Mastering Windows Server 2016
Table of Contents
Mastering Windows Server 2016
Credits
About the Author
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Instant updates on new Packt books
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Piracy
Questions
1. Getting Started with Windows Server 2016
What is the purpose of Windows Server?
It's getting "cloudy" out there
Private cloud
An overview of new features
The Windows 10 experience
Software-Defined Networking
PowerShell 5.0
Built-in malware protection
Soft restart
Nano Server
Web Application Proxy
Shielded virtual machines
Navigating the interface
The new Start menu
The hidden Admin menu
Using the Search function
Pin programs to the taskbar
The power of right-click
Using the new Settings screen
Two ways to do the same thing
Creating a new user through the Control Panel
Creating a new user through the Settings menu
Task Manager
Task View
Summary
2. Installing and Managing Windows Server 2016
Installing Windows Server 2016
Burning that ISO
Installing from USB
Running the installer
Installing roles and features
Installing a role using the wizard
Installing a feature using PowerShell
Centralized management and monitoring
Server Manager
Remote Server Administration Tools
Azure Server Management Tools
Does this mean RDP is dead?
Remote Desktop Connection Manager
Sysprep enables quick server rollouts
Installing Windows Server 2016 onto a new server
Configuring customizations and updates onto your new server
Running sysprep to prepare and shut down your master server
Creating your master image of the drive
Building new servers using copies of the master image
Summary
3. Core Infrastructure Services
What is a domain controller?
Using AD DS to organize your network
Active Directory Users and Computers
User accounts
Security Groups
Prestaging computer accounts
Active Directory Domains and Trusts
Active Directory Sites and Services
Active Directory Administrative Center
Dynamic Access Control
Read-only domain controllers
The power of Group Policy
The Default Domain Policy
Create and link a new GPO
Filtering GPOs to particular devices
DNS overview
Different kinds of DNS records
Host record (A or AAAA)
Alias record – CNAME
Mail Exchanger record
Name Server record
Ipconfig /flushdns
DHCP versus static addressing
The DHCP scope
DHCP reservations
Back up and restore
Schedule regular backups
Restoring from Windows
Restoring from the disc
MMC and MSC shortcuts
Summary
4. Certificates in Windows Server 2016
Common certificate types
User certificates
Computer certificates
SSL certificates
Single-name certificates
Subject Alternative Name certificates
Wildcard certificates
Planning your PKI
Enterprise versus standalone
Root versus subordinate
Can I install the CA role onto a domain controller?
Creating a new certificate template
Issuing your new certificates
Publishing the template
Requesting a cert from MMC
Requesting a cert from the Web interface
Creating an autoenrollment policy
Obtaining a public authority SSL certificate
Creating a Certificate Signing Request (CSR)
Submitting the certificate request
Downloading and installing your certificate
Exporting and importing certificates
Exporting from MMC
Exporting from IIS
Importing onto a second server
Summary
5. Networking with Windows Server 2016
Intro to IPv6
Networking toolbox
Ping
Tracert
Pathping
Test-Connection
Telnet
Packet tracing with Wireshark or Netmon
TCPView
Building a routing table
Multihomed servers
Only one default gateway
Building a route
Adding a route with Command Prompt
Deleting a route
Adding a route with PowerShell
Software-Defined Networking
Hyper-V Network Virtualization
Private clouds
Hybrid clouds
How does it work?
System Center Virtual Machine Manager
Network Controller
Generic Routing Encapsulation
Microsoft Azure virtual network
Windows Server Gateway
Summary
6. Enabling Your Mobile Workforce
DirectAccess – automatic VPN!
The truth about DirectAccess and IPv6
Prerequisites for DirectAccess
Domain joined
Supported client operating systems
DirectAccess servers get one or two NICs?
Single NIC mode
Edge mode with two NICs
More than two NICs?
To NAT or not to NAT?
6to4
Teredo
IP-HTTPS
Installing on the true edge – on the Internet
Installing behind a NAT
Network Location Server
Certificates used with DirectAccess
SSL certificate on the NLS web server
SSL certificate on the DirectAccess server
Machine certificates on the DA server and all DA clients
Do not use the Getting Started Wizard!
Remote Access Management Console
Configuration
Dashboard
Operations Status
Remote Client Status
Reporting
Tasks
DirectAccess versus VPN
Domain-joined versus non-domain-joined
Auto versus manual launch
Software versus built-in
Password and login issues with VPN
Web Application Proxy
Requirements for WAP
Server 2016 improvements to WAP
Preauthentication for HTTP Basic
HTTP to HTTPS redirection
Client IP addresses forwarded to applications
Publishing Remote Desktop Gateway
Improved administrative console
Summary
7. Hardening and Security
Windows Defender
Installing Windows Defender
Exploring the user interface
Disabling Windows Defender
Windows Firewall – no laughing matter
Two Windows Firewall administrative consoles
Windows Firewall settings
Windows Firewall with Advanced Security
Three different firewall profiles
Building a new Inbound Rule
How to build a rule for ICMP?
Managing WFAS with Group Policy
Encryption technologies
BitLocker and the Virtual TPM
Shielded VMs
Encrypting File System
IPsec
Configuring IPsec
Server policy
Secure Server policy
Client policy
IPsec Security Policy snap-in
Using WFAS instead
Advanced Threat Analytics
Lightweight Gateway
General security best practices
Get rid of perpetual administrators
Use distinct accounts for administrative access
Use a different computer to accomplish administrative tasks
Never browse the Internet from servers
Role-Based Access Controls
Just Enough Administration
Device Guard
Credential Guard
Summary
8. Tiny Servers
Why Server Core?
No more switching back and forth
Interfacing with Server Core
PowerShell
Cmdlets to manage IP addresses
Setting the server hostname
Joining your domain
Server Manager
Remote Server Administration Tools
Accidentally closing Command Prompt
Roles available in Server Core
Nano Server versus Server Core
Sizing and maintenance numbers
Accessibility
Capability
Installation
Setting up your first Nano Server
Preparing the VHD file
Creating a virtual machine
Nano Server Image Builder
Administering Nano Server
Nano Server Recovery Console
Remote PowerShell
Windows Remote Management
Other management tools
Summary
9. Redundancy in Windows Server 2016
Network Load Balancing
Not the same as round-robin DNS
What roles can use NLB?
Virtual and dedicated IP addresses
NLB modes
Unicast
Multicast
Multicast IGMP
Configuring a load balanced website
Enabling NLB
Enabling MAC address spoofing on VMs
Configuring NLB
Configuring IIS and DNS
Test it out
Flushing the ARP cache
Failover clustering
Clustering Hyper-V hosts
Scale-Out File Server
Clustering tiers
Application layer clustering
Host layer clustering
A combination of both
How does failover work?
Setting up a failover cluster
Building the servers
Installing the feature
Running the Failover Cluster Manager
Running cluster validation
Running the Create Cluster wizard
Clustering improvements in Windows Server 2016
Multi-Site clustering
Cross-domain or workgroup clustering
Cluster Operating System Rolling Upgrade
Virtual Machine Resiliency
Storage Replica
Stretch Cluster
Cluster to Cluster
Server to Server
Storage Spaces Direct
Summary
10. Learning PowerShell 5.0
Why move to PowerShell?
Cmdlets
PowerShell is the backbone
Scripting
Server Core and Nano Server
Working within PowerShell
Launching PowerShell
Default Execution Policy
Restricted
AllSigned
RemoteSigned
Unrestricted
Bypass
Using the Tab key
Useful cmdlets for daily tasks
Using Get-Help
Formatting the output
Format-Table
Format-List
PowerShell Integrated Scripting Environment
PS1 file
Integrated Scripting Environment
Remotely managing a server
Preparing the remote server
WinRM service
Enable-PSRemoting
Allowi...