Mastering Windows Server 2019 E-Book

Mastering Windows Server 2019 Second Edition

Copyright © 2019 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin BorichaAcquisition Editor: Meeta RajaniContent Development Editor: Abhijit SreedharanTechnical Editor:Aditya KhadyeCopy Editor:Safis EditingProject Coordinator:Jagdish PrabhuProofreader: Safis EditingIndexer:Pratik ShirodkarGraphics: Tom ScariaProduction Coordinator: Jayalaxmi Raja

First published: October 2016 Second edition: March 2019

Production reference: 1150319

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78980-453-9

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Contributors

About the author

Jordan Krause is a six-time Microsoft MVP, currently awarded in the Cloud and Datacenter Management category. He has the unique opportunity of working daily with Microsoft networking and remote access technologies. Jordan specializes in Microsoft DirectAccess and Always On VPN. Committed to continuous learning, Jordan holds Microsoft certifications as an MCP, MCTS, MCSA, and MCITP Enterprise Administrator, and regularly writes articles reflecting his experiences with these technologies. Jordan lives in beautiful West Michigan (USA), but works daily with companies around the world.

About the reviewers

Anderson Patricio is a Canadian Microsoft MVP and an IT consultant based in Toronto. His areas of expertise are Microsoft Exchange, Skype for Business, Azure, System Center, and Active Directory. Anderson is an active member of the Exchange Community and he contributes in forums, blogs, articles, and videos. In Portuguese, his website contains thousands of Microsoft tutorials to help the local community, as well as his speaking engagements at TechED in South America and MVA Academy training courses.

Premnath Sambasivam is a Technical Analyst with 6 years of experience in Windows, VMWare, and SCCM administration. He is a MCSE Cloud Platform and Infrastructure certified professional. He has developed and deployed the Microsoft System Center Configuration Manager solution to manage more than 6,000 assets in his client's environment. He loves learning more about and exploring Azure. He is a Microsoft enthusiast.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Mastering Windows Server 2019 Second Edition

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Conventions used

Get in touch

Reviews

Getting Started with Windows Server 2019

The purpose of Windows Server

It's getting cloudy out there

Public cloud

Private cloud

Windows Server versions and licensing

Standard versus Datacenter

Desktop Experience/Server Core/Nano Server

Desktop Experience

Server Core

Nano Server

Licensing models - SAC and LTSC

Semi-Annual Channel (SAC)

Long-Term Servicing Channel (LTSC)

Overview of new and updated features

The Windows 10 experience continued

Hyper-Converged Infrastructure

Windows Admin Center

Windows Defender Advanced Threat Protection

Banned Passwords

Soft restart

Integration with Linux

Enhanced Shielded Virtual Machines

Azure Network Adapter

Always On VPN

Navigating the interface

The updated Start menu

The Quick Admin Tasks menu

Using the Search function

Pinning programs to the taskbar

The power of right-clicking

Using the newer Settings screen

Two ways to do the same thing

Creating a new user through Control Panel

Creating a new user through the Settings menu

Task Manager

Task View

Summary

Questions

Installing and Managing Windows Server 2019

Technical requirements

Installing Windows Server 2019

Burning that ISO

Creating a bootable USB stick

Running the installer

Installing roles and features

Installing a role using the wizard

Installing a feature using PowerShell

Centralized management and monitoring

Server Manager

Remote Server Administration Tools (RSAT)

Does this mean RDP is dead?

Remote Desktop Connection Manager

Windows Admin Center (WAC)

Installing Windows Admin Center

Launching Windows Admin Center

Adding more servers to Windows Admin Center

Managing a server with Windows Admin Center

Enabling quick server rollouts with Sysprep

Installing Windows Server 2019 onto a new server

Configuring customizations and updates onto your new server

Running Sysprep to prepare and shut down your master server

Creating your master image of the drive

Building new servers using copies of the master image

Summary

Questions

Core Infrastructure Services

What is a Domain Controller?

Active Directory Domain Services

Using AD DS to organize your network

Active Directory Users and Computers

User accounts

Security Groups

Prestaging computer accounts

Active Directory Domains and Trusts

Active Directory Sites and Services

Active Directory Administrative Center

Dynamic Access Control

Read-Only Domain Controllers (RODC)

The power of Group Policy

The Default Domain Policy

Creating and linking a new GPO

Filtering GPOs to particular devices

Domain Name System (DNS)

Different kinds of DNS records

Host record (A or AAAA)

ALIAS record - CNAME

Mail Exchanger record (MX)

Name Server (NS) record

ipconfig /flushdns

DHCP versus static addressing

The DHCP scope

DHCP reservations

Back up and restore

Schedule regular backups

Restoring from Windows

Restoring from the installer disc

MMC and MSC shortcuts

Summary

Questions

Certificates in Windows Server 2019

Common certificate types

User certificates

Computer certificates

SSL certificates

Single-name certificates

Subject Alternative Name certificates

Wildcard certificates

Planning your PKI

Role services

Enterprise versus Standalone

Root versus Subordinate (issuing)

Naming your CA server

Can I install the CA role onto a domain controller?

Creating a new certificate template

Issuing your new certificates

Publishing the template

Requesting a cert from MMC

Requesting a cert from the Web interface

Creating an auto-enrollment policy

Obtaining a public-authority SSL certificate

Public/private key pair

Creating a Certificate Signing Request

Submitting the certificate request

Downloading and installing your certificate

Exporting and importing certificates

Exporting from MMC

Exporting from IIS

Importing into a second server

Summary

Questions

Networking with Windows Server 2019

Introduction to IPv6

Understanding IPv6 IP addresses

Your networking toolbox

ping

tracert

pathping

Test-Connection

telnet

Test-NetConnection

Packet tracing with Wireshark or Message Analyzer

TCPView

Building a routing table

Multi-homed servers

Only one default gateway

Building a route

Adding a route with the Command Prompt

Deleting a route

Adding a route with PowerShell

NIC Teaming

Software-defined networking

Hyper-V Network Virtualization

Private clouds

Hybrid clouds

How does it work?

System Center Virtual Machine Manager

Network controller

Generic Routing Encapsulation

Microsoft Azure Virtual Network

Windows Server Gateway/SDN Gateway

Virtual network encryption

Bridging the gap to Azure

Azure Network Adapter

Summary

Questions

Enabling Your Mobile Workforce

Always On VPN

Types of AOVPN tunnel

User Tunnels

Device Tunnels

Device Tunnel requirements

AOVPN client requirements

Domain-joined

Rolling out the settings

AOVPN server components

Remote Access Server

IKEv2

SSTP

L2TP

PPTP

Certification Authority (CA)

Network Policy Server (NPS)

DirectAccess

The truth about DirectAccess and IPv6

Prerequisites for DirectAccess

Domain-joined

Supported client operating systems

DirectAccess servers get one or two NICs

Single NIC Mode

Dual NICs

More than two NICs

To NAT or not to NAT?

6to4

Teredo

IP-HTTPS

Installing on the true edge – on the internet

Installing behind a NAT

Network Location Server

Certificates used with DirectAccess

SSL certificate on the NLS web server

SSL certificate on the DirectAccess server

Machine certificates on the DA server and all DA clients

Do not use the Getting Started Wizard (GSW)!

Remote Access Management Console

Configuration

Dashboard

Operations Status

Remote Client Status

Reporting

Tasks

DA, VPN, or AOVPN? Which is best?

Domain-joined or not?

Auto or manual launch

Software versus built-in

Password and login issues with traditional VPNs

Port-restricted firewalls

Manual disconnect

Native load-balancing capabilities

Distribution of client configurations

Web Application Proxy

WAP as AD FS Proxy

Requirements for WAP

Latest improvements to WAP

Preauthentication for HTTP Basic

HTTP to HTTPS redirection

Client IP addresses forwarded to applications

Publishing Remote Desktop Gateway

Improved administrative console

Summary

Questions

Hardening and Security

Windows Defender Advanced Threat Protection

Installing Windows Defender AV

Exploring the user interface

Disabling Windows Defender

What is ATP, anyway?

Windows Defender ATP Exploit Guard

Windows Defender Firewall – no laughing matter

Three Windows Firewall administrative consoles

Windows Defender Firewall (Control Panel)

Firewall & network protection (Windows Security Settings)

Windows Defender Firewall with Advanced Security (WFAS)

Three different firewall profiles

Building a new inbound firewall rule

Creating a rule to allow pings (ICMP)

Managing WFAS with Group Policy

Encryption technologies

BitLocker and the virtual TPM

Shielded VMs

Encrypted virtual networks

Encrypting File System

IPsec

Configuring IPsec

Server policy

Secure Server policy

Client policy

IPsec Security Policy snap-in

Using WFAS instead

Banned passwords

Advanced Threat Analytics

General security best practices

Getting rid of perpetual administrators

Using distinct accounts for administrative access

Using a different computer to accomplish administrative tasks

Never browse the internet from servers

Role-Based Access Control (RBAC)

Just Enough Administration (JEA)

Summary

Questions

Server Core

Why use Server Core?

No more switching back and forth

Interfacing with Server Core

PowerShell

Using cmdlets to manage IP addresses

Setting the server hostname

Joining your domain

Remote PowerShell

Server Manager

Remote Server Administration Tools

Accidentally closing Command Prompt

Windows Admin Center for managing Server Core

The Sconfig utility

Roles available in Server Core

What happened to Nano Server?

Summary

Questions

Redundancy in Windows Server 2019

Network Load Balancing (NLB)

Not the same as round-robin DNS

What roles can use NLB?

Virtual and dedicated IP addresses

NLB modes

Unicast

Multicast

Multicast IGMP

Configuring a load-balanced website

Enabling NLB

Enabling MAC address spoofing on VMs

Configuring NLB

Configuring IIS and DNS

Testing it out

Flushing the ARP cache

Failover clustering

Clustering Hyper-V hosts

Virtual machine load balancing

Clustering for file services

Scale-out file server

Clustering tiers

Application-layer clustering

Host-layer clustering

A combination of both

How does failover work?

Setting up a failover cluster

Building the servers

Installing the feature

Running the failover cluster manager

Running cluster validation

Running the Create Cluster wizard

Recent clustering improvements in Windows Server

True two-node clusters with USB witnesses

Higher security for clusters

Multi-site clustering

Cross-domain or workgroup clustering

Migrating cross-domain clusters

Cluster operating-system rolling upgrades

Virtual machine resiliency

Storage Replica (SR)

Storage Spaces Direct (S2D)

New in Server 2019

Summary

Questions

PowerShell

Why move to PowerShell?

Cmdlets

PowerShell is the backbone

Scripting

Server Core

Working within PowerShell

Launching PowerShell

Default Execution Policy

Restricted

AllSigned

RemoteSigned

Unrestricted

The Bypass mode

Using the Tab key

Useful cmdlets for daily tasks

Using Get-Help

Formatting the output

Format-Table

Format-List

PowerShell Integrated Scripting Environment

PS1 files

PowerShell Integrated Scripting Environment

Remotely managing a server

Preparing the remote server

The WinRM service

Enable-PSRemoting

Allowing machines from other domains or workgroups

Connecting to the remote server

Using -ComputerName

Using Enter-PSSession

Desired State Configuration

Summary

Questions

Containers and Nano Server

Understanding application containers

Sharing resources

Isolation

Scalability

Containers and Nano Server

Windows Server containers versus Hyper-V containers

Windows Server Containers

Hyper-V Containers

Docker and Kubernetes

Linux containers

Docker Hub

Docker Trusted Registry

Kubernetes

Working with containers

Installing the role and feature

Installing Docker for Windows

Docker commands

docker --help

docker images

docker search

docker pull

docker run

docker ps -a

docker info

Downloading a container image

Running a container

Summary

Questions

Virtualizing Your Data Center with Hyper-V

Designing and implementing your Hyper-V Server

Installing the Hyper-V role

Using virtual switches

The external virtual switch

The internal virtual switch

The private virtual switch

Creating a new virtual switch

Implementing a new virtual server

Starting and connecting to the VM

Installing the operating system

Managing a virtual server

Hyper-V Manager

The Settings menu

Checkpoints

Hyper-V Console, Remote Desktop Protocol (RDP), or PowerShell

Windows Admin Center (WAC)

Shielded VMs

Encrypting VHDs

Infrastructure requirements for shielded VMs

Guarded hosts

Host Guardian Service (HGS)

Host attestations

TPM-trusted attestations

Host key attestations

Admin-trusted attestation – deprecated in 2019

Integrating with Linux

ReFS deduplication

ReFS

Data deduplication

Why is this important to Hyper-V?

Hyper-V Server 2019

Summary

Questions

Assessments

Chapter 1: Getting Started with Windows Server 2019

Chapter 2: Installing and Managing Windows Server 2019

Chapter 3: Core Infrastructure Services

Chapter 4: Certificates in Windows Server 2019

Chapter 5: Networking with Windows Server 2019

Chapter 6: Enabling Your Mobile Workforce

Chapter 7: Hardening and Security

Chapter 8: Server Core

Chapter 9: Redundancy in Windows Server 2019

Chapter 10: PowerShell

Chapter 11: Containers and Nano Server

Chapter 12: Virtualizing Your Data Center with Hyper-V

Another Book You May Enjoy

Leave a review - let other readers know what you think

Preface

I'm really not sure how or when it happened, but we are almost at the year 2020! In fact, part of me really wishes that Microsoft had held out on releasing this new version of Windows Server, just so that we could call it Server 2020. Alas, we will have to make do with the far less exotic sounding Server 2019. How amazing to look back and reflect on all of the big changes that have happened in terms of technology over the past 20 years. In some ways, it seems that Y2K has just happened and everyone has been scrambling to make sure their DOS-based and green screen applications are prepared to handle four-digit date ranges. It seems unthinkable to us now that these systems could have been created in a way that was so short-sighted. Did we not think the world would make it to the year 2000? Today, we build technology with such a different perspective and focus. Everything is centralized, redundant, global, and cloud-driven. Users expect 100% uptime, from wherever they are, on whatever device that happens to be sitting in front of them. The world has truly changed.

And, as the world has changed, so has the world of technology infrastructure. This year, we are being introduced to Microsoft's Windows Server 2019. Before we know it, we will be sitting in the year 2020. We are now living in and beyond Doc and Marty's future. My kids have actually ridden around on something called a hoverboard, for crying out loud!

From a user's perspective, as a consumer of data, backend computing requirements are becoming almost irrelevant. Things such as maintenance windows, scheduled downtime, system upgrades, slowness due to weak infrastructure—these items have to become invisible to the workforce. We are building our networks in ways that allow knowledge workers and developers to do their jobs without consideration for what is supporting their job functions. What do we use to support that level of reliability and resiliency? Our data centers haven't disappeared. Just because we use the words "cloud" and "private cloud" so often doesn't make them magic. What makes all of this centralized, "spin up what you need" mentality a reality is still physical servers running inside physical data centers.

And what is it that drives the processing power of these data centers for the majority of companies in the world? Windows Server. In fact, even if you have gone all-in for cloud adoption and host 100% of your serving resources in the Azure Cloud, you are still making use of Windows Server 2019. It is the operating system that underpins all of Azure! Server 2019 is truly ready to service even the heaviest workloads, in the newest cloud-centric ways.

Over the last few years, we have all become familiar with Software-Defined Computing, using virtualization technology to turn our server workloads into a software layer. Now, Microsoft is expanding on this idea with new terms such as Software-Defined Networking, and even an entire Software-Defined Data Center. The technologies that make these happen allow us to virtualize and share resources on a grand scale.

In order to make our workloads more flexible and cloud-ready, Microsoft is taking major steps in shrinking the server compute platform and creating new ways of interfacing with those servers. There is an underlying preference for new Windows Servers to be running the smaller, efficient, and more secure Server Core interface. Additionally, application containers have made huge advancements over the past year, and Server 2019 now allows us to transition our applications into containers in order to run them in isolation from each other and on a mass scale. We also have new centralized management tools for administering our servers and networks, namely, the brand new Windows Admin Center that we will be discussing in the forthcoming pages.

Let's take some time together to explore the inner workings of the newest version of this server operating system, which will drive and support so many of our business infrastructures over the coming years. Windows servers have dominated our data centers' rackspaces for more than two decades. Will this newest iteration in the form of Windows Server 2019 continue that trend?

Who this book is for

Anyone interested in Windows Server 2019 or in learning more in general about a Microsoft-centric data center will benefit from this book. An important deciding factor when choosing which content was appropriate for such a volume was making sure that anyone who had a baseline in working with computers could pick this up and start making use of it within their own networks. If you are already proficient in Microsoft infrastructure technologies and have worked with prior versions of Windows Server, then there are some focused topics on the aspects and parts that are brand new and only available in Server 2019. On the other hand, if you are currently in a desktop support role, or if you are coming fresh into the IT workforce, care was taken in the pages of this book to ensure that you will receive a rounded understanding, not only of what is brand new in Server 2019, but also what core capabilities it includes as carryovers from previous versions of the operating system, and that are still crucial to be aware of when working in a Microsoft-driven data center.

What this book covers

Chapter 1, Getting Started with Windows Server 2019, gives us an introduction to the new operating system and an overview of the new technologies and capabilities that it can provide. We will also spend a little bit of time exploring the updated interface for those who may not be comfortable with it yet.

Chapter 2, Installing and Managing Windows Server 2019, dives right into the very first thing we will have to do when working with Server 2019; installing it! While this seems like a simple task, there are a number of versioning and licensing variables that need to be understood before you proceed with your own install. From there, we will start to expand upon Microsoft's centralized management mentality, exploring the ways in which we can now manage and interact with our servers without ever having to log into them.

Chapter 3, Core Infrastructure Services, gives us a solid baseline on the technologies that make up the infrastructure of any Microsoft-centric network. We will discuss the big three—Active Directory (AD), Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP)—and also address some server backup capabilities, as well as a cheat-sheet list of Microsoft Management Console (MMC) and Microsoft Configuration (MSC) shortcuts to make your day job easier.

Chapter 4, Certificates in Windows Server 2019, jumps into one of the pieces of Windows Server that has existed for many years and yet, the majority of server administrators that I meet are unfamiliar with it. Let's take a closer look at certificates as they become more and more commonly required for the new technologies that we roll out. By the end of this chapter, you should be able to spin up your own PKI and start issuing certificates for free!

Chapter 5, Networking with Windows Server 2019, begins with an introduction to that big, scary IPv6, and continues from there into building a toolbox of items that are baked into Windows Server 2019 and can be used in your daily networking tasks. We will also discuss Software-Defined Networking.

Chapter 6, Enabling Your Mobile Workforce, takes a look at the different remote access technologies that are built into Windows Server 2019. Follow along as we explore the capabilities provided by VPN, DirectAccess, Web Application Proxy, and the brand new Always On VPN.

Chapter 7, Hardening and Security, gives some insight into security and encryption functions that are built into Windows Server 2019. Security is the priority focus of CIOs everywhere this year, so let's explore what protection mechanisms are available to us out of the box.

Chapter 8, Server Core, throws us into the shrinking world of headless servers. Server Core has flown under the radar for a number of years, but is critical to understand as we bring our infrastructures into a more security-conscious mindset. Let's make sure you have the information necessary to make your environment more secure and more efficient, all while lowering the amount of space and resources that are consumed by those servers.

Chapter 9, Redundancy in Windows Server 2019, takes a look at some platforms in Server 2019 that provide powerful data and computing redundancy. Follow along as we discuss Network Load Balancing, Failover Clustering, and information on the updated Storage Spaces Direct.

Chapter 10, PowerShell, gets us into the new, blue command-line interface so that we can become comfortable using it, and also learn why it is so much more powerful than Command Prompt. PowerShell is quickly becoming an indispensable tool for administering servers, especially in cases where you are adopting a centralized management and administration mindset.

Chapter 11, Containers and Nano Server, incorporates the terms open source and Linux in a Microsoft book! Application containers are quickly becoming the new standard for hosting modern, scalable applications. Learn how to start enhancing your DevOps story through the use of tools such as Windows Server Containers, Hyper-V Containers, Docker, and Kubernetes.

Chapter 12, Virtualizing Your Data Center with Hyper-V, covers a topic that every server administrator should be very familiar with. Organizations have been moving their servers over to virtual machines in mass quantities for many years. Let's use this chapter to make sure you understand how that hypervisor works, and give you the resources required to build and manage one if and when you have the need.

To get the most out of this book

Each technology that we discuss within the pages of this book is included in, or relates directly to, Windows Server 2019. If you can get your hands on a piece of server hardware and the Server 2019 installer files, you will be equipped to follow along and try these things out for yourself. We will talk about and reference some enterprise-class technologies that come with stiffer infrastructure requirements in order to make them work fully, and so you may have to put the actual testing of those items on hold until you are working in a more comprehensive test lab or environment, but the concepts are all still included in this book.

We will also discuss some items that are not included in Server 2019 itself, but that are used to extend the capabilities and features of it. Some of these items help tie us into an Azure Cloud environment, and some are provided by third parties, such as using Docker and Kubernetes on your Server 2019 in order to interact with application containers. Ultimately, you do not need to use these tools in order to manage your new Windows Server 2019 environment, but they do facilitate some pretty cool things that I think you will want to look into.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Inside DNS, I am going to create an alias record that redirects intranet to web1."

Any command-line input or output is written as follows:

Uninstall-WindowsFeature -Name Windows-Defender

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Simply find the appropriate OU for his account to reside within, right-click on the OU, and navigate to New | User."

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in, and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Getting Started with Windows Server 2019

About 10 years ago, Microsoft adjusted its operating system release ideology so that the latest Windows Server operating system is always structured very similarly to the latest Windows client operating system. This has been the trend for some time now, with Server 2008 R2 closely reflecting Windows 7, Server 2012 feeling a lot like Windows 8, and many of the same usability features that came with the Windows 8.1 update are also included with Server 2012 R2. This, of course, carried over to Server 2016 as well—giving it the same look and feel as if you were logged into a Windows 10 workstation.

Now that we are all familiar and comfortable with the Windows 10 interface, we typically have no problems jumping right into the Server 2016 interface and giving it a test drive. Windows Server 2019 is once again no exception to this rule, except that the release of client-side operating systems has shifted a little bit. Now, instead of releasing new versions of Windows (11, 12, 13, and so on), we are, for the time being, simply sticking with Windows 10 and giving it sub-version numbers, indicative of the dates when that operating system was released. For example, Windows 10 version 1703 released around March of 2017. Windows 10 version 1709 was released in September of 2017. Then, we have had 1803 and 1809 as well—although 1809 was delayed a little and didn't release until somewhere closer to November, but that wasn't the original plan. The current plan is Windows OS releases every six months or so, but expecting IT departments to lift and shift all of their servers just for the purposes of moving to an OS that is six months newer is crazy; sometimes it takes longer than that just to plan a migration.

Anyway, I'm getting ahead of myself a little, as we will be discussing versioning of Windows Server later in this chapter, during our Windows Server versions and licensing section. The point here is that Windows Server 2019 looks and feels like the latest version of the Windows client operating system that was released at about the same time—that OS being Windows 10 1809. Before we get started talking about the features of Windows Server, it is important to establish a baseline for usability and familiarity in the operating system itself before diving deeper into the technologies running under the hood.

Let's spend a few minutes exploring the new graphical interface and options that are available for finding your way around this latest release of Windows Server, with a view to covering the following topics in this chapter:

The purpose of Windows Server

It's getting cloudy out there

Windows Server versions and licensing

Overview of new and updated features

Navigating the interface

Using the newer Settings screen

Task Manager

Task View

The purpose of Windows Server

Is asking what the purpose of Windows Server a silly question? I don't think so. It's a good question to ponder, especially now that the definition for servers and server workloads is changing on a regular basis. The answer to this question for Windows clients is simpler. A Windows client machine is a requester, consumer, and contributor of data.

From where is this data being pushed and pulled? What enables the mechanisms and applications running on the client operating systems to interface with this data? What secures these users and their data? The answers to these questions reveal the purpose of servers in general. They house, protect, and serve up the data to be consumed by clients.

Everything revolves around data in business today. Our email, documents, databases, customer lists—everything that we need to do business well, is data. That data is critical to us. Servers are what we use to build the fabric upon which we trust our data to reside.

We traditionally think about servers using a client-server interface mentality. A user opens a program on their client computer, this program reaches out to a server in order to retrieve something, and the server responds as needed. This idea can be correctly applied to just about every transaction you may have with a server. When your domain-joined computer needs to authenticate you as a user, it reaches out to Active Directory on the server to validate your credentials and get an authentication token. When you need to contact a resource by name, your computer asks a DNS server how to get there. If you need to open a file, you ask the file server to send it your way.

Servers are designed to be the brains of our operation, and often by doing so transparently. In recent years, large strides have been taken to ensure resources are always available and accessible in ways that don't require training or a large effort on the part of our employees.

In most organizations, many different servers are needed in order to provide your workforce with the capabilities they require. Each service inside Windows Server is provided as, or as part of, a role. When you talk about needing new servers or configuring a new server for any particular task, what you are really referring to is the individual role or roles that are going to be configured on that server in order to get the work done. A server without any roles installed is useless, though depending on the chassis, can make an excellent paperweight. A 3U SAN device could weigh upwards of 100 pounds and keep your desk orderly even in the middle of a hurricane!

If you think of roles as the meat and potatoes of a server, then the next bit we will discuss is sort of like adding salt and pepper. Beyond the overhead roles you will install and configure on your servers, Windows also contains many features that can be installed, which sometimes stand alone, but more often complement specific roles in the operating system. Features may be something that complement and add functionality to the base operating system such as Telnet Client, or a feature may be added to a server in order to enhance an existing role, such as adding the Network Load Balancing feature to an already-equipped remote access or IIS server. The combination of roles and features inside Windows Server is what equips that piece of metal to do work.

This book will, quite obviously, focus on a Microsoft-centric infrastructure. In these environments, Windows Server operating system is king, and is prevalent across all facets of technology. There are alternatives to Windows Server, and different products which can provide some of the same functions to an organization, but it is quite rare to find a business environment anywhere that is running without some semblance of a Microsoft infrastructure.

Windows Server contains an incredible amount of technology, all wrapped up in one small installation disk. With Windows Server 2019, Microsoft has gotten us thinking out of the box about what it means to be a server in the first place, and comes with some exciting new capabilities that we will spend some time covering in these pages. Things such as PowerShell, Windows Admin Center, and Storage Spaces Direct are changing the way that we manage and size our computing environments; these are exciting times to be or to become a server administrator!

It's getting cloudy out there

There's this new term out there, you may have even heard of it...cloud. While the word "cloud" has certainly turned into a buzzword that is often misused and spoken of inappropriately, the idea of cloud infrastructure is an incredibly powerful one. A cloud fabric is one that revolves around virtual resources—virtual machines, virtual disks, and even virtual networks. Being plugged into the cloud typically enables things like the ability to spin up new servers on a whim, or even the ability for particular services themselves to increase or decrease their needed resources automatically, based on utilization.

Think of a simple e-commerce website where a consumer can go to order goods. Perhaps 75% of the year, they can operate this website on a single web server with limited resources, resulting in a fairly low cost of service. But, the other 25% of the year, maybe around the holiday seasons, utilization ramps way up, requiring much more computing power. Prior to cloud mentality, this would mean that the company would need to size their environment to fit the maximum requirements all the time, in case it was ever needed. They would be paying for more servers and much more computing power than was needed for the majority of the year. With a cloud fabric, giving the website the ability to increase or decrease the number of servers it has at its disposal as needed, the total cost of such a website or service can be drastically decreased. This is a major driving factor of cloud in business today.

Public cloud

Most of the time, when your neighbor Suzzi Knowitall talks to you about the cloud, she is simply talking about the internet. Well, more accurately she is talking about some service that she uses, which she connects to by using the internet. For example, Office 365, Google Drive, OneDrive, Dropbox—these are all public cloud resources, as they are storing your data in the cloud. In reality, your data is just sitting on servers which you access via the internet, but you can't see those servers and you don't have to administer and maintain those servers, which is why it feels like magic and is then referred to as the cloud.

To IT departments, the term "cloud" more often means one of the big three cloud hosting providers. Since this is a Microsoft-driven book, and since I truly feel this way anyway, Azure is top-notch in this category. Azure itself is another topic for another (or many other) book, but is a centralized cloud compute architecture that can host your data, your services, or even your entire network of servers.

Moving your datacenter to Azure enables you to stop worrying or caring about server hardware, replacing hard drives, and much more. Rather than purchasing servers, unboxing them, racking them, installing Windows on them, and then setting up the roles you want configured, you simply click a few buttons to spin up new virtual servers that can be resized at any time for growth. You then pay smaller op-ex costs for these servers—monthly or annual fees for running systems inside the cloud, rather than the big cap-ex costs for server hardware in the first place.

Other cloud providers with similar capabilities are numerous, but the big three are Azure, Amazon (AWS), and Google. As far as enterprise is concerned, Azure simply takes the cake and eats it too. I'm not sure that the others will ever be able to catch up with all of the changes and updates that Microsoft constantly makes to the Azure infrastructure.

Private cloud

While most people working in the IT sector these days have a pretty good understanding of what it means to be part of a cloud service, and many are indeed doing so today, a term which is being pushed into enterprises everywhere and is still many times misunderstood is private cloud. At first, I took this to be a silly marketing ploy, a gross misuse of the term "cloud" to try and appeal to those hooked by buzzwords. Boy was I wrong. In the early days of private clouds, the technology wasn't quite ready to stand up to what was being advertised.

Today, however, that story has changed. It is now entirely possible to take the same fabric that is running up in the true, public cloud, and install that fabric right inside your data center. This enables you to provide your company with cloud benefits such as the ability to spin resources up and down, and to run everything virtualized, and to implement all of the neat tips and tricks of cloud environments, with all of the serving power and data storage remaining locally owned and secured by you. Trusting cloud storage companies to keep data safe and secure is absolutely one of the biggest blockers to implementation on the true public cloud, but, by installing your own private cloud, you get the best of both worlds, specifically stretchable compute environments with the security of knowing you still control and own all of your own data.

This is not a book about clouds, public or private. I mention this to give a baseline for some of the items we will discuss in later chapters, and also to get your mouth watering a little bit to dig in and do a little reading yourself on cloud technology. You will see Windows Server 2019 interface in many new ways with the cloud, and will notice that so many of the underlying systems available in Server 2019 are similar to, if not the same as, those becoming available inside Microsoft Azure.

In these pages, we will not focus on the capabilities of Azure, but rather a more traditional sense of Windows Server that would be utilized on-premise. With the big push toward cloud technologies, it's easy to get caught with blinders on and think that everything and everyone is quickly running to the cloud for all of their technology needs, but it simply isn't true. Most companies will have the need for many on-premise servers for many years to come; in fact, many may never put full trust in the cloud and will forever maintain their own data centers. These data centers will have local servers that will require server administrators to manage them. That is where you come in.

Windows Server versions and licensing

Anyone who has worked with the design or installation of a Windows Server in recent years is probably wondering which direction we are taking within this book. You see, there are different capability editions, different technical versions, plus different licensing models of Windows Server. Let's take a few minutes to cover those differences so that you can have a well-rounded knowledge of the different options, and so that we can define which portions we plan to discuss over the course of this book.

Standard versus Datacenter

When installing the Windows Server 2019 operating system onto a piece of hardware, as you will experience in Chapter 2, Installing and Managing Windows Server 2019, you will have two different choices on server capability. The first is Server 2019 Standard, which is the default option and one that includes most of your traditional Windows Server roles. While I cannot give you details on pricing because that could potentially be different for every company depending on your agreements with Microsoft, Standard is the cheaper option and is used most commonly for installations of Windows Server 2019.

Datacenter, on the other hand, is the luxury model. There are some roles and features within Windows Server 2019 that only work with the Datacenter version of the operating system, and they are not available inside Standard. If ever you are looking to a new piece of Microsoft technology to serve a purpose in your environment, make sure to check over the requirements to find out whether you will have to build a Datacenter server. Keep in mind that Datacenter can cost significantly more money than Standard, so you generally only use it in places where it is actually required. For example, if you are interested in hosting Shielded VMs or working with Storage Spaces Direct, you will be required to run the Server 2019 Datacenter edition on the servers related to those technologies.

One of the biggest functional differences between Standard and Datacenter is the number of virtual machines (VMs) that they can host. Server 2019 Standard can only run two VMs on it at any given time, which is a pretty limiting factor if you were looking to build out a Hyper-V server. Datacenter allows you to run unlimited numbers of VMs, which makes it a no-brainer when building your virtualization host servers. For running Hyper-V, Datacenter is the way to go. 

Desktop Experience/Server Core/Nano Server

Next up are the different footprints and user interfaces that you can run on your Windows Server 2019 machines. There are three different versions of Windows Server that can be used, and the correct one for you depends on what capabilities and security you are looking for.

Desktop Experience

This is the most common choice among Windows Servers everywhere. Whether you are building a Windows Server 2019 Standard or Datacenter, you have a choice of running Server with or without a graphical user interface. The traditional look and feel, point-and-click interface is called Desktop Experience. This allows things such as RDPing into your servers, having a traditional desktop, being able to use the graphical Server Manager right from your logged-in server, and all in all is the best way to go if you are new to server administration.

If you are familiar with navigating around inside Windows 10, then you should be able to at least make your way around in Windows Server 2019 running Desktop Experience. This is the version of Windows Server 2019 that we will be focusing on for the majority of this book, and almost all of the screenshots will be taken from within a Desktop Experience environment.

Server Core

As you will see when we install Windows Server 2019 together, the default option for installation is not Desktop Experience. What this means is that choosing the default install path would instead place a headless version of Windows Server onto your machine, most commonly referred to as Server Core. The nature of being headless makes Server Core faster and more efficient than Desktop Version, which makes sense because it doesn't have to run all of that extra code and consume all of those extra resources for launching and displaying a huge graphical interface.

Almost anything that you want to do within Windows Server is possible to do on either Server Core or Desktop Experience, the main differences being interface and security. To be able to use Server Core, you definitely have to be comfortable with a command-line interface (namely PowerShell), and you also have to consider remote server management to be a reliable way of interacting with your servers. We will talk much more about Server Core in Chapter 8, Server Core.

The largest benefit that Server Core brings to the table, other than performance, is security. Most malware that attempts to attack Windows Servers is reliant upon items that exist inside the GUI of Desktop Experience. Since those things aren't even running inside Server Core—alas, you couldn't get to a desktop even if you wanted to—attacks against Server Core machines are much, much less successful.

Nano Server

A third platform for Windows Server 2019 does exist, known as Nano Server. This is a tiny version of Windows Server, headless like Server Core but running an even smaller footprint. The last time I booted up a Nano Server, it consumed less than 500 MB of data for the complete operating system, which is incredible.

It seemed like Nano Server was discussed much more surrounding the release of Server 2016, because at that time Microsoft was pressing forward with plans to include a whole bunch of roles inside Nano Server so that we could start replacing some of our bloated, oversized everyday servers with Nano, but that mentality has since gone by the wayside.

As of this writing, Nano Server is pretty well married to the use of containers. In fact, I believe the only supported way to run Nano Server right now is to run it as an image inside a container. We will discuss both in more detail inside Chapter 11, Containers and Nano Server, but, for the purposes of this summary, it is safe to say that, if you know what containers are, and are interested in using them, then you will benefit from learning all there is to know about Nano Server. If you are not in a position to work with containers, you will probably never run into Nano Server in your environment.

Licensing models - SAC and LTSC

Another decision about how to set up your Windows Servers is what licensing/support model and release cadence you would like to follow. There are two different paths that you can take. It is possible to have a mix of these in a single environment, if you have need for both.

Semi-Annual Channel (SAC)

If you opt to run SAC releases of Windows Server, your naming convention for the operating system changes. Rather than calling it Server 2019, you are really running Windows Server 1803, 1809, and so on. It follows the same mentality that Windows 10 does. What that implies is that these new versions of Windows Server SAC are released at much shorter intervals than we have ever seen for servers in the past. The SAC channel is planned to receive two major releases every year—generally in the spring and the fall. Because of the fast release cadence, support for SAC versions of Windows Server lasts for a short 18 months. If you use SAC, you had better get used to always jumping on the latest version shortly after it releases.

If swapping out your server operating systems twice a year sounds daunting, you're not alone. Thankfully, Microsoft recognizes this and realizes that the general server administrator population is not going to use this model for their regular, everyday servers. Rather, SAC-versions of Windows Server are really only going to be used for running containers. In this new world of flexible application hosting, where applications are being written in ways that the infrastructure resources behind those applications can be spun up or spun down as needed, containers are a very important piece of that DevOps puzzle. If you host or build these kinds of applications, you will almost certainly be using containers—now or in the future. When you find yourself in the position of researching and figuring out containers, you will then probably find that the best way to accomplish a highly-performant container environment is by hosting it on SAC server releases.

Long-Term Servicing Channel (LTSC)

Some of you probably think that LTSC is a typo, as in previous years this model was called Long-Term Servicing Branch (LTSB). While you can go with either and people will generally know what you are talking about, LTSC is now the proper term.

Windows Server 2019 is an LTSC release. Essentially, LTSC releases are what we have always thought of as our traditional Windows Server operating system releases. Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, and now Server 2019 are all LTSC releases. What has changed is that the LTSC releases will now be coming with fewer things that are wow, that's so awesome and brand-new, because we will be seeing and getting hints about those brand new things as they are created and rolled out in a more short-term fashion through the SAC releases. So, your SAC releases will come out roughly every six months, and then every two to three years we will experience a new LTSC release that rolls up all of those changes.

While SAC is generally all about DevOps and containers, LTSC servers are for running pretty much everything else. You wouldn't want to install a domain controller, certificate server, or file server and have to replace that server every six months. So, for any of these scenarios, you will always look to LTSC.

One other major difference between the two is that, if you want to use the Desktop Experience version of Windows Server (having a graphical interface to interact with)—then you're looking at LTSC. The SAC versions of Windows Server do NOT include Desktop Experience—you are limited to only Server Core or Nano Server.

With LTSC versions of Windows Server, you continue to get the same support we are used to: five years of mainstream support followed by five years of available extended support.

Throughout this book, we will be working and gaining experience with Windows Server 2019 - LTSC release.

Overview of new and updated features

The newest version of the Windows Server operating system is always an evolution of its predecessor. There are certainly pieces of technology contained inside that are brand new, but there are even more places where existing technologies have been updated to include new features and functionality. Let's spend a few minutes providing an overview of some of the new capabilities that exist in Windows Server 2019.

The Windows 10 experience continued

Historically, a new release of any Microsoft operating system has meant learning a new user interface, but Server 2019 is the first exception to this rule. Windows 10's release gave us the first look at the current graphical platform, which then rolled into Windows Server 2016, and that was the first time we had seen the current interface on a server platform. Now that Windows 10 updates are releasing but continuing on with essentially the same desktop interface, the same is true for Server 2019. Logging in and using Windows Server 2019 is, in a lot of ways, the same experience that you have had inside Windows Server 2016. Even so, some reading this book have never experienced logging into a server of any kind before, and so we will certainly be looking over that interface, and learning some tips and tricks for navigating around smoothly and efficiently within Server 2019.

Hyper-Converged Infrastructure

When you see the phrase Hyper-Converged Infrastructure (HCI), it is important to understand that we are not talking about a specific technology that exists within your server environment. Rather, HCI is a culmination of a number of different technologies that can work together and be managed together, all for the purposes of creating the mentality of a Software-Defined Datacenter (SDDC as it is sometimes referred to). Specifically, HCI is most often referred to as the combination of Hyper-V and Storage Spaces Direct (S2D) on the same cluster of servers. Clustering these services together enables some big speed and reliability benefits over hosting these roles separately, and on their own systems.

Another component that is part of, or related to, a software-defined data center is Software Defined Networking (SDN). Similar to how compute virtualization platforms (like Hyper-V) completely changed the landscape of what server computing looked like ten or so years ago, we are now finding ourselves capable of lifting the network layer away from physical hardware, and shifting the design and administration of our networks to be virtual, and managed by Windows Server platform.

A newly available tool that helps configure, manage, and maintain clusters as well as HCI clusters is the new Windows Admin Center (WAC). WAC can be a hub from which to interface with your Hyper-Converged Infrastructure.

Windows Admin Center

Finally releasing in an official capacity, WAC is one of the coolest things I've seen yet as part of the Server 2019 release. This is a free tool, available to anyone, that you can use to start centrally managing your server infrastructure. While not fully capable of replacing all of the traditional PowerShell, RDP, and MMC console administration tools, it enables you to do a lot of normal everyday tasks with your servers, all from a single interface.

If this capability sounds at all familiar to you, it may be because you tested something called Project Honolulu at some point over the past year. Yes, Windows Admin Center is Project Honolulu, now in full production capacity.

We will take a closer look at the Windows Admin Center in Chapter 2, Installing and Managing Windows Server 2019.

Windows Defender Advanced Threat Protection

If you haven't done any reading on Advanced Threat Protection (ATP), you may see the words Windows Defender and assume I am simply talking about the antivirus/anti-malware capabilities that are now built into both Windows client operating systems, as well as Windows Servers starting with 2016. While it is true that Windows Server 2019 does come out of the box with built-in antivirus, the ATP service is much, much more.

We'll discuss it in more depth in Chapter 7, Hardening and Security, but the short summary is that Windows Defender Advanced Threat Protection is a cloud-based service that you tap your machines into. The power of ATP is that many thousands, or perhaps even millions, of devices are submitting data and creating an enormous information store that can then be used with some AI and machine learning to generate comprehensive data about new threats, viruses, and intrusions, in real time. ATP customers then receive the benefits of protection as those new threats arise. It's almost like crowd-sourced anti-threat capabilities, with Azure handling all of the backend processing.

Banned Passwords