Introduction
Changes since Windows Server 2016 Inside Out
Acknowledgments
Errata, updates, and book support
Chapter 1 Administration tools
Remote not local
Privileged Access Workstations
Windows Admin Center
Installing Windows Admin Center
Windows Admin Center extensions
Show script
Remote Server Administration Tools
RSAT consoles
Server Manager console
PowerShell
Modules
PowerShell Gallery
Remoting
One-to-many remoting
PowerShell ISE
PowerShell Direct
Remote Desktop
SSH
Chapter 2 Installation options
Windows Server 2019 editions
Windows Server servicing branches
Long Term Servicing Channel
Semi Annual Channel
Insider Preview Builds
Server Core
Server Core interface
Server Core roles
Server Core App Compatibility Features on Demand
When to deploy Server Core
Server with Desktop Experience
Roles and features
Chapter 3 Deployment and configuration
Bare metal versus virtualized
Windows images
Modifying Windows images
Servicing Windows images
Mounting images
Adding drivers and updates to images
Adding roles and features
Committing an image
Build and capture
Answer files
Windows Deployment Services
WDS requirements
Managing images
Configuring WDS
Configuring transmissions
Driver groups and packages
Virtual Machine Manager
Virtual machine templates
VMM storage
VMM networking
Adding a WDS to VMM
VMM host groups
Infrastructure configuration as code
Desired State Configuration
DSC configuration files
Local Configuration Manager
DSC resources
DSC push model
DSC pull server
Chef Infra Server
Chef servers
Chef Development Kit
Deploying Chef agents
Deploying Chef cookbooks and recipes
Puppet
Puppet Master Server
Deploying Puppet agent to Windows Server
Managing Windows Server configuration
Puppet Windows Module Pack
Package-management utilities
PowerShell Gallery
Chocolatey
Chapter 4 Active Directory
Managing Active Directory
Remote rather than local administration
Active Directory Administrative Center
Active Directory Users and Computers console
Active Directory Sites and Services console
Active Directory Domains and Trusts console
Domain controllers
Deployment
Server Core
Global catalog servers
Read only domain controllers
Virtual domain controller cloning
AD DS structure
Domains
Domain functional levels
Forests
Account and resource forests
Organizational units
Flexible Single Master Operations roles
Accounts
User accounts
Computer accounts
Group accounts
Default groups
Service accounts
Group policy
GPO management
Policy processing
Group Policy preferences
Administrative templates
Restoring deleted items
Active Directory Recycle Bin
Authoritative restore
Active Directory snapshots
Managing AD DS with PowerShell
Active Directory module
Group Policy module
ADDSDeployment module
Chapter 5 DNS, DHCP, and IPAM
DNS
DNS zone types
Zone delegation
Forwarders and conditional forwarders
Stub zones
GlobalNames zones
Peer Name Resolution Protocol
Resource records
Zone aging and scavenging
DNSSEC
DNS event logs
DNS options
Delegated administration
Managing DNS with PowerShell
DHCP
Scopes
Server and scope options
Reservations
DHCP filtering
Superscopes
Multicast scopes
Split scopes
Name protection
DHCP failover
Administration
IPAM
Deploy IPAM
Configure server discovery
IPAM Administration
Managing IPAM with PowerShell
Chapter 6 Hyper-V
Dynamic memory
Smart paging
Resource metering
Guest integration services
Generation 2 VMs
Enhanced Session Mode
Discrete Device Assignment
Nested virtualization
Nested virtualization dynamic memory
Nested virtualization networking
PowerShell Direct
HVC for Linux
Virtual hard disks
Fixed-sized disks
Dynamically expanding disks
Differencing disks
Modifying virtual hard disks
Pass-through disks
Managing checkpoints
Virtual Fibre Channel adapters
Storage QoS
Hyper-V storage optimization
Deduplication
Storage tiering
Hyper-V virtual switches
External switches
Internal switches
Private switches
Virtual machine network adapters
Optimizing network performance
Bandwidth management
SR-IOV
Dynamic virtual machine queue
Virtual machine NIC teaming
Virtual machine MAC addresses
Network isolation
Hyper-V replica
Configuring Hyper-V replica servers
Configuring VM replicas
Replica failover
Hyper-V replica broker
Hyper-V failover clusters
Hyper-V host cluster storage
Cluster quorum
Cluster networking
Force Quorum Resiliency
Cluster Shared Volumes
Active Directory detached clusters
Preferred owner and failover settings
Hyper-V guest clusters
Hyper-V guest cluster storage
Shared virtual hard disk
Hyper-V VHD Sets
Live migration
Storage migration
Exporting, importing, and copying VMs
VM Network Health Detection
VM drain on shutdown
Domain controller cloning
Shielded virtual machines
Managing Hyper-V using PowerShell
Chapter 7 Storage
Storage spaces and storage pools
Storage pools
Storage space resiliency
Storage space tiering
Thin provisioning and trim
Creating virtual disks
Storage Spaces Direct
Storage Replica
Supported configurations
Configuring replication
SMB 3.1.1
iSCSI
iSNS server
Scale-Out File Servers
Server for NFS
Deduplication
Storage Quality of Service
ReFS
Storage-related PowerShell cmdlets
Deduplication
iSCSI
iSCSITarget
NFS
Storage
Storage Replica
Chapter 8 File servers
Shared folder permissions
Using File Explorer
Windows Admin Center
Server Manager
File Server Resource Manager
Folder level quotas
File screens
Storage reports
File classification
File management tasks
Access-Denied Assistance
Distributed File System
DFS namespace
DFS replication
BranchCache
PowerShell commands
Shared Folder cmdlets
File Server Resource Manager cmdlets
BranchCache Cmdlets
DFS Cmdlets
Chapter 9 Internet Information Services
Managing sites
Adding websites
Virtual directories
Modifying site settings
Adding web applications
Configuring TLS certificates
Site authentication
Modifying custom error response
Adding or disabling the default document
Directory browsing
IP address and domain name filtering
URL authorization rules
Request filters
Application pools
Creating application pools
Configuring application pool recycling settings
IIS users and delegation
IIS user accounts
Delegating administrative permissions
Managing FTP
Managing IIS using PowerShell
Chapter 10 Containers
Container concepts
Isolation modes
Process Isolation mode
Hyper-V Isolation mode
Managing containers with Docker
Installing Docker
Demon.json
Retrieving container OS image
Container registries and images
Managing containers
Starting a container
Modifying a running container
Creating a new image from a container
Using Dockerfiles
Managing container images
Service accounts for Windows containers
Applying updates
Container networking
NAT
Transparent
Overlay
Layer 2 Bridge
Linux containers on Windows
Container orchestration
Kubernetes
Docker Swarm
Chapter 11 Clustering and high availability
Failover clustering
Cluster quorum modes
Cluster storage and cluster shared volumes
Cluster networks
MPIO
Cluster Aware Updating
Failover and preference settings
Multisite clusters
Cloud witness
Virtual machine failover clustering
Rolling upgrades
Workgroup clusters
Cluster sets
Managing failover clustering with PowerShell
Network Load Balancing
Network Load Balancing prerequisites
NLB cluster operation modes
Managing cluster hosts
Port rules
Filtering and affinity
Managing NLB with PowerShell
Chapter 12 Active Directory Certificate Services
CA types
Enterprise CA
Standalone CAs
Certificate revocation lists
CRL distribution points
Authority Information Access
Revoking a certificate
Publishing CRLs and delta CRLs
Certificate Services role services
Certificate templates
Template properties
Adding and editing templates
Certificate autoenrollment and renewal
CA management
Handling certificate requests
CA backup and recovery
Key archiving and recovery
CAPolicy.inf
Managing Certificate Services using PowerShell
Managing Certificate Services using Certutil.exe and Certreq.exe
Chapter 13 Active Directory Federation Services
AD FS components
Claims, claim rules, and attribute stores
Claims provider
Relying party
Relying party trust
Claims provider trust
Configuring certificate relationship
Attribute stores
Claim rules
Relying party trust claim rules
Claims provider trust claim rules
Configure Web Application Proxy
Workplace Join
Multifactor authentication
Managing AD FS with PowerShell
Managing Web Application Proxy with PowerShell
Chapter 14 Dynamic Access Control and Active Directory Rights Management Services
Dynamic Access Control
Configuring Group Policy to support DAC
Configuring User and Device Claims
Configuring Resource Properties
Central access rules
Central access policies
Staging
Access Denied Assistance
Installing AD RMS
AD RMS certificates and licenses
AD RMS Templates
AD RMS Administrators and Super Users
Trusted User and Publishing Domains
Exclusion policies
Apply AD RMS templates automatically
Managing AD RMS with Windows PowerShell
Dynamic Access Control cmdlets
Chapter 15 Routing and Remote Access
Remote Desktop Gateway
RD Gateway connection and resource policies
Configuring server settings
Configuring clients to use RD Gateway
Virtual private networks
IKEv2 Always On VPN protocol
SSTP VPN protocol
L2TP/IPsec protocols
PPTP VPN protocol
VPN authentication
Deploying a VPN server
Disable VPN protocols
Granting access to a VPN server
LAN routing
Network Address Translation (NAT)
DirectAccess
DirectAccess topologies
DirectAccess server
Network Location Server
Configuring DirectAccess
Managing Remote Access using PowerShell
Chapter 16 Remote Desktop Services
Deployment
Remote Desktop Connection Broker
Deployment properties
Remote Desktop Session Host
Session collection settings
Personal session desktops
RemoteApp
Group Policy configuration
Remote Desktop Virtualization Host
Virtual machine preparation
Virtual desktop collections
Pooled virtual desktops
Personal virtual desktops
DDA and RemoteFX
Remote Desktop Web Access
Remote Desktop licensing
Installing RDS CALs
Activating a License Server
Managing Remote Desktop Services using PowerShell
Chapter 17 Azure IaaS and hybrid services
Windows Server IaaS VMs
Creating Azure IaaS VMs
IaaS VM networking
IaaS VM administration
Azure Active Directory
Azure Active Directory Connect
Azure AD Connect server requirements
Installing Azure AD Connect
Using UPN suffixes and non-routable domains
Monitor Azure AD Connect Health
Forcing synchronization
Configure object filters
Implement and manage Azure AD self-service password reset
Azure AD Password Protection
Azure AD DS
Azure hybrid cloud services
Connect Windows Admin Center
Creating Azure IaaS VMs from Windows Admin Center
Azure File Sync
Azure Arc
Azure Site Recovery
Azure Network Adapter
Chapter 18 Windows Subsystem for Linux
Linux on Windows Server
Installing WSL
WSL 2.0
Chapter 19 Hardening Windows Server and Active Directory
Hardening Active Directory
Hardening domain controllers
Least privilege
Role-Based Access Control
Password policies
Account security options
Protected accounts
Authentication policies silos
Disable NTLM
Block server operators from scheduling tasks
Enable Local Security Authority protection
KRBTGT account password
Enhanced Security Administrative Environment forest
Hardening Windows Server
User rights
Service accounts
Just Enough Administration
Privileged Access Management
Local Administrator Password Solution
Advanced auditing
Windows Firewall with Advanced Security
Shielded VMs
Guarded fabric
Chapter 20 Security systems and services
Security Compliance Toolkit
Policy Analyzer tool
Local Group Policy Object tool
Attack Surface Analyzer
Credential Guard
Windows Defender Application Control
Virtualization-based security
Controlled Folder Access
Exploit Protection
Windows Defender
Windows Defender SmartScreen
Chapter 21 Maintenance and monitoring
Data collector sets
Alerts
Event Viewer
Event log filters
Event log views
Event subscriptions
Event-driven tasks
Network monitoring
Resource Monitor
Message Analyzer
Azure Monitor
Windows Server Backup
Backup locations
Backing up data
Role- and application-specific backups
Restore from backups
Restore to an alternative location
Azure Backup
Preparing Azure Backup
Backing up data to Azure Backup Agent
Restore from Azure Backup
Vssadmin
Windows Server Update Services
Products, security classifications, and languages
Autonomous and replica modes
Update files
WSUS security roles
WSUS groups
WSUS policies
Deploying updates
Automatic approval rules
Azure Update Management
Monitoring and maintenance related PowerShell cmdlets
WSUS related PowerShell cmdlets
Chapter 22 Upgrade and migration
Supported upgrade and migration paths
Upgrading roles and features
Converting evaluation version to licensed version
Upgrading editions
Windows Server Migration Tools
Active Directory
FRS to DFSR migration
Migrating to a new forest
Active Directory Certificate Services
Preparation
Migration
Verification and post migration tasks
DNS
DHCP
Preparing to migrate DHCP
Migration
Verification and post migration tasks
File and storage servers
Migrate file servers using Storage Migration Service
Migrate file and storage servers using WSMT
Chapter 23 Troubleshooting
Troubleshooting methodology
Redeployment
Symptoms and diagnosis
Dependencies
Ranking hypothetical solutions
Applying solutions
Command-line tools
Sysinternals tools
Process Explorer
Process Monitor
ProcDump
PsTools
VMMap
SigCheck
AccessChk
Sysmon
AccessEnum
ShellRunAs
LogonSessions
Active Directory Explorer
Insight for Active Directory
PsPing
RAMMap
Index