Windows Server servicing branches
Server with Desktop Experience
Prior to installing Windows Server 2019, you need to make a number of decisions. The choices that you make will be determined by the role that you want the server to play in hosting your organization’s workloads. You’ll need to decide which edition of Windows Server to install. You’ll also need to decide whether you’ll install the Server with Desktop Experience or the Server Core version. You’ll also need to determine whether you want to deploy a Windows Server version from the Long Term Servicing Channel or from the Semi Annual Channel. In this chapter, you’ll learn about the different editions, channels, and versions of Windows Server 2019.
There are two primary editions of Windows Server 2019 and several minor editions of Windows Server 2019. The primary editions are:
Windows Server 2019 Standard. Edition of Windows Server 2019 suitable for environments where most servers are deployed physically rather than as virtual machines. Licensed on a per processor core basis and requires Windows Server CALs.
Windows Server 2019 Datacenter. Edition of Windows Server 2019 suitable for datacenters that include a high degree of virtualization. Licensed on a per processor core basis and requires Windows Server CALs.
The minor editions of Windows Server 2019 are:
Windows Server 2019 Essentials. Edition of Windows Server for small businesses. Supports up to 25 users and 50 devices. Licensed on a per processor basis. Does not require CALs because of the user and device restriction.
Microsoft Hyper-V Server 2019. A freely available hypervisor that does not require a license or CALs.
Table 2-1 lists the different limitations between Standard and Datacenter editions of Windows Server 2019.
Table 2-1 Edition limitations
Item |
Standard edition |
Datacenter edition |
Maximum users |
Determined by available client access licenses |
Determined by available client access licenses |
Maximum SMB connections |
16777216 |
16777216 |
Maximum routing and remote access connections |
No limit |
No limit |
Maximum Internet Authentication Service connections |
2147483647 |
2147483647 |
Maximum Remote Desktop Services connections |
65535 |
65535 |
Maximum x64 processor sockets |
64 |
64 |
Maximum number of cores |
No limit |
No limit |
Maximum RAM |
24 TB |
24 TB |
Included virtualization guest licenses |
2 included VM licenses as well as Hyper-V host |
Unlimited VM licenses as well as Hyper-V host |
Included Windows container licenses |
Unlimited |
Unlimited |
Included Hyper-V container licenses |
2 |
Unlimited |
Storage Replica instances |
Single volume, up to 2 TB |
Unlimited replica size and unlimited number of replicas. |
For most organizations, the primary difference between the two servers will be the way that virtual machines are licensed. Datacenter edition allows you to host unlimited virtual machines, and Standard edition allows you to host two virtual machines before you’ll have to purchase a license for each additional machine. Generally speaking, while you should check the costs yourself, if you’re hosting more than a half dozen virtual machines running a Windows Server operating system, or you’re using a half dozen Hyper-V containers, you’ll be better off purchasing Datacenter edition.
Another difference in the roles supported between Windows Server 2019 Standard edition and Windows Server 2019 Datacenter edition is that Datacenter edition supports hosting shielded virtual machines, something that cannot be done with the Standard edition. Shielded virtual machines are BitLocker-encrypted virtual machines that can’t be tampered with by a virtualization administrator.
Another difference is that Datacenter edition supports inherited activation as a host or guest virtual machine. Standard edition only supports inherited activation when hosted as a guest virtual machine on a Hyper-V host running Datacenter edition. Inherited activation means that activation occurs automatically based on the Windows Server edition. This can save quite a bit of time if you are hosting a large number of Windows Server 2019 virtual machines, as you don’t need to muck around with KMS servers.
Windows Server 2019 supports two separate servicing branches: the Long Term Servicing Channel (LTSC) and the Semi Annual Channel (SAC). These require separate installation media, and you won’t be able to install a SAC release from LTSC media or an LTSC release from SAC media.
LTSC versions are the versions of Windows Server that people usually think of as the main versions of Windows Server. Windows Server 2016 and Windows Server 2019 are LTSC versions, with the next LTSC version of Windows Server likely to be named either Windows Server 2021 or Windows Server 2022. LTSC versions of Windows Server can be installed either as a Server with Desktop Experience or in the Server Core configuration.
LTSC provides five years of mainstream support with five years of extended support. This is similar to the support options provided for previous versions of Windows Server, such as Windows Server 2012 R2. Most organizations are likely to deploy this servicing branch. For Windows Server 2019, extended support will end January 9, 2029. At present, Microsoft is offering an additional three years of extended security updates to customers willing to pay an annual fee for Windows Server 2008 and Windows Server 2008 R2, which will fall out of support in January 2020. Something similar may be available for Windows Server 2019 to extend the availability of security updates past 2029, but that’s pure speculation.
LTSC is the only servicing branch that is available to servers installed using Server with Desktop Experience installation options.
SAC releases are Server Core only and are generally released twice a year. SAC releases are named with the year and month of release. For example, Windows Server version 1809 was released in September 2018, and Windows Server 1903 was released in March 2019. There may even be a Windows Server 2003 SAC release in March 2020 and a Windows Server 2009 release in September 2020, which might confuse some people who don’t understand the new naming scheme and suspect that Microsoft is rereleasing the “classics.”
SAC releases include new features and capabilities that have been developed since the most recent LTSC release, as well as the features and capabilities that were present in that last LTSC release. Essentially, the SAC release Windows Server 1903 is a Server Core version of Windows Server 2019 with a few new features and capabilities, but which will only be supported by Microsoft for 18 months rather than the usual 10 years.
SAC releases are appropriate for organizations that have automated operating system deployment pipelines and that are comfortable with treating servers as “cattle” and not “pets.” In theory, if your organization is using an SAC release, you’re comfortable with the 18-month support window because you’ve implemented enough automation that the current instances of Windows Server are automatically replaced whenever the next SAC release is released by Microsoft. If you work for an organization that still has Windows Server 2003 on its subnet, then you probably want to give SAC releases of Windows Server a pass.
For the most part, features and capabilities that are available within an SAC release will be integrated into the next LTSC release. Sometimes, features within an SAC release don’t make it into the next LTSC release, but that’s probably because they weren’t quite ready to be put into a version of the operating system that will be supported for the next decade. Occasionally, new features will turn up in the LTSC release; for example, Samba migrations for Storage Migration Services appeared with the August 2019 cumulative update, but this will be the exception rather than the rule.
Windows Server Insider Preview builds are prerelease versions of the software that are similar to the old Release Candidate or Beta versions. Insider Preview Builds are for testing purposes only and should not be used in production environments. New features appear in Insider Preview Builds before appearing in the SAC releases. Features that appear in the SAC releases will generally then appear in the LTSC releases.
Unlike SAC releases, whether Server with Desktop Experience is included with Insider Preview Builds depends on the Preview Build. Before the release of the next LTSC build, there likely will be Insider Preview Builds that include the option to install with the GUI. So, the Insider Preview Build of Windows Server 2021/2022 will allow Server with Desktop Experience deployment, but a hypothetical Insider Preview build of Windows Server 2203 will not.
Server Core is the default installation option for Windows Server 2019. Because Server Core has fewer components, it doesn’t need to have software updates applied as often as the Server with GUI installation option does. Because components such as the built-in web browser have been removed, Server Core is less vulnerable to malware than the Server with Desktop Experience installation option. Additionally, because it doesn’t require all the components of the version that includes the GUI, it has a lower resource footprint.
The nature of Server Core is not explicitly called out by the Windows Server installation wizard shown in Figure 2-1. The version listed as Desktop Experience is the Server with the Desktop Experience option. The Standard version is Server Core. Unless you are paying attention during a manual deployment, it’s possible that you’ll accidentally deploy Server Core rather than Server with Desktop Experience. I’ve done that more times than I can count, so you’ve been warned.
The Server Core interface is a command prompt. As Figure 2-2 shows, to interact with the command prompt, you must press Ctrl+Alt+Del to unlock it. You can then sign in with a domain-based or local administrator account.
Once you have signed on, you can enter a local PowerShell session by typing PowerShell.exe. While Server Core is primarily a command-line environment, there are some graphical tools that can be launched from the command prompt or Task Manager. These include:
Task Manager. Task Manager functions in the same way as Task Manager on Server with Desktop Experience or Windows 10, and it can use Task Manager to run tasks by selecting the Run New Task item from the File menu.
Notepad. You can launch Notepad.exe to edit and view the contents of text files.
MSInfo32.exe. This allows you to view information about the installation.
Regedit.exe and Regedt32.exe. These allow you to edit the registry on a Server Core computer.
TimeDate.cpl. This opens the Time And Date control panel.
Intl.cpl. This opens the Regional Settings control panel.
Iscsicpl.exe. This opens the iSCSI Initiator Properties control panel, and allows you to connect to shared storage over iSCSI.
Installing Server Core App Compatibility Features on Demand, which you will learn more about later in this chapter, allows you to access even more GUI tools when signed on directly to the Server Core desktop.
Server Core supports the following roles, which you can install using the Add-WindowsFeature PowerShell cmdlet, by using the Add Roles And Features Wizard, available in the Server Manager console, or by using Windows Admin Center from a remote computer, as shown in Figure 2-3.
You can add the following features using this blade of the console:
Active Directory Certificate Services
Active Directory Domain Services
Active Directory Federation Services
Active Directory Lightweight Directory Services (AD LDS)
Active Directory Rights Management Services
Device Health Attestation
DHCP Server
DNS Server
File and Storage Services
Host Guardian Service
Hyper-V
Network Controller
Print and Document Services
Remote Access
Remote Desktop Services
Volume Activation Services
Web Server (IIS)
Windows Deployment Services
Windows Server Update Services
Server Core also supports the following features, as shown in Figure 2-4.
.NET Framework 3.5 Features
.NET Framework 4.7 Features
Background Intelligent Transfer Service (BITS)
BitLocker Drive Encryption
BranchCache
Client for NFS
Containers
Data Center Bridging
Enhanced Storage
Failover Clustering
Group Policy Management
Host Guardian Hyper-V Support
I/O Quality of Service
IIS Hostable Web Core
IP Address Management (IPAM) Server
iSNS Server service
Management OData IIS Extension
Media Foundation
Message Queuing
Multipath I/O
Network Load Balancing
Network Virtualization
Peer Name Resolution Protocol
Quality Windows Audio Video Experience
Remote Differential Compression
RPC over HTTP Proxy
Setup and Boot Event Collection
Simple TCP/IP Services
SMB 1.0/CIFS File Sharing Support
SMB Bandwidth Limit
SNMP Service
Software Load Balancer
Storage Replica
Telnet Client
VM Shielding Tools for Fabric Management
Windows Defender Antivirus
Windows Internal Database
Windows PowerShell
Windows Process Activation Service
Windows Server Backup
Windows Server Migration Tools
Windows Standards-Based Storage Management
Windows subsystem for Linux
WinRM IIS Extension
WINS Server
WoW64 Support
While it is possible to install and manage these roles using PowerShell, either directly or through a remote PowerShell session, most administrators are likely to deploy and manage these roles and features using Windows Admin Center.
As you learned in Chapter 1, Microsoft encourages organizations to manage all servers remotely. It doesn’t really matter that Server Core doesn’t have a GUI because you’ll almost never be logging on directly; instead, you will be connecting using remote administration tools.
One of the big challenges many organizations had with deploying Server Core is that many applications that seemingly didn’t require GUI components ended up having some form of dependency on the GUI. This meant that many people who wanted to deploy Server Core were unable to do so because a dependency either blocked installation or rendered the application non-functional.
App Compatibility Features on Demand (FOD) increases the compatibility of the Server Core installation option for a large number of applications. It also provides additional diagnostic tools for troubleshooting and debugging operations including:
Microsoft Management Console (mmc.exe)
Event Viewer (Eventvwr.msc)
Performance Monitor (PerfMon.exe)
Resource Monitor (Resmon.exe)
Device Manager (Devmgmt.msc)
File Explorer (Explorer.exe)
PowerShell Integrated Scripting Environment (PowerShell_ISE.exe)
Disk Management (diskmgmt.msc)
Failover Cluster Manager (CluAdmin.msc)
Microsoft Edge browser (Chromium version)
If the computer has connectivity to Windows Update, you can perform an online installation of the Server Core App Compatibility FOD by running the following command from an elevated PowerShell session and then restarting the computer:
Add-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~0.0.1.0
If the Server Core instance doesn’t have access to Windows Update, you can download the Features on Demand ISO from Microsoft’s website and deploy these features by running the following commands; the first mounts the ISO, and the second installs FOD.
Mount-DiskImage -ImagePath X:ISO_FolderISO_filename.iso Add-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~0.0.1.0 -Source <Mounted_Server_FOD_Drive> -LimitAccess
The key to deploying Server Core in your organization is determining whether it is suitable for a specific workload. Server Core is perfect for infrastructure-type roles such as Domain Controller, DNS server, DHCP server, and file server. Where Server Core may be less suitable is in hosting applications that have complex dependencies.
If you are thinking about deploying Server Core, you should perform tests to verify that each workload you intend to host on Server Core functions as expected. Even though Server Core is Microsoft’s current preferred deployment option, third-party server-hosted applications often have dependencies that require them to be installed on the server with the GUI installation option.
Server Core can be installed from the Windows Server 2019 installation media, or it can be deployed using a variety of methods from the install.wim file that is located on the installation media. You’ll learn more about deployment and configuration in Chapter 3, “Deployment and configuration.”
Server with Desktop Experience, also known as Server with a GUI, is the version of Windows Server that IT pros who have been using and managing the product since the 1990s and 2000s are likely most familiar with. Server with Desktop Experience comes with a full desktop environment, including a web browser. You can also install software on Server with Desktop Experience that you would normally install on a computer running the Windows 10 operating system.
You are most likely to deploy Server with Desktop Experience if you need to host Remote Desktop Session Host servers. Additionally, you’ll deploy Server with Desktop Experience if you need to host an application that has dependencies that are unavailable on Server Core.
Microsoft’s recommendation is that you deploy Windows Server 2019 with the Desktop Experience only in situations where it is impractical to deploy Server Core. While many administrators who have worked with Windows Server for many years will choose the Server with Desktop Experience installation option out of habit, deploying this version of Windows Server should be the exception rather than the rule.
If you’re new to Windows Server 2019, you’re likely to use the Add Roles And Features Wizard, shown in Figure 2-5, to add and remove roles and features from a computer running the Server with Desktop Experience option. While you can use this feature of the Server Manager console locally or remotely, you can only use it to manage roles and features on one server at a time. Windows Admin Center has a similar one-server-at-a-time limitation.
PowerShell provides a better set of tools for adding, removing, and querying the status of features with the Add-WindowsFeature, Get-WindowsFeature, and Remove WindowsFeature cmdlets. For example, Figure 2-6 shows a list of all possible features on a computer, with several features, such as Active Directory Certificate Services, Active Directory Domain Services, DHCP Server, DNS Server, and File and Storage Services installed. Figure 2-6 shows the output of the Get-WindowsFeature | Out-Host -paging command. This provides a list of features and roles that are installed or can be installed on the computer.
For example, the following commands install the Hyper-V role on all computers listed in the text file virt-servers.txt and then restarts those servers once the role installation is complete:
$Computers = Get-Content c:virt-servers.txt $Invoke-Command -ScriptBlock { Add-WindowsFeature Hyper-V -Restart } -Computername $Computers
3.139.240.244