O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Windows Server 2016 Inside Out, First Edition

Book Description

Conquer Windows Server 2016–from the inside out!

Dive into Windows Server 2016–and really put your Windows Server expertise to work. Focusing on Windows Server 2016’s most powerful and innovative features, this supremely organized reference packs hundreds of timesaving solutions, tips, and workarounds–all you need to plan, implement, or manage Windows Server in enterprise, data center, cloud, and hybrid environments. Fully reflecting Windows Server new capabilities for the cloud-first era, Orin covers everything from Nano Server to Windows Server and Hyper-V Containers. You’ll discover how experts tackle today’s essential tasks–and challenge yourself to new levels of mastery.

• Optimize the full Windows Server 2016 lifecycle, from planning and configuration through rollout and administration

• Ensure fast, reliable upgrades and migrations

• Seamlessly deliver core DNS, DHCP, file, print, storage, and Internet services

• Use IPAM to centrally manage all enterprise DNS and DHCP infrastructure

• Gain dramatic storage utilization improvements with built-in deduplication and storage replica

• Build flexible cloud and hybrid environments with Windows Containers and Shielded VMs

• Seamlessly integrate Azure IaaS services with Windows Server 2016

• Slash resource usage and improve availability with tiny Nano Server installations

• Improve configuration management with Desired State Configuration and Chef

• Deliver Active Directory identity, certificate, federation, and rights management services

• Protect servers, clients, assets, and users with advanced Windows Server 2016 security features including Just Enough Administration


For Experienced Windows Server Users and IT Professionals

• Your role: Experienced intermediate-to-advanced level Windows Server user or IT professional

• Prerequisites: Basic understanding of Windows Server procedures, techniques, and navigation

Current Book Service 

In addition, this book is part of the Current Book Service from Microsoft Press. Books in this program receive periodic updates to address significant software changes for 12 to 18 months following the original publication date via a free Web Edition. 

Learn more at https://www.microsoftpressstore.com/cbs.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Contents at a glance
  5. Table of contents
  6. Introduction
    1. Who this book is for
    2. Book features & conventions
      1. Text conventions
      2. Book features
    3. Current Book Service
      1. How to register your book
      2. Find out about updates
    4. Support & feedback
      1. Errata & support
      2. We want to hear from you
      3. Stay in touch
  7. Chapter 01. Administration Tools
    1. Remote not local
    2. Privileged Access Workstations
    3. Remote Server Administration Tools
      1. RSAT consoles
      2. Server Manager console
    4. PowerShell
      1. Modules
      2. PowerShell Gallery
      3. Remoting
      4. One to many remoting
      5. PowerShell ISE
      6. PowerShell Direct
    5. Remote Desktop
  8. Chapter 02. Installation Options
    1. Windows Server 2016 editions
    2. Windows Server servicing branches
      1. LTSB
      2. CBB
    3. Server Core
      1. Server Core interface
      2. Server Core Roles
      3. When to deploy Server Core
    4. Server with GUI
    5. Roles and Features
    6. Nano Server
      1. Nano Server Console
      2. Supported Roles and Features
      3. Domain Join
      4. Creating Nano Server Images
  9. Chapter 03. Deployment and configuration
    1. Bare metal versus virtualized
    2. Windows images
      1. Modifying Windows images
      2. Servicing Windows images
      3. Mounting images
      4. Adding drivers and updates to images
      5. Adding roles and features
      6. Committing an image
      7. Build and capture
    3. Answer files
    4. Windows Deployment Services
      1. WDS requirements
      2. Managing images
      3. Configuring WDS
      4. Configuring transmissions
      5. Driver groups and packages
    5. Virtual Machine Manager
      1. Virtual machine templates
      2. VMM storage
      3. VMM networking
      4. Adding a WDS to VMM
      5. VMM host groups
    6. Infrastructure configuration as code
    7. Desired State Configuration
      1. DSC configuration files
      2. Local Configuration Manager
      3. DSC resources
      4. DSC push model
      5. DSC pull server
    8. Chef
      1. Chef servers
      2. Chef Development Kit
      3. Deploying Chef agents
      4. Deploying Chef cookbooks and recipes
    9. Puppet
      1. Puppet master server
      2. Deploying Puppet agent to Windows Server
      3. Managing Windows Server Configuration
      4. Puppet Windows module pack
    10. Package management utilities
      1. PowerShell Gallery
      2. Nano Server package provider
      3. Chocolatey
  10. Chapter 04. Active Directory
    1. Managing Active Directory
      1. Remote rather than local administration
      2. Active Directory Administrative Center
      3. Active Directory Users and Computers
      4. Active Directory Sites and Services
      5. Active Directory Domains and Trusts
    2. Domain Controllers
      1. Deployment
      2. Server Core
      3. Global catalog servers
      4. Read Only Domain Controllers
      5. Virtual domain controller cloning
    3. AD DS Structure
      1. Domains
      2. Domain functional levels
      3. Forests
      4. Account and resource forests
      5. Organizational Units
      6. Flexible Single Master Operations (FSMO) roles
    4. Accounts
      1. User accounts
      2. Computer accounts
      3. Group accounts
      4. Default groups
      5. Service accounts
    5. Group policy
      1. GPO Management
      2. Policy processing
      3. Group Policy Preferences
      4. Administrative templates
    6. Restoring deleted items
      1. Active Directory Recycle Bin
      2. Authoritative restore
      3. Active Directory snapshots
    7. Managing AD DS with PowerShell
      1. Active Directory module
      2. Group Policy module
      3. ADDSDeployment module
  11. Chapter 05. DNS, DNS and IPAM
    1. DNS
      1. DNS zone types
      2. Zone delegation
      3. Forwarders and conditional forwarders
      4. Stub zones
      5. GlobalNames zones
      6. Peer Name Resolution Protocol
      7. Resource records
      8. Zone aging and scavenging
      9. DNSSEC
      10. DNS event logs
      11. DNS options
      12. Delegated administration
      13. Managing DNS with PowerShell
    2. DHCP
      1. Scopes
      2. Server and scope options
      3. Reservations
      4. DHCP filtering
      5. Superscopes
      6. Multicast scopes
      7. Split scopes
      8. Name protection
      9. DHCP failover
      10. Administration
    3. IPAM
      1. Deploy IPAM
      2. Configure server discovery
      3. IPAM administration
      4. Managing IPAM with PowerShell
  12. Chapter 06. Hyper-V
    1. Dynamic Memory
    2. Smart paging
    3. Resource metering
    4. Guest integration services
    5. Generation 2 VMs
    6. Enhanced Session Mode
    7. RemoteFX
    8. Nested virtualization
      1. Nested virtualization dynamic memory
      2. Nested virtualization networking
    9. PowerShell Direct
    10. Virtual hard disks
      1. Fixed sized disks
      2. Dynamically expanding disks
      3. Differencing disks
      4. Differencing drives
      5. Modifying virtual hard disks
      6. Pass through disks
    11. Managing checkpoints
    12. Virtual Fibre Channel adapters
    13. Storage QoS
    14. Hyper-V storage optimization
      1. Deduplication
      2. Storage tiering
    15. Hyper-V virtual switches
      1. External switches
      2. Internal switches
      3. Private switches
    16. Virtual machine network adapters
    17. Optimizing network performance
      1. Bandwidth management
      2. SR-IOV
      3. Dynamic Virtual Machine Queue
      4. Virtual machine NIC teaming
    18. Virtual Machine MAC addresses
    19. Network isolation
    20. Hyper-V Replica
      1. Configuring Hyper-V replica servers
      2. Configuring VM replicas
      3. Replica failover
      4. Hyper-V replica broker
    21. Hyper-V failover clusters
      1. Hyper-V host cluster storage
      2. Cluster quorum
      3. Cluster networking
      4. Force Quorum Resiliency
      5. Cluster Shared Volumes
      6. Active Directory detached clusters
      7. Preferred owner and failover settings
    22. Hyper-V guest clusters
      1. Hyper-V guest cluster storage
      2. Shared virtual hard disk
    23. Live migration
    24. Storage migration
    25. Exporting, importing and copying VMs
    26. VM Network Health Detection
    27. VM drain on shutdown
    28. Domain controller cloning
    29. Shielded virtual machines
    30. Managing Hyper-V using PowerShell
  13. Chapter 07. Storage Services
    1. Storage spaces and storage pools
      1. Storage pools
      2. Storage space resiliency
      3. Storage space tiering
      4. Thin Provisioning and Trim
      5. Creating virtual disks
      6. Storage Spaces Direct
    2. Storage Replica
      1. Supported configurations
      2. Configuring replication
    3. SMB 3.1.1
    4. iSCSI
    5. iSNS Server
    6. Scale Out File Servers
    7. NFS
    8. Deduplication
    9. Storage Quality of Service
    10. ReFS
    11. Storage related PowerShell cmdlets
      1. Deduplication
      2. iSCSI
      3. iSCSITarget
      4. NFS
      5. Storage
      6. StorageReplica
  14. Chapter 08. File servers
    1. Shared folder permissions
      1. Using File Explorer
      2. Server Manager
    2. File Server Resource Manager
      1. Folder level quotas
      2. File screens
      3. Storage reports
      4. File classification
      5. File management tasks
    3. Distributed File System
      1. DFS namespace
      2. DFS replication
    4. BranchCache
    5. PowerShell commands
      1. Shared Folder cmdlets
      2. File Server Resource Manager cmdlets
      3. BranchCache Cmdlets
      4. DFS Cmdlets
      5. Dynamic Access Control cmdlets
  15. Chapter 09. Internet Information Services
    1. Managing sites
      1. Adding websites
      2. Virtual directories
      3. Adding web applications
      4. Configuring TLS certificates
      5. Site authentication
      6. Modifying custom error response
      7. Adding or disabling the default document
      8. Directory browsing
      9. IP address and domain name filtering
      10. URL authorization rules
      11. Request filters
    2. Application pools
      1. Creating application pools
      2. Configuring application pool recycling settings
    3. IIS users and delegation
      1. IIS user accounts
      2. Delegating administrative permissions
    4. Managing FTP
    5. Managing IIS using PowerShell
  16. Chapter 10. Containers
    1. Container concepts
    2. Container types
      1. Windows Server Containers
      2. Hyper-V Containers
      3. Server Core and Nano images
    3. Managing Containers with Docker
      1. Installing Docker
      2. Demon.json
      3. Retrieving Container OS image
      4. Container registries and images
    4. Managing containers
      1. Starting a container
      2. Modifying a running container
      3. Creating a new image from a container
      4. Using dockerfiles
      5. Managing container images
      6. Service accounts for Windows containers
    5. Applying updates
    6. Container networking
      1. NAT
      2. Transparent
      3. Overlay
      4. Layer 2 Bridge
    7. Swarm mode
      1. Creating swarm clusters
      2. Creating overlay networks
      3. Deploying and scaling swarm services
  17. Chapter 11. Clustering and High Availability
    1. Failover clustering
      1. Cluster quorum modes
      2. Cluster Storage and Cluster Shared Volumes
      3. Cluster Networks
      4. Cluster Aware Updating
      5. Failover and Preference Settings
      6. Multi-site clusters and Cloud Witness
      7. Virtual Machine Failover Clustering
      8. Rolling upgrades
      9. Managing Failover clustering with PowerShell
    2. Network Load Balancing
      1. Network Load Balancing prerequisites
      2. NLB cluster operation modes
      3. Managing cluster hosts
      4. Port rules
      5. Filtering and Affinity
      6. Managing NLB with PowerShell
  18. Chapter 12. Active Directory Certificate Services
    1. CA types
      1. Enterprise CA
      2. Standalone CAs
    2. Certificate revocation lists
      1. CRL distribution points
      2. Authority Information Access
      3. Revoking a certificate
      4. Publishing CRLs and delta-CRLs
    3. Certificate services role services
    4. Certificate Templates
      1. Template properties
      2. Adding and editing templates
    5. Certificate autoenrollment and renewal
    6. CA management
      1. Handling certificate requests
      2. CA backup and recovery
      3. Key archiving and recovery
      4. CAPolicy.inf
      5. Managing Certificate Services using PowerShell
      6. Managing certificate services using Certutil.exe and Certreq.exe
  19. Chapter 13. Active Directory Federation Services
    1. AD FS components
    2. Claims, claim rules, and attribute stores
    3. Claims provider
    4. Relying party
    5. Relying party trust
    6. Claims provider trust
    7. Configuring certificate relationship
    8. Attribute stores
    9. Claim rules
      1. Relying party trust claim rules
      2. Claims provider trust claim rules
    10. Configure web application proxy
    11. Workplace Join
    12. Multi-factor authentication
    13. Managing AD FS with PowerShell
    14. Managing Web Application Proxy with PowerShell
  20. Chapter 14. Dynamic Access Control and Active Directory Rights Management Services
    1. Dynamic Access Control
    2. Configuring Group Policy to support DAC
    3. Configuring User and Device Claims
    4. Configuring Resource Properties
    5. Central Access Rules
    6. Central Access Policies
    7. Staging
    8. Access Denied Assistance
    9. Installing AD RMS
    10. AD RMS certificates and licenses
    11. AD RMS Templates
    12. AD RMS administrators and super users
    13. Trusted User and Publishing Domains
    14. Exclusion policies
      1. Apply AD RMS templates automatically
    15. Managing AD RMS with Windows PowerShell
  21. Chapter 15. Network Policy and Access Services
    1. Remote Desktop Gateway
      1. RD Gateway connection and resource policies
      2. Configuring server settings
      3. Configuring clients to use RD Gateway
    2. Virtual Private Networks
      1. IKEv2 VPN protocol
      2. SSTP VPN protocol
      3. L2TP/IPsec protocols
      4. PPTP VPN protocol
      5. VPN authentication
      6. Deploying a VPN server
      7. Disable VPN protocols
      8. Granting Access to a VPN server
    3. LAN routing
    4. Network Address Translation (NAT)
    5. DirectAccess
      1. DirectAccess topologies
      2. DirectAccess server
      3. Network Location Server
      4. Configuring DirectAccess
    6. Managing Remote Access using PowerShell
  22. Chapter 16. Remote Desktop Services
    1. Deployment
    2. Remote Desktop Connection Broker
    3. Deployment properties
    4. Remote Desktop Session Host
      1. Session collection settings
      2. Personal session desktops
      3. RemoteApp
      4. Group Policy configuration
    5. Remote Desktop Virtualization Host
      1. Virtual machine preparation
      2. Virtual desktop collections
      3. Pooled virtual desktops
      4. Personal virtual desktops
      5. RemoteFX
    6. Remote Desktop Web Access
    7. Remote Desktop Licensing
      1. Installing RDS CALs
      2. Activating a license server
    8. Managing Remote Desktop Services Using PowerShell
  23. Chapter 17. Windows Server 2016 and Azure IaaS
    1. Understanding IaaS
      1. Resource groups
      2. Storage accounts
      3. Azure virtual networks
      4. VM types
    2. Deploying an IaaS VM
      1. IP addressing
      2. Network security groups
    3. Remote Desktop
    4. Azure AD Domain Join
    5. Encrypted VMs
      1. High Availability
      2. Monitoring and diagnostics
    6. VPN and ExpressRoute
      1. Azure site-to-site VPN
      2. Azure point-to-site VPN
      3. ExpressRoute
    7. Importing virtual machine images
    8. Azure Site Recovery
  24. Chapter 18. Security
    1. Least privilege
    2. Role Based Access Control
    3. Password policies
    4. User rights
    5. Account security options
    6. Service accounts
    7. Protected accounts
    8. Authentication policies and silos
    9. Credential Guard
    10. Just Enough Administration
      1. Role-capability files
      2. Session-configuration files
      3. JEA endpoints
    11. Enhanced Security Administrative Environment forest
    12. Privileged Access Management
      1. PAM benefits
      2. PAM components
      3. PAM users and groups
      4. PAM roles
    13. Local Administrator Password Solution
    14. WSUS
      1. Products, security classifications, and languages
      2. Autonomous and replica modes
      3. Update files
      4. WSUS security roles
      5. WSUS groups
      6. WSUS policies
      7. Deploying updates
      8. Automatic approval rules
    15. Device Guard
    16. Shielded VMs
      1. Guarded fabric
    17. Windows Defender
    18. Windows Firewall with Advanced Security
      1. Firewall profiles
      2. Inbound rules
      3. Creating outbound rules
      4. Configuring IPsec
      5. Connection security rules
  25. Chapter 19. Monitoring and maintenance
    1. Data collector sets
    2. Alerts
    3. Event Viewer
      1. Event log filters
      2. Event log views
      3. Event subscriptions
      4. Event-driven tasks
    4. Network monitoring
      1. Resource Monitor
      2. Message Analyzer
    5. Advanced auditing
      1. Expression-based audit policies
      2. File and folder auditing
      3. Using auditpol with auditing
    6. Windows Server Backup
      1. Backup locations
      2. Backing up data
      3. Role- and application-specific backups
      4. Restore from backups
      5. Restore to an alternative location
    7. Azure Backup Agent
      1. Preparing for Azure Backup Agent
      2. Backing up data to Azure Backup Agent
      3. Restore from Azure Backup
    8. Vssadmin
    9. Safe Mode and Last Known Good Configuration
    10. Configure the Boot Configuration Data store
    11. Monitoring and maintenance related PowerShell cmdlets
  26. Chapter 20. Upgrade and Migration
    1. Supported Upgrade and Migration paths
      1. Upgrading Roles and Features
      2. Converting evaluation version to licensed version
      3. Upgrading editions
      4. Windows Server Migration Tools
    2. Active Directory
      1. FRS to DFSR migration
      2. Migrating to a new forest
    3. Active Directory Certificate Services
      1. Preparation
      2. Migration
      3. Verification and post migration tasks
    4. DNS
    5. DHCP
      1. Preparing to migrate DHCP
      2. Migration
      3. Verification and Post Migration Tasks
    6. File and Storage Servers
      1. Migration permissions
      2. Preparing to migrate
      3. Migrating File and Storage Services
    7. Microsoft Server application compatibility
  27. Chapter 21. Troubleshooting
    1. Troubleshooting methodology
      1. Redeployment
      2. Symptoms and diagnosis
      3. Ranking hypothetical solutions
      4. Applying solutions
    2. Operations Management Suite Log Analytics
    3. Sysinternals tools
      1. Process Explorer
      2. Process Monitor
      3. ProcDump
      4. PsTools
      5. VMMap
      6. SigCheck
      7. AccessChk
      8. Sysmon
      9. AccessEnum
      10. ShellRunAs
      11. LogonSessions
      12. Active Directory Explorer
      13. Insight for Active Directory
      14. PsPing
      15. RAMMap
  28. Index
  29. About the author