Mastering Windows Server 2016 E-Book

Table of Contents

Cover

Acknowledgments

About the Authors

About the Contributing Author

Introduction

Major Changes in Windows Server 2016

The Mastering Series

How to Use This Book

How This Book Is Organized

Getting More Information

Errata

Chapter 1: Windows Server 2016 Installation and Management

Windows Server 2016 Editions and Licensing

Installing Windows Server 2016

Automating the Installation of Windows Server 2016

Common Management Tools

Monitoring and Troubleshooting Tools

The Bottom Line

Chapter 2: PowerShell

What Is PowerShell?

Running and Customizing PowerShell

Setting Up PowerShell ISE Profiles

Setting Up Execution Policies

Using Aliases and Getting Help

Understanding Cmdlet Syntax

Understanding Shortened Command Syntax

Exploring PowerShell Command Concepts

Using File Input and Output Operations

Processing Pipeline Data

Using Variables

Using Functions

Formatting Output

Using Loops

Managing Remote Systems via PowerShell

The Bottom Line

Chapter 3: Compute

Overview of Hyper-V

What's New in Windows Server 2016 Hyper-V

Installing Hyper-V

Nested Virtualization

Storage Options in Hyper-V

Configuring Hyper-V

Virtual Machine Migration

Hyper-V Replica

High Availability with Failover Clustering in Windows Server 2016

Failover Clustering with Hyper-V

The Bottom Line

Chapter 4: Storage

Overview of Storage in Windows Server 2016

File Systems

Data Deduplication

Storage Spaces

Storage Replica

Storage Quality of Service

The Bottom Line

Chapter 5: Networking

Windows Server 2016 Network Configuration

DNS

DHCP

Remote Access

Network Load Balancing

Software Defined Networking

The Bottom Line

Chapter 6: File Services

File Services Overview

File Server

BranchCache for Network Files

DFS Namespaces and DFS Replication

File Server Resource Manager

Work Folders

The Bottom Line

Chapter 7: Windows Server Containers

Containers Overview

Creating and Maintaining Containers

Configuring Containers

Application Development and Deployment

The Bottom Line

Chapter 8: Security Mechanisms

Security Overview

Where to Begin?

What Are the Risks?

Protecting Accounts

Protecting Data at Rest

Protecting Data in Transit

Protecting Administrative Access

Protecting Active Directory Infrastructure

Malware Protection

Hardening Operating Systems Security with Additional Microsoft Products

Evidence of the Attack

The Bottom Line

Chapter 9: Active Directory Domain Services

Overview of Features

Revisiting Privileged Access Management

Design Considerations

Computer, User, and Group Management

Group Policy

The Bottom Line

Chapter 10: Active Directory Certificate Services

What's New in AD CS Windows Server 2016

Introduction to a Public Key Infrastructure and AD CS

Planning and Design Considerations

Implementing a Two-Tier Hierarchy

Working with Certificate Templates

Auto-Enrollment

The Bottom Line

Chapter 11: Active Directory Federation Services

Overview of AD FS

Planning and Design Considerations

Deploying an AD FS Environment

The Bottom Line

Chapter 12: Management with System Center

Overview of System Center 2016

Using System Center Virtual Machine Manager

Managing Windows Server 2016 with System Center Operations Manager

Managing Windows Server 2016 with System Center Configuration Manager

The Bottom Line

Chapter 13: Management with OMS

What Is Operations Management Suite?

OMS Pricing

System Requirements

Log Analytics

The Bottom Line

Index

End User License Agreement

List of Tables

Chapter 1

TABLE 1.1: Windows Server 2016 Edition Differences

TABLE 1.2: Activation Methods for Using KMS Keys

TABLE 1.3: Configuration Passes

TABLE 1.4: WDS Image Types

Chapter 2

TABLE 2.1:

Get-Service Objects

TABLE 2.2: Output Formats

Chapter 3

TABLE 3.1: What's New in Windows Server 2016 Hyper-V

TABLE 3.2: Hyper-V's New Features for Virtual Machines

TABLE 3.3: Hyper-V Virtual Machine Configurations

TABLE 3.4: Failover-Clustering Terminology

TABLE 3.5: Failover-Clustering Components

TABLE 3.6: Failover-Clustering Scenarios

TABLE 3.7: Clustered Roles

Chapter 4

TABLE 4.1: Comparison of File-System Features

TABLE 4.2: Comparison of Space-Saving Technologies

TABLE 4.3: Comparison of Replication Options

Chapter 5

TABLE 5.1: Windows PowerShell Cmdlets for Network Configuration

TABLE 5.2: NIC Teaming Load-Balancing Modes

TABLE 5.3: DNS Record Types

TABLE 5.4: Scavenging Time Periods

TABLE 5.5: VPN Protocols

TABLE 5.6: SLB Terminology

Chapter 6

TABLE 6.1: DFS Network Port List

Chapter 7

TABLE 7.1: Benefits of Using Containers over Virtual Machines

TABLE 7.2: Container Terms

TABLE 7.3: Container Memory Utilization

TABLE 7.4: Additional Docker Commands

TABLE 7.5: Dockerfile Commands

TABLE 7.6: Docker Run Options for Network Configuration

TABLE 7.7: Resource Constraint Options

Chapter 8

TABLE 8.1: User Account Rights in Group Policy Editor

TABLE 8.2: Windows PowerShell Cmdlets

TABLE 8.3: Role Capabilities

TABLE 8.4: Session Configuration Files Components

TABLE 8.5: Windows Defender Scan Options

TABLE 8.6: Audit Policy Settings

TABLE 8.7: Windows PowerShell Cmdlets for Managing Auditing Logs

Chapter 9

TABLE 9.1: Domain Controller Memory Sizing Example

TABLE 9.2: Domain Controller Storage Layout

TABLE 9.3: Event Log Settings

TABLE 9.4: Automatically Populated Attributes

TABLE 9.5: Group Scopes

TABLE 9.6: Group Policy Cmdlets

Chapter 10

TABLE 10.1: Windows Server 2016 Certification Authority Compatibility Settings

TABLE 10.2: Windows Server 2016 Certificate Request Compatibility Settings

Chapter 11

TABLE 11.1: AD FS Terms and Definitions

Chapter 12

TABLE 12.1: Supported Upgrade Paths

TABLE 12.2: Hardware Recommendations

TABLE 12.3: SQL Memory per SQL Instance

TABLE 12.4: Site System Roles

TABLE 12.5: Supportability Limits

TABLE 12.6: Hardware Recommendations

TABLE 12.7: Disk Space Recommendations

TABLE 12.8: Collection Use

Chapter 13

TABLE 13.1: OMS Services and Description

TABLE 13.2: Service Level Agreements for Operations Management Suite

TABLE 13.3: Connected Sources and Data Sources

TABLE 13.4: URL Access Needed for OMS

List of Illustrations

Chapter 1

FIGURE 1.1 Select localization settings

FIGURE 1.2 Select an operating system.

FIGURE 1.3 Select an installation type.

FIGURE 1.4 Select the installation location.

FIGURE 1.5 Server Manager

FIGURE 1.6 Sconfig.cmd

FIGURE 1.7 Sysprep graphical interface

FIGURE 1.8 Windows SIM

FIGURE 1.9 PXE Server Initial Settings page

FIGURE 1.10 Install images.

FIGURE 1.11 Server roles

FIGURE 1.12 Features

FIGURE 1.13 Dashboard view

FIGURE 1.14 Computer Management

FIGURE 1.15 Device Manager

FIGURE 1.16 Task Scheduler

FIGURE 1.17 Task action

FIGURE 1.18 Event Viewer

FIGURE 1.19 Task Manager

FIGURE 1.20 Resource Monitor

FIGURE 1.21 Performance Monitor

Chapter 2

FIGURE 2.1 The Windows PowerShell console on Windows Server 2016

FIGURE 2.2 The 32-bit and 64-bit versions of PowerShell

FIGURE 2.3 PowerShell’s Run As Administrator

FIGURE 2.4 PowerShell ISE on Windows Server 2016

FIGURE 2.5 Command pane with Hyper-V module selected

FIGURE 2.6 ISE Colors and Fonts tab

FIGURE 2.7 ISE General Settings

FIGURE 2.8

Dir /S in PowerShell

FIGURE 2.9

–ShowWindow parameter

FIGURE 2.10 Show-Command Get-EventLog

FIGURE 2.11

-Confirm parameter in ISE

FIGURE 2.12

ConvertTo-Html output in the default table format

FIGURE 2.13

ConvertTo-Htm with –As List

FIGURE 2.14

Get-Credential dialog box

FIGURE 2.15

Get-Credential MessageSet dialog box

FIGURE 2.16 You forgot the mandatory parameter.

Chapter 3

FIGURE 3.1 Hyper-V architecture

FIGURE 3.2 Installing Hyper-V

FIGURE 3.3 Nested virtualization architecture

FIGURE 3.4 Shielded virtual machine architecture

FIGURE 3.5 Virtual machine migration

FIGURE 3.6 Hyper-V Replica architecture

FIGURE 3.7 Windows Network Load Balancing architecture

FIGURE 3.8 Clustering architecture

FIGURE 3.9 Managing cluster nodes

FIGURE 3.10 Stretch-cluster architecture

Chapter 4

FIGURE 4.1 How data is optimized

FIGURE 4.2 How optimized data is read

FIGURE 4.3 Storage Spaces overview

FIGURE 4.4 Storage Spaces Direct overview

FIGURE 4.5 Storage Spaces Direct converged

FIGURE 4.6 Storage Spaces stretch cluster

FIGURE 4.7 Storage Replica synchronous replication

FIGURE 4.8 Storage Replica asynchronous replication

Chapter 5

FIGURE 5.1 IPv4 configuration

FIGURE 5.2 Creating a new team

FIGURE 5.3 NIC Teaming window

FIGURE 5.4 Windows Firewall

FIGURE 5.5 Inbound rules

FIGURE 5.6 SRV records for a domain controller

FIGURE 5.7 Zone Type selection

FIGURE 5.8 Active Directory Zone Replication Scope selection

FIGURE 5.9 Root hints

FIGURE 5.10 DNS forwarders

FIGURE 5.11 New conditional forwarder

FIGURE 5.12 Advanced DNS settings

FIGURE 5.13 ZSK options

FIGURE 5.14 DNS Debug Logging

FIGURE 5.15 Nslookup

FIGURE 5.16 New Scope Wizard - IP Address Range

FIGURE 5.17 Scope Options dialog box

FIGURE 5.18 Creating a new failover relationship

FIGURE 5.19 DHCP database configuration

FIGURE 5.20 Selecting the Internet adapter

FIGURE 5.21 Routing and Remote Access dialog box

FIGURE 5.22 Network Access Permission

FIGURE 5.23 Network policy authentication methods

FIGURE 5.24 Configuring a VPN server to use RADIUS

FIGURE 5.25 WAP server placement

FIGURE 5.26 Load-balancing methods

Chapter 6

FIGURE 6.1 The File and iSCSI services subcomponents in Server Manager

FIGURE 6.2 Shares item in Server Manager

FIGURE 6.3 Selecting the profile for a share

FIGURE 6.4 BranchCache modes of operation

FIGURE 6.5 Installing BranchCache for Network Files in Server Manager

FIGURE 6.6 Installing the BranchCache feature in Server Manager

FIGURE 6.7 The Group Policy Object setting to enable Hash Publication for BranchCache

FIGURE 6.8 Group Policy Object setting to configure BranchCache settings on a client computer

FIGURE 6.9 DFS architecture

FIGURE 6.10 The process of accessing shared folders in DFS

FIGURE 6.11 Installing DFS Namespaces in Server Manager

FIGURE 6.12 DFS management console

FIGURE 6.13 Creating a folder name and the path to the folder target

FIGURE 6.14 Installing DFS Replication in Server Manager

FIGURE 6.15 Configuring DFS Replication

FIGURE 6.16 Installing File Server Resource Manager in Server Manager

FIGURE 6.17 File Server Resource Manager console

FIGURE 6.18 File Server Resource Manager Options

FIGURE 6.19 Installing Work Folders in Server Manager

FIGURE 6.20 Creating a New Sync Share by using a New Sync Share Wizard in Server Manager

FIGURE 6.21 Configuring a GPO for Work Folders user settings

Chapter 7

FIGURE 7.1 Virtual machine and container architecture

FIGURE 7.2 Hyper-V container and Windows container architecture

FIGURE 7.3 Pulling an image from Docker Hub

FIGURE 7.4 Pulling a second image

FIGURE 7.5 Listing images

FIGURE 7.6 Reviewing the default container configuration

FIGURE 7.7 History for an image

FIGURE 7.8 Dockerfile example

FIGURE 7.9 Building an image

FIGURE 7.10 Listing networks

Chapter 8

FIGURE 8.1 Configuring User Account settings in Active Directory Users and Computers

FIGURE 8.2 Configuring Credential Guard in the Group Policy Management Editor

FIGURE 8.3 Configuring EFS on a folder editor

FIGURE 8.4 The process of encryption and decryption in EFS

FIGURE 8.5 The architecture of BitLocker drive encryption

FIGURE 8.6 The process of drive encryption configured in the Group Policy Management Editor

FIGURE 8.7 Windows Firewall with Advanced Security properties window

FIGURE 8.8 Configuring rules in Windows Firewall with Advanced Security

FIGURE 8.9 Configuring connection security rules in Windows Firewall with Advanced Security

FIGURE 8.10 Transport and tunnel mode in IPsec

FIGURE 8.11 Privileged Access Management (PAM) architecture

FIGURE 8.12 Configuring Software Restriction Policies in the Group Policy Management Editor

FIGURE 8.13 Configuring AppLocker in the Group Policy Management Editor

FIGURE 8.14 Audit Policy settings in the Group Policy Management Editor

FIGURE 8.15 Auditing the security settings on a folder

FIGURE 8.16 Advanced Audit Policies settings in the Group Policy Management Editor

FIGURE 8.17 Configuring subscriptions in the Event Viewer

FIGURE 8.18 Windows PowerShell logging settings in the Group Policy Management Editor

Chapter 9

FIGURE 9.1 Privileged Access Management

FIGURE 9.2 Forests and domains

FIGURE 9.3 Trusts

FIGURE 9.4 Site design

FIGURE 9.5 Site link design

FIGURE 9.6 Sample OU layout

FIGURE 9.7 Basic auditing settings

FIGURE 9.8 Advanced audit policy settings

FIGURE 9.9 Mandatory attributes

FIGURE 9.10 Group Policy template files

FIGURE 9.11 Group Policy inheritance

FIGURE 9.12 Group Policy template files

FIGURE 9.13 Group Policy Operational log

Chapter 10

FIGURE 10.1 AD CS primary components

FIGURE 10.2 AD CS role services

FIGURE 10.3 PKI tiers

FIGURE 10.4 AD CS configuration

FIGURE 10.5 CDP extensions

FIGURE 10.6 AIA extensions

FIGURE 10.7 AD CS configuration

FIGURE 10.8 AD CS configuration results

FIGURE 10.9 Extensions tab

FIGURE 10.10 Built-in templates

FIGURE 10.11 Compatibility tab

FIGURE 10.12 General tab

FIGURE 10.13 Request Handling tab

FIGURE 10.14 Cryptography tab

FIGURE 10.15 Extensions tab

FIGURE 10.16 Security tab

FIGURE 10.17 Server tab

FIGURE 10.18 Issuance Requirements tab

FIGURE 10.19 New GPO window

FIGURE 10.20 Setting the configuration model

Chapter 11

FIGURE 11.1 Decision tree for a hotel visit

FIGURE 11.2 Decision tree for a claims-based web app

FIGURE 11.3 AD FS infrastructure diagram

FIGURE 11.4 Adding the AD FS role

FIGURE 11.5 AD FS Configuration Wizard

FIGURE 11.6 Importing the certificate

FIGURE 11.7 File Explorer

FIGURE 11.8 AD FS federation service name

FIGURE 11.9 AD FS service account

FIGURE 11.10 AD FS Review Options page

FIGURE 11.11 AD FS Pre-requisite Checks page

FIGURE 11.12 Adding a New Zone in DNS Manager

FIGURE 11.13 DNS Manager creating a new host

FIGURE 11.14 IIS Manager Application Pools settings

FIGURE 11.15 IIS Manager Application Pool Identity page

FIGURE 11.16 IIS Manager Add Site Binding dialog box

FIGURE 11.17 Internet Explorer Local intranet zone

FIGURE 11.18 Sample app web page

FIGURE 11.19 Add Roles and Features Wizard

FIGURE 11.20 WAP Configuration Wizard

FIGURE 11.21 Federation Server page

FIGURE 11.22 Selecting a certificate

FIGURE 11.23 Remote Access Management

FIGURE 11.24 Relying Party page

FIGURE 11.25 Publishing Settings page

FIGURE 11.26 Sample app authentication page

FIGURE 11.27 Sample app page

Chapter 12

FIGURE 12.1 SQL Server Installation Center

FIGURE 12.2 Installing a SQL Server failover cluster: Instance Configuration

FIGURE 12.3 Installing a SQL Server failover cluster: Cluster Disk Selection

FIGURE 12.4 Installing a SQL Server failover cluster: Database Engine Configuration, Data Directories

FIGURE 12.5 Installing a SQL Server failover cluster: Database Engine Configuration, TempDB

FIGURE 12.6 Installing a SQL Server failover cluster: Cluster Node Configuration

FIGURE 12.7 The Getting Started screen in the VMM Setup Wizard

FIGURE 12.8 VMM Setup Wizard: Database Configuration

FIGURE 12.9 VMM Setup Wizard: VMM Service Account

FIGURE 12.10 VMM Setup Wizard: Port Configuration

FIGURE 12.11 VMM Setup Wizard: Library Configuration

FIGURE 12.12 VMM Console: Library Servers

FIGURE 12.13 Folder Explorer: MSSCVMMLibrary

FIGURE 12.14 VMM Console: Library Server, Physical Library Objects

FIGURE 12.15 VMM Console: Fabric Resources: Create Logical Network

FIGURE 12.16 Create Logical Network Wizard: Specify Logical Network Settings

FIGURE 12.17 Create Logical Network Wizard: Network Sites

FIGURE 12.18 VMM Console: VMs: Create VM Network

FIGURE 12.19 The Create VM Network Wizard

FIGURE 12.20 Create VM Network Wizard: Specify VM subnets

FIGURE 12.21 Add Storage Devices Wizard: Select Storage Provider Type

FIGURE 12.22 Add Storage Devices Wizard: Gather Information

FIGURE 12.23 Create Virtual Machine Wizard: Create Virtual Machine

FIGURE 12.24 Create Virtual Machine Wizard: Create The New Virtual Machine With A Blank Virtual Hard Disk

FIGURE 12.25 Create Virtual Machine Wizard: Specify Virtual Machine Identity

FIGURE 12.26 Create Virtual Machine Wizard: Configure Hardware

FIGURE 12.27 Create Virtual Machine Wizard: Select Destination

FIGURE 12.28 Installing the web console prerequisites via PowerShell

FIGURE 12.29 The initial Installation screen

FIGURE 12.30 Selecting the SCOM features to be installed

FIGURE 12.31 Selecting a folder location for Operations Manager

FIGURE 12.32 Verifying that the prerequisites have passed the check

FIGURE 12.33 Specifying a management group name

FIGURE 12.34 Microsoft Software License Terms

FIGURE 12.35 Configuring the operational database

FIGURE 12.36 Configuring the data warehouse database

FIGURE 12.37 Configuring the Reporting Services instance

FIGURE 12.38 Specifying the website for the web console

FIGURE 12.39 Selecting an authentication mode for the web console

FIGURE 12.40 Configuring the service accounts

FIGURE 12.41 This warning might appear if you set up accounts with domain administrator rights.

FIGURE 12.42 A Diagnostic and Usage Data for System Center Operations Manager disclaimer

FIGURE 12.43 Installation Summary page

FIGURE 12.44 Installation Results window with installation details

FIGURE 12.45 Selecting the Operations Manager shell to activate System Center Operations Manager

FIGURE 12.46 Activating System Center Operations Manager

FIGURE 12.47 Verifying that System Center Operations Manager is activated

FIGURE 12.48 Initiating the wizard to import management packs

FIGURE 12.49 Selecting a source for management packs

FIGURE 12.50 Finding management packs in the catalog

FIGURE 12.51 Selecting the management packs to install

FIGURE 12.52 Summary page with a list of management packs to install

FIGURE 12.53 Viewing the status of the current Management Pack installation procedure

FIGURE 12.54 Windows Explorer: Extracted Folder ConfigMgrPrerequisitesTool

FIGURE 12.55 ConfigMgr Prerequisites Tool: Site Configuration

FIGURE 12.56 ConfigMgr Prerequisites Tool: Site Configuration: Progress

FIGURE 12.57 ConfigMgr Prerequisites Tool: Active Directory Schema Extension

FIGURE 12.58 ConfigMgr Prerequisites Tool: WSUS tab

FIGURE 12.59 ADK Window 10 1703 download

FIGURE 12.60 ADK Windows 10 1703: Select the Features You Want to Install

FIGURE 12.61 System Center Configuration Manager Setup Wizard: Getting Started: Available Setup Options

FIGURE 12.62 System Center Configuration Manager Setup Wizard: Server Language Selection

FIGURE 12.63 System Center Configuration Manager Setup Wizard: Client Language Selection

FIGURE 12.64 System Center Configuration Manager Setup Wizard: Site and Installation Settings

FIGURE 12.65 System Center Configuration Manager Setup Wizard: Primary Site Installation

FIGURE 12.66 System Center Configuration Manager Setup Wizard: Primary Site Installation: Database Information

FIGURE 12.67 System Center Configuration Manager Setup Wizard: Database Information

FIGURE 12.68 System Center Configuration Manager Setup Wizard: Client Computer Communication Settings

FIGURE 12.69 System Center Configuration Manager Setup Wizard: Site System Roles

FIGURE 12.70 System Center Configuration Manager Setup Wizard: Install: Overall Progress

FIGURE 12.71 System Center Configuration Manager Console: Hierarchy Configuration: Discovery Methods

FIGURE 12.72 Active Directory Forest Discovery

FIGURE 12.73 Boundaries

FIGURE 12.74 Active Directory Group Discovery Properties

FIGURE 12.75 Active Directory Location

FIGURE 12.76 User Collections

FIGURE 12.77 Active Directory System Discovery

FIGURE 12.78 Device Collections: All Systems

FIGURE 12.79 Active Directory User Discovery

FIGURE 12.80 Create Boundary screen

FIGURE 12.81 Create the boundary group.

FIGURE 12.82 Create Boundary Group: References

FIGURE 12.83 Create Custom Client Device Settings: Software Updates

FIGURE 12.84 Create Custom Client Device Settings: State Messaging

FIGURE 12.85 Asset and Compliance Workspace: Device Collections

Chapter 13

FIGURE 13.1 Types of solutions

FIGURE 13.2 The Azure portal

FIGURE 13.3 The Log Analytics box in Azure

FIGURE 13.4 Create a workspace.

FIGURE 13.5 Deployment succeeded

FIGURE 13.6 Microsoft Azure Log Analytics

FIGURE 13.7 The OMS portal with Azure Log Analytics

FIGURE 13.8 Azure Log Analytics is now enhanced.

FIGURE 13.9 The workspace upgrade is completed successfully.

FIGURE 13.10 The OMS Portal link

FIGURE 13.11 The Data Based on Last 1 Day box

FIGURE 13.12 Data Overview

FIGURE 13.13 OMS Portal Solutions Gallery

FIGURE 13.14 Security and Audit Solution

FIGURE 13.15 Solutions Gallery Add - Security and Audit

FIGURE 13.16 Azure Log Analytics processorutilization query

FIGURE 13.17 Azure Log Analytics disklatency query

FIGURE 13.18 Azure Log Analytics performance query

FIGURE 13.19 Azure Log Analytics totalperformance query

FIGURE 13.20 Azure Log Analytics securityevents query

FIGURE 13.21 Azure Log Analytics query for a specific reboot

Guide

Cover

Table of Contents

Begin Reading

Pages

C1

iii

iv

v

vi

vii

viii

ix

xxiii

xxiv

xxvi

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

E1

Mastering Windows Server® 2016

Senior Acquisitions Editor: Kenyon BrownDevelopment Editor: Kim WimpsettTechnical Editor: Rodney R. FournierProduction Editor: Barath Kumar RajasekaranCopy Editor: Kathy CarlyleEditorial Manager: Pete GaughanProduction Manager: Kathleen WisorProofreader: Nancy BellIndexer: Johnna VanHoose DinseProject Coordinator, Cover: Brent SavageCover Designer: WileyCover Image: © Thomas Northcut/Getty Images, Inc.

Copyright © 2018 by John Wiley & Sons, Inc., Indianapolis, IndianaPublished simultaneously in Canada

ISBN: 978-1-119-40497-2

ISBN: 978-1-119-40507-8 (ebk.)

ISBN: 978-1-119-40506-1 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2018935413

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Windows Server is a registered trademark of Microsoft Corporation. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Acknowledgments

Many talented and hardworking people gave their best efforts to produce Mastering Windows Server 2016. We offer our sincerest gratitude to those individuals who helped bring this book to you.

Many thanks go out to the editorial and production teams at Wiley for their efforts. Kenyon Brown managed the project (which took much more effort than he signed up for!) and helped recruit the right resources to make this project happen. Kim Wimpsett, the developmental editor, did a great job turning around the chapters, communicating with the team, and tracking down late chapters. Thanks! We also want to thank the technical editor, Rodney Fournier, for his work reviewing all of the work and ensuring that we have things right. Finally, we want to thank the production editor, Barath Kumar Rajasekaran; the copy editor, Kathy Carlyle; and the proofreader, Nancy Bell. All of them contributed to making this book a high-quality production.

I'd like to thank my wife, Lindsay; my son, Jack; and my daughter, Leah, for their continued support and for the joy they bring me regularly.

–Brian Svidergol

To my loving family who always supports me.

–Vladimir Meloski

I'd like to thank Tracey, Sammi, and Michelle for consistently being the best part of my day.

–Byron Wright

I want to dedicate this book to the following: my wife, Karla; you are my soulmate, and I want to grow old with you. To my kids, Bryan and Naomy, I hope this gives you some inspiration one day of what you can possibly achieve; and finally thank you to all my family and friends for their support in my craziness. Also to my martial arts students, peers, and masters, thank you for allowing me to be who I am as a professional and a martial arts master.

I want to thank my colleagues across Microsoft for their support on this book. Thank you to the contributing authors for their great work and especially to Jose Rodas for his commitment and dedication to the OMS and Operations Manager Technology and for his contributions to making the content of this book better.

To my peer author, Brian Svidergol, thanks for the opportunity and making this happen for us. To my friend Elias Mereb, as he continues to evolve and assist us in many ways, thanks Brother for all your feedback and commitment to Windows technology. Finally, I want to thank all the Configuration Manager and the Enterprise Mobility + Security community, who have always been so passionate about the technology and willing to help us improve our writing. Let's keep it up as we evolve together.

–Santos Martinez

I dedicate this book to my grandmother, Helen Wells, who bought me my first computer, and to my grandfather, Lyle Wells, for not killing her.

–Doug Bassett

About the Authors

Brian Svidergol designs and builds infrastructure, cloud, and hybrid solutions. He holds many industry certifications including the Microsoft Certified Trainer (MCT) and Microsoft Certified Solutions Expert (MCSE) – Cloud Platform and Infrastructure. Brian is the author of several books covering everything from on-premises infrastructure technologies to hybrid cloud environments. He has worked with startup organizations and large Fortune 500 companies on design, implementation, and migration projects.

Vladimir Meloski is a Microsoft Most Valuable Professional on Office Server and Services, Microsoft Certified Trainer and consultant, providing unified communications and infrastructure solutions based on Microsoft Exchange Server, Skype for Business, Office 365, and Windows Server. With a bachelor's degree in computer sciences, Vladimir has devoted more than 20 years of professional experience in information technology. Vladimir has been involved in Microsoft conferences in Europe and in the United States as a speaker, moderator, proctor for hands-on labs, and technical expert. He has been also involved as an author and technical reviewer for Microsoft official courses, including Exchange Server 2016, 2013, 2010, 2007, Office 365, and Windows Server 2016, 2012; and he is one of the book authors of Mastering Microsoft Exchange Server 2016. As a skilled IT professional and trainer, Vladimir shares his best practices, real-world experiences, and knowledge with his students and colleagues, and he is devoted to IT community development by collaborating with IT Pro and developer user groups worldwide. He enjoys his spare time in country with his son and wife.

Byron Wright is the owner of BTW Technology Solutions where he designs and implements solutions using Microsoft technologies. He has been a consultant, author, and instructor for 20 years, specializing in Windows Server, Active Directory, Office 365, and Exchange Server. Byron was a Microsoft MVP for Exchange Server/Office 365 from 2012–2015.

Santos Martinez was born in Caguas, Puerto Rico, in 1982, and grew up in Caguas. Santos has more than 18 years of experience in the IT industry. He has worked on major implementations and in support of Configuration Manager and Enteprise Mobility + Security for many customers in the United States and Puerto Rico. Santos was a Configuration Manager engineer for a Fortune 500 financial institution and an IT consultant before joining Microsoft. For the Fortune 500 companies, he helped with the implementation and support of more than 200+ Configuration Manager Site Server and support of more than 300,000 Configuration Manager and Intune clients worldwide.

Santos was a SQL Server MVP from 2006 to 2009 and then a ConfigMgr MVP from 2009 to 2011. He is well known in the Microsoft communities as a mentor for other MVPs, Microsoft FTEs, and for helping other IT community members. He has also participated in Microsoft TechEd, MMS, and Ignite as a technical expert for Configuration Manager, Database, and Microsoft Intune. Santos is also a former Puerto Rican martial arts champion and currently holds a Six Degree black belt in TaiFu-Shoi Karate-Do where he earned the title of Shihan Sensei.

Santos and Karla, a pastry chef, have been married for 16 years and have two kids, Bryan Emir and Naomy Arwen. Santos currently is a senior program manager for Microsoft in the Enterprise Management and Mobility Product Group. You can follow him on Twitter (@ConfigNinja) or at his blog (http://aka.ms/ConfigNinja).

Doug Bassett has been involved in the computer industry since the early 1980s when he taught a high school computer science class, while still a high school student. Doug has many certifications from Microsoft, Cisco, CompTIA, and others, and has been MCSE certified since the old Windows NT days. Doug has also been a Microsoft Certified Trainer (MCT) for over 20 years. He was one of the first 100 people in the world to certify on Windows 2008. Doug has lectured at both Apple and Microsoft corporate headquarters and was invited by Microsoft to present at the Microsoft world conference in Barcelona, Spain, on virtual classroom and online learning. Doug is currently teaching live classes over the Internet and enjoys not having to shovel snow while living in Arizona.

About the Contributing Author

Jose Rodas is an IT professional certified as A +, CCEA, MCSA + M, MCSE, MCTS, MCITP EA, and MCT, and he has more than 20 years of industry experience. He started working at Microsoft in the System Center Team in October 2007 supporting System Center Operations Manager and System Center Service Manager. Currently, he is a Microsoft Premier Field Engineer dedicated to customers while traveling to customer sites to provide proactive/reactive assistance in System Center and Azure Log Analytics projects.

Introduction

Welcome to Mastering Windows Server 2016. This book covers Windows Server 2016 and the core technologies built into the operating system. It has a mix of content ranging from networking, identity and access, storage, and much more. We don't cover every single feature or option but focus on providing a deep understanding of the key topics that we cover throughout the chapters. This book is best read from front to back and can later used as a reference.

Major Changes in Windows Server 2016

Most of the major components of Windows Server 2016 have new features, enhancements, and changes for Windows Server 2016. With that said, most of the changes involve improvements to existing services and the introduction of new features. Throughout the chapters, we will look at some of these new features in detail. The following major changes represent the changes that we feel stand out from the rest:

Nested Virtualization

  With nested virtualization, a brand new feature for Windows Server 2016, you can deploy a Hyper-V host inside of a VM. This simplifies the process for testing failover clustering and for testing a variety of virtualization-related features and configurations. Note that nested virtualization is best suited for nonproduction environments, such as a lab environment. See

Chapter 3

for more information.

Shielded Virtual Machines

  This new feature enhances the security of Hyper-V hosts and VMs. It protects against scenarios such as malicious administrators trying to view the console or trying to view the data on the virtual hard disks. See

Chapter 3

for more information.

Device Guard and Credential Guard

  These new features protect Generation 2 VMs against exploits. See

Chapter 8

for more information.

Privileged Access Management (PAM)

  PAM enhances the security of Active Directory Domain Services environments by completely changing the way many administrators manage their environments. See

Chapter 9

for more information.

Storage Spaces Direct

  This new feature provides a highly available and highly scalable storage solution using local server storage. See

Chapter 4

for more information.

Software Defined Networking (SDN)

  There are many new enhancements to networking in Windows Server 2016. SDN enables you to configure your on-premises environment like Azure and manage it using System Center Virtual Machine Manager. See

Chapter 5

for more information.

Containers

  Containers are a feature that offers a way for app teams to have a prepackaged way to deploy app environments quickly (for example, IIS with ASP.NET). The container contains everything an app team needs—and the container is portable; it can run on-premises or in the public cloud. See

Chapter 7

for more details.

Nano Server

  When Microsoft introduced the Server Core installation of Windows Server, it was lauded for the small size, small requirements, high performance, and enhanced security. Nano Server went a step further (albeit with more limitations). Initially, it was just a smaller footprint deployment, without a GUI, that could run some core roles such as Hyper-V and Scale-Out File Server. However, recently Microsoft announced some big changes for Windows Server 2016 (release 1709). With 1709, Nano Server will no longer support the core roles such as Hyper-V. Instead, it will be dedicated for containers and be geared for the cloud. Nano Server is introduced in

Chapter 1

.

The Mastering Series

The Mastering series from Sybex provides outstanding instruction for readers with intermediate and advanced skills in the form of top-notch training and development for those already working in their field, and clear, serious education for those aspiring to become pros. Every Mastering book includes the following:

Skill-based instruction with chapters organized around real tasks rather than abstract concepts or subjects

End of chapter “Master It” scenarios to test your knowledge of the information in the chapter

How to Use This Book

How you use this book will depend on your goals and your level of experience across the Windows Server technologies. For example, if you have limited experience with Windows Server, then reading the book from front to back might provide the best experience. If you are an experienced server administrator but want to learn more about the networking components of Windows Server 2016, then you might want to go straight to the networking-related chapters. If you are studying for a certification exam, you might want to read specific topics from various chapters to strengthen your knowledge in very specific areas. While the book is ordered so that it is easiest to read it front to back, take the path that best suits your experience and goals.

In several parts of the book, we will perform step-by-step installations and configurations. We highly recommend that you perform those same steps in your lab or nonproduction environment (whether at home or at work). Reading about a technology is good for learning. Deploying, troubleshooting, and maintaining a technology is good for learning. Doing both is great for learning!

Windows Server is a huge product. There is a plethora of technologies in it—and the technologies are complex, much more so than in previous versions (especially older and legacy versions) of Windows Server. Therefore, as authors, we must pick and choose exactly what we cover while still trying to keep the book manageable in size. In general, for this book, we have opted to cover the most used parts of Windows Server, and we try to go into detail in specific parts of every chapter. Lastly, we avoid the introductory information unless it is imperative to the topic. Our readers have historically been experienced administrators who are looking to enhance their knowledge of the newest version of Windows Server. Therefore, we try to avoid material that is “too basic” for our typical reader.

How This Book Is Organized

Each Mastering Windows Server 2016 chapter represents a milestone in your progress toward becoming an expert Windows Server 2016 user. We start off by walking you through the installation, Server Manager, and PowerShell. It is a good way to start and enables you to have a Windows Server 2016 computer to reference while working through the step-by-step sections of chapters. It is also good to know the tools that we are going to reference throughout the book (especially PowerShell) before we dive into them!

Chapter 1

, “Windows Server 2016 Installation and Management,” shows you how to install Windows Server 2016 and how to work with Server Manager for server administration.

Chapter 2

, “PowerShell,” details how to work with PowerShell. It covers a huge amount of information in a single chapter and will be especially beneficial to readers who aren't well-versed in PowerShell yet.

After you have an installation and know your way around the management of Windows Server, you are ready to dive deeper into the foundational technologies.

Chapter 3

, “Compute,” is all about the compute portions of Windows Server, such as Hyper-V and failover clustering.

Chapter 4

, “Storage,” details file systems, data deduplication, Storage Spaces, Storage Replica, and Storage Quality of Service.

Chapter 5

, “Networking,” dives into remote access, DNS, DHCP, and a host of new networking technologies in Windows Server 2016.

At this point, you'll have a pretty good grasp of the basics of Windows Server 2016 and understand some of the new technologies. The next chapters are designed to help you branch out into smaller (but still important) technologies in Windows Server.

Chapter 6

, “File Services,” tells you how to implement and manage file services—not just shared folders but the advanced aspects of managing file services.

Chapter 7

, “Windows Server Containers,” explains what containers are, how they work, and how to create and manage them. This technology is new and rapidly evolving.

Chapter 8

, “Security Mechanisms,” is where you'll learn about Just Enough Administration (JEA), Just In Time (JIT) administration, Credential Guard, and other new security features in Windows Server 2016.

Several Active Directory technologies are built into Windows Server 2016. In this book, we cover the three most deployed. We exclude AD LDS and AD RMS.

Chapter 9

, “Active Directory Domain Services,” covers AD DS, including information about design and architecture, deployment, and day-to-day administration.

Chapter 10

, “Active Directory Certificate Services,” covers AD CS and public key infrastructure technologies. It also walks through a step-by-step two-tier hierarchy.

Chapter 11

, “Active Directory Federation Services,” takes you through AD FS and design considerations. Then, it walks you through a step-by-step implementation of AD FS and Web Application Proxy.

Earlier in the book, we cover managing servers one at a time with Server Manager and PowerShell. In this part of the book, we look at managing servers at the enterprise level where automation and self-service are keys to successful management.

Chapter 12

, “Management with System Center,” introduces you to the entire suite of Microsoft System Center. It walks through deployment and configuration, as well as introduces the concepts around enterprise management.

Chapter 13

, “Management with OMS,” shows you how to use Microsoft Operations Management Suite OMS), an Azure service, to manage your on-premises and cloud-based Windows servers.

Getting More Information

In each chapter, you will see links to external sources for additional information. Whenever you have an interest in a particular topic and we link to an external resource, you should opt to spend a few minutes exploring that content. We specifically tried to link to value-adding material that complements and sometimes expands upon the information in the book.

Errata

We hope that Mastering Windows Server 2016 will be of benefit to you and that, after you've read the book, you'll continue to use the book as a reference. Please note that while we have made every effort toward accuracy, sometimes software updates will cause a screenshot to look slightly different than the interface you see on your screen. You should still be able to follow along with the instructions given. However, if you find errors, please let our publisher know by emailing to [email protected].

Thanks for choosing Mastering Windows Server 2016!

Chapter 1Windows Server 2016 Installation and Management

Windows Server 2016 builds on the installation and management processes of earlier Windows Server versions. To install Windows Server 2016, you need to understand the editions of Windows Server 2016 and how they are licensed. This will enable you to select the edition of Windows Server 2016 that best meets your needs. You also need to select an appropriate installation method such as automation with Windows Deployment Services.

After installing Windows Server 2016, Server Manager is the main interface that you’ll use for management. From Server Manager, you can launch tools that you can use to manage and monitor Windows Server 2016.

IN THIS CHAPTER, YOU WILL LEARN TO:

Define a deployment process

Select an edition of Windows Server 2016

Select an activation method

Monitor Windows Server 2016

Windows Server 2016 Editions and Licensing

Microsoft has had various editions of Windows Server with each generation. Depending on the generation of Windows Server, varying editions came with different features or different licensing. You can obtain Windows Server 2016 Standard or Windows Server 2016 Datacenter. The vast majority of features are the same between the two editions, but there are some significant differences worth noting and they are listed in Table 1.1.

TABLE 1.1: Windows Server 2016 Edition Differences

FEATURE

DESCRIPTION

Virtualization Licensing

One Windows Server 2016 Standard license can be used for two virtual machines on a single virtualization host. One Windows Server 2016 Datacenter license can be used for an unlimited number of virtual machines on a single virtualization host.

Software Defined Networking

This feature that applies policies to control network configuration and security is not included in Standard edition.

Shielded Virtual Machines

To configure Shielded virtual machines, the Hyper-V host must be running Windows Server 2016 Datacenter edition.

Hyper-V Containers

Windows Server 2016 Standard has a limit of two Hyper-V Containers per Hyper-V host. Windows Server 2016 can have an unlimited number of Hyper-V Containers. Both editions of Windows Server 2016 can have an unlimited number of standard containers.

Storage Replica

This feature that synchronizes data between two servers is available only in Windows Server 2016 Datacenter edition.

Storage Spaces Direct

This feature that provides high availability for file shares is available only in Windows Server 2016 Datacenter edition.

As you can see from Table 1.1, there are only a few feature differences between Windows Server 2016 Standard and Windows Server 2016 Datacenter. If those features are not required, then the primary driver for selecting an edition of Windows Server 2016 is usually virtualization licensing.

Most organizations deploy new servers as virtual machines. With a single Windows Server 2016 Standard license, you can install Windows Server 2016 Standard with Hyper-V for a virtualization host and configure two virtual machines with Windows Server 2016 Standard. By purchasing a second Windows Server 2016 Standard license, you can add two more virtual machines running Windows Server 2016 Standard. In smaller organizations with only a few virtual machines per virtualization host, it is often cost-effective to use Windows Server 2016 Standard.

In larger organizations with many virtual machines, it is often more cost-effective and easier to manage if you use Windows Server 2016 Datacenter. With a single Windows Server 2016 Datacenter license, you can install Windows Server 2016 Datacenter with Hyper-V for a virtualization host and configure an unlimited number of virtual machines on that host.

VIRTUALIZATION LICENSING WITHOUT HYPER-V

Hyper-V is an excellent hypervisor that is widely used to implement server and desktop virtualization. However, there are other hypervisors such as VMware, XenServer, and others. When you use a hypervisor other than Hyper-V, the licensing for the virtual servers works exactly the same as if you were using Hyper-V. A Windows Server 2016 Standard license allows you to implement two virtual machines running Windows Server 2016 Standard on any hypervisor. A Windows Server 2016 Datacenter license allows you to implement an unlimited number of virtual machines running Windows Server 2016 Datacenter on any hypervisor.

Processor Core-Based Licensing

At one time, before virtualization became common, Windows Server was licensed based on a ratio of one-to-one with physical machines. Older editions of Windows Server were limited based on the number of physical processors and the amount of memory they could address. When virtualization became common, a number of virtual machines were included per license. Now, physical hardware has become so powerful that limitations have been introduced based on the number of processor cores in the physical server.

Windows Server 2016 Standard and Windows Server 2016 Datacenter use the same core-based licensing structure. The base operating system license provides licensing for two eight-core processors (a total of 16 cores). If there are more than eight physical cores per processor (hyperthreading does not count as additional cores), then you need to purchase additional core licenses in minimum increments of two cores.

Each processor in a server must be licensed for a minimum of eight cores. So, if you have four processors in a server, then you need to be licensed for a minimum of 32 cores. You can meet this requirement by purchasing two Windows Server licenses. In the case of Windows Server 2016 Standard, this would give you rights to install two virtual machines. To allow four virtual machines, you would need to fully license all processors in the server again.

Client Access Licenses

On a Windows-based network, you need to license your clients in addition to the servers. A Client Access License (CAL) provides users or devices with rights to access services that are running on the servers. For example, if a computer is joined to the domain and a user signs in to the network, then a CAL is required. That CAL can be a user CAL for the person who is connecting to the network. The CAL can also be a device CAL for the computer that is being used to connect to the network. Only one CAL is required, either a user CAL or a device CAL.

When you purchase CALs, you need to determine whether user or device CALs are most cost-effective for your organization. If a single user has multiple devices that access network services, such as a desktop computer and laptop computer, then a user CAL is most cost-effective. If a single device is used by multiple users, such as a call center with multiple shifts, then a device CAL is most cost-effective. You can combine user and device CALs as you deem appropriate.

CALs are paper-based licensing. This means that you need to track your users and devices accurately, but Windows Server 2016 does not monitor licenses in use. You also do not need to specifically assign your licenses to user accounts or computers.

Licensing Programs

Microsoft has a variety of different licensing programs with different benefits, restrictions, and costs. You can obtain Windows Server 2016 licenses and CALs through a number of these programs. As these programs change over time, you'll need to talk with an expert about how you should purchase your licenses. However, here is a high-level overview of a few licensing methods:

Original Equipment Manufacturer (OEM). This type of licensing can be purchased when you buy a new physical server. It is generally the least expensive option but cannot be moved to other hardware.

Volume license. This type of license is more flexible than OEM licensing because it is not restricted to a specific physical server. The frequency that you can move this license between servers is restricted. This is an important consideration for high-availability scenarios where virtual machines can move between virtualization hosts.

Software assurance. This type of license is added on to volume licensing to include software upgrades. Software assurance also offers additional benefits such as the ability to move licenses between physical servers as often as you like.

Enterprise agreement. This type of licensing is user-based rather than server-based. For a set fee per user in the organization, you can run the number of server instances necessary to meet your needs. This type of license also includes CALs and may include other products such as SQL Server and Exchange Server.

Other Editions of Windows Server 2016

Windows Server 2016 Essentials is an edition of Windows Server 2016 that is targeted at small businesses. Licensing for this edition of Windows Server 2016 is simpler than Standard or Datacenter editions because it does not require CALs. Instead, Windows Server 2016 Essentials has a limit of 25 users and 50 devices. There are also no virtualization rights for multiple instances, a 64 GB limit on memory, and a limit of two physical CPUs. To simplify deployment some server roles and features are automatically installed and configured.

Windows Storage Server 2016 is available only through hardware vendors for storage appliances. There are a limited number of server roles because this edition is designed to be a general-purpose operating system. For example, you can't configure Windows Storage Server 2016 as a domain controller.

For more information about Windows Server 2016 licensing, see Windows Server 2016 Licensing & Pricing at https://www.microsoft.com/en-us/cloud-platform/windows-server-pricing.

Installing Windows Server 2016

Physical servers are specialized hardware that often require drivers that are not included as part of Windows Server 2016. Before you begin installing, you should obtain all the necessary drivers for your server. Some manufacturers have a specialized process for installing Windows Server 2016 that injects the drivers during the installation process.

The firmware for a modern server is Unified Extensible Firmware Interface (UEFI) rather than the older Basic Input Output System (BIOS). Although you can set UEFI firmware to legacy mode to emulate BIOS, there is no need to do that. Windows Server 2016 can be booted using UEFI firmware. Additionally, using UEFI provides advantages such as booting from larger disks and a more secure boot process.

Real World ScenarioINSTALLING IN VIRTUAL MACHINES

It's likely that you'll be deploying most servers as virtual machines. Virtual machines provide a lot of flexibility for deployment and management. To work properly in a virtual environment, Windows Server 2016 needs to have the correct drivers for that virtual environment, just as Windows Server 2016 needs to have the correct drivers to work properly on physical hardware.

When you install Windows Server 2016 in a virtual machine on a Hyper-V host, the installation files include all the necessary drivers. If you create a Generation 1 virtual machine, it emulates BIOS firmware. If you create a Generation 2 virtual machine, it uses UEFI firmware. Windows Server 2016 works properly with either type of firmware.

If you install Windows Server 2016 in a virtual machine using another type of hypervisor, such as VMware, then you generally need to install additional drivers. For example, you would install VMware Tools for virtual machines running on VMware.

Before installing, you should also plan the disk partitioning for your server. A key consideration is the size of the C: drive that is used for the operating system. The C: drive needs to be large enough to support not only the initial installation of Window Server 2016, but also any updates that are installed over time. Additionally, most organizations keep applications and data on separate partitions from the operating system whenever possible. Separating applications and data from the operating system helps to prevent the operating system drive from running out of space and can simplify backup and restore.

Installation Steps