Certificates
      5. Fault Tolerance and Disaster Recovery
        1. Management Group Redundancy
        2. Resource Pools
        3. Clustering and Operations Manager
        4. Disaster Recovery
      6. Understanding OpsMgr Components
        1. Exploring Hardware Requirements
        2. Determining Software Requirements
        3. Network Bandwidth Requirements
        4. Sizing the OpsMgr Databases
        5. Monitoring Non-Domain Member Considerations
      7. Putting it All Together in a Design
        1. Small Enterprise Design
        2. Medium Enterprise Design
        3. Large Enterprise Design
      8. Summary
      9. Best Practices
  24. Index

Product information

  • Title: Windows Server 2016: Unleashed
  • Author(s): Rand Morimoto, Jeffrey Shapiro, Guy Yardeni, Omar Droubi, Michael Noel, Andrew Abbate, Chris Amaris
  • Release date: September 2017
  • Publisher(s): Sams
  • ISBN: 9780134583822