Cover image for Mastering Windows Server 2019 - Third Edition

Mastering Windows Server 2019 - Third Edition

Release Date: 2021/07/01
ISBN: 9781801078313
Topic:
0%
23
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Enhance and secure your datacenter with Microsoft Windows Server 2019

Key Features

  • Updated with four new chapters on Active Directory, DNS and DHCP, group policy, and troubleshooting
  • Design and implement Microsoft Server 2019 in an enterprise environment
  • Learn how to use Windows Server to create secure and efficient networks

Book Description

Windows Server 2019 has a lot to offer, with a variety of roles, features, toolsets, and server management interfaces that allow interaction with your servers from virtually anywhere in the world. This updated edition comes with four new chapters to provide you with the in-depth knowledge needed to implement and use this operating system in any environment.

Centralized management, monitoring, and configuration of servers are key to an efficient IT department. This book delves into multiple methods for quickly managing all your servers from a 'single pane of glass' — the ability to monitor different servers across a network using Server Manager, Windows PowerShell, and even Windows Admin Center — from anywhere. Despite the book being more focused on Windows Server 2019 LTSC, you will still explore containers and Nano Server, which are more related to the SAC of server releases. This additional coverage will give you insights into all aspects of using Windows Server 2019 in your environment.

This book covers a range of remote access technologies available in this operating system, teaches management of PKI and certificates, and empowers you to virtualize your datacenter with Hyper-V. You will also discover the tools and software included with Windows Server 2019 that assist in the inevitable troubleshooting of problems that crop up.

What you will learn

  • Work with Server Core and Windows Admin Center
  • Secure your network and data with modern technologies in Windows Server 2019
  • Understand containers and understand when to use Nano Server
  • Discover new ways to integrate your datacenter with Microsoft Azure
  • Reinforce and secure your Windows Server
  • Virtualize your datacenter with Hyper-V
  • Explore Server Manager, PowerShell, and Windows Admin Center
  • Centralize your information and services using Active Directory and Group Policy

Who this book is for

If you are a system administrator or an IT professional designing and deploying Windows Server 2019, this book is for you. Prior experience with Windows Server operating systems and familiarity with networking concepts is required.

Table of Contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Get in touch
  2. Getting Started with Windows Server 2019
    1. The purpose of Windows Server
    2. It's getting cloudy out there
    3. The public cloud
    4. The private cloud
    5. Windows Server versions and licensing
    6. Standard versus Datacenter
    7. Three different interfaces
    8. Desktop Experience
    9. Server Core
    10. Nano Server – now only for containers
    11. Licensing models – SAC and LTSC
    12. Semi-Annual Channel (SAC)
    13. Long-Term Servicing Channel (LTSC)
    14. Overview of new and updated features
    15. The Windows 10 experience continued
    16. Hyper-Converged Infrastructure
    17. Windows Admin Center
    18. Windows Defender Advanced Threat Protection
    19. Banned passwords
    20. Soft restart
    21. Integration with Linux
    22. SAC releases are shrinking!
    23. Enhanced shielded virtual machines
    24. Azure Network Adapter
    25. Always On VPN
    26. System Insights
    27. Windows Server 2019 interface
    28. The updated Start menu
    29. The Quick Admin Tasks menu
    30. Using the Search function
    31. Pinning programs to the taskbar
    32. The power of right-clicking
    33. Using the newer Settings screen
    34. Two ways to do the same thing
    35. Creating a new user through Control Panel
    36. Creating a new user through the Settings menu
    37. Task Manager
    38. Task View
    39. Summary
    40. Questions
  3. Installing and Managing Windows Server 2019
    1. Technical requirements
    2. Installing Windows Server 2019
    3. Burning that ISO
    4. Creating a bootable USB stick
    5. Running the installer
    6. Installing roles and features
    7. Installing a role using the wizard
    8. Installing a feature using PowerShell
    9. Centralized management and monitoring
    10. Server Manager
    11. Remote Server Administration Tools (RSAT)
    12. Does this mean RDP is dead?
    13. Remote Desktop Connection Manager
    14. Windows Admin Center (WAC)
    15. Installing Windows Admin Center
    16. Launching Windows Admin Center
    17. Adding more servers to Windows Admin Center
    18. Managing a server with Windows Admin Center
    19. Changes are easy as pie
    20. Azure integrations
    21. Enabling quick server rollouts with Sysprep
    22. Installing Windows Server 2019 onto a new server
    23. Configuring customizations and updates onto your new server
    24. Running Sysprep to prepare and shut down your master server
    25. Creating your master image of the drive
    26. Building new servers using copies of the master image
    27. Summary
    28. Questions
  4. Active Directory
    1. What is a domain controller?
    2. Active Directory Domain Services
    3. Creating your first domain
    4. Prep your domain controller
    5. Install the AD DS role
    6. Configure the domain
    7. Trees, forests, and…domains?
    8. Multiple domain controllers for redundancy
    9. Active Directory Users and Computers
    10. User accounts
    11. Security groups
    12. Prestaging computer accounts
    13. Active Directory Domains and Trusts
    14. Building a trust
    15. Network connectivity
    16. Conditional DNS forwarding
    17. Configuring the trust
    18. Test it out!
    19. Active Directory Sites and Services
    20. Active Directory Administrative Center
    21. Dynamic Access Control
    22. Fine-Grained Password Policy
    23. Read-only domain controllers
    24. Group Policy
    25. Summary
    26. Questions
  5. DNS and DHCP
    1. The purpose of DNS
    2. Types of DNS records
    3. Host record (A or AAAA)
    4. Alias record – CNAME
    5. Mail Exchanger (MX) record
    6. TXT record
    7. SPF Record
    8. Enforcement rule -all
    9. Name Server (NS) record
    10. Public name server records
    11. ipconfig /flushdns
    12. Split-brain DNS
    13. Types of DNS zones
    14. Active Directory Integrated Zones
    15. Forward Lookup Zones
    16. Reverse Lookup Zones
    17. Primary Zone
    18. Secondary Zone
    19. Stub Zone
    20. Creating a new zone
    21. IP addressing with DHCP
    22. Creating a DHCP scope
    23. Scope Options
    24. DHCP reservations
    25. DHCP failover
    26. Two DHCP servers
    27. Hot standby mode
    28. Load sharing mode
    29. Configuring DHCP failover
    30. IPAM
    31. Summary
    32. Questions
  6. Group Policy
    1. Group Policy Object
    2. Group Policy background refresh cycle
    3. Building a GPO
    4. Adding Trusted Sites
    5. Mapping network drives
    6. Installing registry keys
    7. Scoping a GPO
    8. Links
    9. GPRESULT
    10. Continuing with the link
    11. Group Policy processing order
    12. Local Policy
    13. Site-level policies
    14. Domain-level policies
    15. OU-level policies
    16. Security Filtering
    17. WMI Filtering
    18. Item-level targeting
    19. Delegation
    20. Computer settings and user settings
    21. Computer Configuration
    22. User Configuration
    23. Linking GPOs accordingly
    24. Group Policy loopback processing
    25. Policy vs preference
    26. Policies
    27. Preferences
    28. Default Domain Policy
    29. Administrative Templates
    30. Implementing ADMX/ADML files
    31. Central Store
    32. Enable the Central Store
    33. Populate the Central Store
    34. Summary
    35. Questions
  7. Certificates in Windows Server 2019
    1. Common certificate types
    2. User certificates
    3. Computer certificates
    4. SSL certificates
    5. Single-name certificates
    6. Multi-domain or subject alternative name certificates
    7. Wildcard certificates
    8. Planning your PKI
    9. Role services
    10. Enterprise versus Standalone
    11. Root versus subordinate (issuing)
    12. Naming your CA server
    13. Can I install the CA role onto a domain controller?
    14. Creating a new certificate template
    15. Issuing your new certificates
    16. Publishing the template
    17. Requesting a cert from MMC
    18. Requesting a certificate from the web interface
    19. Creating an auto-enrollment policy
    20. Obtaining a public-authority SSL certificate
    21. Public/private key pair
    22. Creating a certificate signing request
    23. Submitting the certificate request
    24. Downloading and installing your certificate
    25. Exporting and importing certificates
    26. Exporting from MMC
    27. Exporting from IIS
    28. Importing into a second server
    29. Summary
    30. Questions
  8. Networking with Windows Server 2019
    1. Introduction to IPv6
    2. Understanding IPv6 IP addresses
    3. Your networking toolbox
    4. ping
    5. tracert
    6. pathping
    7. Test-Connection
    8. Telnet
    9. Test-NetConnection
    10. Packet tracing with Wireshark
    11. TCPView
    12. Building a routing table
    13. Multi-homed servers
    14. Only one default gateway
    15. Building a route
    16. Adding a route with the Command Prompt
    17. Deleting a route
    18. Adding a route with PowerShell
    19. NIC Teaming
    20. Software-defined networking
    21. Hyper-V Network Virtualization
    22. Private clouds
    23. Hybrid clouds
    24. How does it work?
    25. System Center Virtual Machine Manager
    26. Network Controller
    27. Generic Routing Encapsulation
    28. Microsoft Azure Virtual Network
    29. RAS Gateway/SDN Gateway
    30. Virtual network encryption
    31. Bridging the gap to Azure
    32. Azure Network Adapter
    33. Summary
    34. Questions
  9. Remote Access
    1. Always On VPN
    2. Types of AOVPN tunnels
    3. User tunnels
    4. Device tunnels
    5. Device tunnel requirements
    6. AOVPN client requirements
    7. Domain-joined
    8. Rolling out the settings
    9. AOVPN server components
    10. Remote Access server
    11. Certification Authority (CA)
    12. Network Policy Server (NPS)
    13. DirectAccess
    14. The truth about DirectAccess and IPv6
    15. Prerequisites for DirectAccess
    16. Domain-joined
    17. Supported client operating systems
    18. DirectAccess servers – one or two NICs?
    19. To NAT or not to NAT?
    20. Network Location Server
    21. Certificates used with DirectAccess
    22. Do not use the Getting Started Wizard (GSW)!
    23. Remote Access Management Console
    24. Configuration
    25. Dashboard
    26. Operations Status
    27. Remote Client Status
    28. Reporting
    29. Tasks
    30. DA, VPN, or AOVPN? Which is best?
    31. Domain-joined or not?
    32. Auto or manual launch
    33. Software versus built-in
    34. Password and login issues with traditional VPNs
    35. Port-restricted firewalls
    36. Manual disconnect
    37. Native load-balancing capabilities
    38. Distribution of client configurations
    39. Web Application Proxy
    40. WAP as AD FS Proxy
    41. Requirements for WAP
    42. Latest improvements to WAP
    43. Preauthentication for HTTP Basic
    44. HTTP to HTTPS redirection
    45. Client IP addresses forwarded to applications
    46. Publishing Remote Desktop Gateway
    47. Improved administrative console
    48. Summary
    49. Questions
  10. Hardening and Security
    1. Windows Defender Antivirus
    2. Installing Windows Defender Antivirus
    3. Exploring the user interface
    4. Disabling Windows Defender Antivirus
    5. What is ATP, anyway?
    6. Windows Defender ATP Exploit Guard
    7. Windows Defender Firewall – no laughing matter
    8. Three Windows Firewall administrative consoles
    9. Windows Defender Firewall (Control Panel)
    10. Firewall & network protection (Windows Security Settings)
    11. Windows Defender Firewall with Advanced Security (WFAS)
    12. Three different firewall profiles
    13. Building a new inbound firewall rule
    14. Creating a rule to allow pings (ICMP)
    15. Managing WFAS with Group Policy
    16. Encryption technologies
    17. BitLocker and the virtual TPM
    18. Shielded VMs
    19. Encrypted virtual networks
    20. Encrypting File System
    21. IPsec
    22. Configuring IPsec
    23. Azure AD Password Protection
    24. Fine-grained password policy
    25. Advanced Threat Analytics – end of support
    26. What is (was) ATA?
    27. Azure ATP
    28. General security best practices
    29. Getting rid of perpetual administrators
    30. Using distinct accounts for administrative access
    31. Using a different computer to accomplish administrative tasks
    32. Never browse the internet from servers
    33. Role-Based Access Control (RBAC)
    34. Just Enough Administration (JEA)
    35. Disable external RDP…NOW
    36. Summary
    37. Questions
  11. Server Core
    1. Why use Server Core?
    2. No more switching back and forth
    3. Interfacing with Server Core
    4. PowerShell
    5. Using cmdlets to manage IP addresses
    6. Setting the server hostname
    7. Joining your domain
    8. Remote PowerShell
    9. Server Manager
    10. Remote Server Administration Tools
    11. Accidentally closing Command Prompt
    12. Windows Admin Center for managing Server Core
    13. The Sconfig utility
    14. Roles available in Server Core
    15. Building a Server Core domain controller
    16. Install the AD DS role
    17. Promote this server to a domain controller
    18. Verify that it worked
    19. What happened to Nano Server?
    20. Summary
    21. Questions
  12. PowerShell
    1. Why move to PowerShell?
    2. Cmdlets
    3. PowerShell is the backbone
    4. Scripting
    5. Server Core
    6. Working within PowerShell
    7. Launching PowerShell
    8. Default execution policy
    9. Restricted
    10. AllSigned
    11. RemoteSigned
    12. Unrestricted
    13. Bypass mode
    14. Using the Tab key
    15. Useful cmdlets for daily tasks
    16. Query user or quser
    17. IP addressing cmdlets
    18. Using Get-Help
    19. Formatting the output
    20. Format-Table
    21. Format-List
    22. Using a pipeline
    23. Export to CSV
    24. Pipes can invoke action
    25. PowerShell Integrated Scripting Environment
    26. PS1 files
    27. Working with PowerShell ISE
    28. Remotely managing a server
    29. Preparing the remote server
    30. The WinRM service
    31. Enable-PSRemoting
    32. Allowing machines from other domains or workgroups
    33. Connecting to the remote server
    34. Using -ComputerName
    35. Using Enter-PSSession
    36. Desired State Configuration
    37. Summary
    38. Questions
  13. Redundancy in Windows Server 2019
    1. Network Load Balancing (NLB)
    2. Not the same as round-robin DNS
    3. What roles can use NLB?
    4. Virtual and dedicated IP addresses
    5. NLB modes
    6. Unicast
    7. Multicast
    8. Multicast IGMP
    9. Configuring a load-balanced website
    10. Enabling NLB
    11. Enabling MAC address spoofing on VMs
    12. Configuring NLB
    13. Configuring IIS and DNS
    14. Testing it out
    15. Flushing the ARP cache
    16. Failover clustering
    17. Clustering Hyper-V hosts
    18. Virtual machine load balancing
    19. Clustering for file servers
    20. Scale-out file server
    21. Clustering tiers
    22. Application-layer clustering
    23. Host-layer clustering
    24. A combination of both
    25. How does failover work?
    26. Setting up a failover cluster
    27. Building the servers
    28. Installing the feature
    29. Running Failover Cluster Manager
    30. Running cluster validation
    31. Running the Create Cluster wizard
    32. Clustering improvements in Windows Server 2019
    33. True two-node clusters with USB witnesses
    34. Higher security for clusters
    35. Multi-site clustering
    36. Cross-domain or workgroup clustering
    37. Migrating cross-domain clusters
    38. Cluster operating system rolling upgrades
    39. Virtual machine resiliency
    40. Storage Replica (SR)
    41. Configuring Storage Replica
    42. Initializing disks as GPT
    43. Testing preparedness for Storage Replica
    44. Configuring Storage Replica
    45. Shifting the primary server to FS02
    46. Storage Spaces Direct (S2D)
    47. New in Server 2019
    48. Summary
    49. Questions
  14. Containers and Nano Server
    1. Understanding application containers
    2. Sharing resources
    3. Isolation
    4. Scalability
    5. Containers and Nano Server
    6. Windows Server containers versus Hyper-V containers
    7. Windows Server containers
    8. Hyper-V containers
    9. Docker and Kubernetes
    10. Linux containers
    11. Docker Hub
    12. Docker Trusted Registry
    13. Kubernetes
    14. Working with containers
    15. Installing the role and feature
    16. Installing Docker for Windows
    17. Docker commands
    18. docker version
    19. docker info
    20. docker --help
    21. docker images
    22. docker search
    23. docker pull
    24. docker run
    25. docker ps -a
    26. Downloading a container image
    27. Running a container
    28. Summary
    29. Questions
  15. Hyper-V
    1. Designing and implementing your Hyper-V Server
    2. Installing the Hyper-V role
    3. Using virtual switches
    4. External virtual switch
    5. Internal virtual switch
    6. Private virtual switch
    7. Creating a new virtual switch
    8. Implementing a new virtual server
    9. Starting and connecting to the VM
    10. Installing the operating system
    11. Managing a virtual server
    12. Hyper-V Manager
    13. The Settings menu
    14. Checkpoints
    15. Configuring auto stop and start
    16. Expanding a virtual disk
    17. Hyper-V console, Remote Desktop Protocol (RDP), or PowerShell
    18. Windows Admin Center (WAC)
    19. Shielded VMs
    20. Encrypting VHDs
    21. Infrastructure requirements for shielded VMs
    22. Guarded hosts
    23. Host Guardian Service (HGS)
    24. Host attestations
    25. TPM-trusted attestations
    26. Host key attestations
    27. Admin-trusted attestation – deprecated in 2019
    28. Integrating with Linux
    29. ReFS deduplication
    30. ReFS
    31. Data deduplication
    32. Why is this important to Hyper-V?
    33. Hyper-V Server 2019
    34. Summary
    35. Questions
  16. Troubleshooting Windows Server 2019
    1. Backup and Restore
    2. Schedule regular backups
    3. Restoring from Windows
    4. Restoring from the installer disk
    5. Task Manager
    6. Resource Monitor
    7. Performance Monitor
    8. Windows Firewall with Advanced Security
    9. System Insights
    10. Remote toolsets
    11. Event Logs
    12. Filtering event logs
    13. Exporting Windows event logs with PowerShell
    14. Common Event IDs
    15. MMC and MSC shortcuts
    16. Summary
    17. Questions
  17. Appendix: Answers to the end-of-chapter Questions
  18. Other Books You May Enjoy
  19. Index
18.216.251.37