Mastering Windows Server 2022 with Azure Cloud Services E-Book

Table of Contents

Cover

Title Page

Copyright

Dedication

About the Author

Acknowledgments

Introduction

Who Should Read This Book?

What's Inside?

Recommended Home Lab Setup

How to Contact Sybex or the Author

How to Contact the Publisher

Chapter 1: Understanding Windows Server 2022

Features and Advantages of Windows Server 2022

Deciding Which Windows Server 2022 Version to Use

Removed Features

The Bottom Line

Chapter 2: Understanding Virtualization

Introduction to Virtualization

The Bottom Line

Chapter 3: Installing and Configuring Hyper-V

Hyper-V Installation and Configuration

Configuring Virtual Machines

PowerShell Commands

The Bottom Line

Chapter 4: Installing Windows Server 2022

Installing the Windows Server 2022 OS

Activating and Servicing Windows

Configuring Windows Server Updates

Understanding Features On Demand

The Bottom Line

Chapter 5: Understanding IP

Understanding TCP/IP

Understanding IP Addressing

Subnetting a Network

Understanding IPv6

The Bottom Line

Chapter 6: Implementing DNS

Introducing DNS

Introducing DNS Database Zones

Advantages of DNS in Windows Server 2022

Introducing DNS Record Types

Configuring DNS

DNS PowerShell Commands

The Bottom Line

Chapter 7: Understanding Active Directory

Verifying the File System

Verifying Network Connectivity

Understanding Active Directory

Understanding Domain and Forest Functionality

Planning the Domain Structure

Installing Active Directory

Verifying Active Directory Installation

Creating and Configuring Application Data Partitions

Configuring DNS Integration with Active Directory

The Bottom Line

Chapter 8: Administering Active Directory

Active Directory Overview

An Overview of OUs

Planning the OU Structure

Creating OUs

Managing OUs

Creating and Managing Active Directory Objects

Publishing Active Directory Objects

PowerShell for Active Directory

The Bottom Line

Chapter 9: Configuring DHCP

Understanding DHCP

Installing and Authorizing DHCP

Creating and Managing DHCP Scopes

Working with Advanced DHCP Configuration Options

PowerShell Commands

The Bottom Line

Chapter 10: Building Group Policies

Introducing Group Policy

Planning a Group Policy Strategy

Implementing Group Policy

Managing Group Policy

The Bottom Line

Chapter 11: Advanced Group Policy Options

Deploying Software Through a GPO

Implementing Software Deployment

Configuring Software Deployment Settings

Troubleshooting Group Policies

The Bottom Line

Chapter 12: Understanding Cloud Concepts

Understand Cloud Concepts

Understanding the Difference between IaaS, PaaS, and SaaS

The Bottom Line

Chapter 13: Configuring Azure

Understanding Azure Benefits

Understanding the Azure Dashboards

The Bottom Line

Chapter 14: Understanding Azure Active Directory

Azure Active Directory

The Bottom Line

Chapter 15: Creating a Hybrid Network

Creating a Hybrid Network

Implement Active Directory Federation Services

Planning Azure AD Authentication Options

Creating an Azure Recovery Policy

The Bottom Line

Chapter 16: Understanding Microsoft Endpoint

Using Microsoft Endpoint Manager

Understanding AutoPilot

Planning for Secure Applications Data on Devices

The Bottom Line

Chapter 17: Configuring Security

Managing Windows Security

Configuring Windows Firewall

Managing Security

The Bottom Line

Chapter 18: Creating Azure Policies

Azure Devices and Policies

PowerShell Commands

The Bottom Line

Appendix: The Bottom Line

Chapter 1: Understanding Windows Server 2022

Chapter 2: Understanding Virtualization

Chapter 3: Installing and Configuring Hyper-V

Chapter 4: Installing Windows Server 2022

Chapter 5: Understanding IP

Chapter 6: Implementing DNS

Chapter 7: Understanding Active Directory

Chapter 8: Administering Active Directory

Chapter 9: Configuring DHCP

Chapter 10: Building Group Policies

Chapter 11: Advanced Group Policy Options

Chapter 12: Understanding Cloud Concepts

Chapter 13: Configuring Azure

Chapter 14: Understanding Azure Active Directory

Chapter 15: Creating a Hybrid Network

Chapter 16: Understanding Microsoft Endpoint

Chapter 17: Configuring Security

Chapter 18: Creating Azure Policies

Index

End User License Agreement

List of Tables

Chapter 1

TABLE 1.1: Windows Server 2022 Locks and Limits

TABLE 1.2: Windows Server 2022 Standard vs. Datacenter

TABLE 1.3: Windows Server 2022 Standard vs. Datacenter

TABLE 1.4: Supported Windows Server 2022 Upgrade Path Recommendations

TABLE 1.5: Features and Roles No Longer Being Developed

TABLE 1.6: Features No Longer Being Developed in Windows Server 2022

Chapter 2

TABLE 2.1: Hyper-V Guest Server Operating Systems

TABLE 2.2: Hyper-V Guest Client Operating Systems

Chapter 3

TABLE 3.1: Hardware Requirements for Hyper-V

TABLE 3.2: Virtual Hard Disks in Hyper-V

TABLE 3.3: Edit Disk Overview

TABLE 3.4: Hyper-V PowerShell commands

Chapter 4

TABLE 4.1:

Slmgr.vbs

Switches

TABLE 4.2: Windows Server 2022 AVMA Keys

TABLE 4.3: Servicing Models for Windows Server 2022

TABLE 4.4: Selected Registry keys and values for Automatic Updates

TABLE 4.5: WSUS administration commands

Chapter 5

TABLE 5.1: Common port numbers

TABLE 5.2: Network address classes

TABLE 5.3: Special network addresses

TABLE 5.4: Default subnet masks

TABLE 5.5: Setting up Class C subnets

TABLE 5.6: Fourth octet addresses for a Class C network with eight subnets

TABLE 5.7: IPv6 address space known prefixes and addresses

Chapter 6

TABLE 6.1: Common top-level DNS domains

TABLE 6.2: The SOA record structure

TABLE 6.3: The NS record structure

TABLE 6.4: The SRV record structure

TABLE 6.5: PowerShell Commands for DNS

Chapter 7

TABLE 7.1: Comparing domain functional levels

TABLE 7.2: Active Directory requirements

TABLE 7.3:

ntdsutil

domain management commands

Chapter 8

TABLE 8.1 Permissions of Active Directory objects

TABLE 8.2 PowerShell commands for Active Directory

Chapter 9

TABLE 9.1: DHCP PowerShell commands

Chapter 10

TABLE 10.1:

Auditpol.exe

switches

TABLE 10.2:

GPUpdate.exe

switches

Chapter 11

TABLE 11.1:

gpresult

switches

Chapter 12

TABLE 12.1: IaaS, PaaS, and SaaS Benefits and Features

Chapter 14

TABLE 14.1: Azure Roles

Chapter 15

TABLE 15.1: Common Identity Scenarios and Recommendations

TABLE 15.2: AD FS Endpoints

TABLE 15.3: AD FS Security Modes

TABLE 15.4: SAML-Supported Authentication Methods

TABLE 15.5: Support Upgrade Matrix for the AD FS Role in Windows Server 2022...

TABLE 15.6: Federation Metadata Fields

TABLE 15.7: :Transform Claims Rule Templates

TABLE 15.8: Settings Configured by Azure AD Connect

TABLE 15.9: Selecting a Source and Target Machine

TABLE 15.10: Selecting a Source and Target Machine

Chapter 16

TABLE 16.1: Microsoft 365 Plans

Chapter 17

TABLE 17.1: Common Port Numbers

Chapter 18

TABLE 18.1: PowerShell Commands for Azure Active Directory

List of Illustrations

Chapter 2

FIGURE 2.1 Hyper-V architecture

Chapter 3

FIGURE 3.1 Warning window that Hyper-V cannot be installed

FIGURE 3.2 Server Manager Add Features

FIGURE 3.3 Virtual Switch Screen

FIGURE 3.4 Hyper-V in Server Manager

FIGURE 3.5 Hyper-V Manager

FIGURE 3.6 Hyper-V Settings

FIGURE 3.7 Virtual Switch Manager

FIGURE 3.8 Virtual network card

FIGURE 3.9 In Disk Management, you can set disks as Offline.

FIGURE 3.10 The Edit Virtual Hard Disk Wizard

FIGURE 3.11 Hyper-V Manager

FIGURE 3.12 Specify Generation Screen

FIGURE 3.13 VM RAM

FIGURE 3.14 Configure Networking Page

FIGURE 3.15 Virtual Hard Disk Page

FIGURE 3.16 Installing OS screen

FIGURE 3.17 Completing the New Virtual Machine Wizard screen

FIGURE 3.18 Options available when right clicking a virtual machine

FIGURE 3.19 Delete Virtual Machine warning window

FIGURE 3.20 Virtual Machine Connection window when the machine is turned off...

Chapter 4

FIGURE 4.1 Windows Server 2022 Setup

FIGURE 4.2 Install Now Screen

FIGURE 4.3 Windows Server Edition

FIGURE 4.4 Windows Server Installation

FIGURE 4.5 Installing Windows screen

FIGURE 4.6 Customize Settings screen

FIGURE 4.7 Windows Server Manager Dashboard

FIGURE 4.8 Windows Server Edition

FIGURE 4.9 Change Password Screen

FIGURE 4.10 Password Changed Screen

FIGURE 4.11 Server Core Command Prompt

FIGURE 4.12 Server Core Sconfig Command

FIGURE 4.13 Windows Update control panel

FIGURE 4.14 Seeing the Update Status

FIGURE 4.15 The Restart Now button

FIGURE 4.16 Viewing your Update History

FIGURE 4.17 Viewing Advanced Options

FIGURE 4.18 Choosing to Install WSUS

FIGURE 4.19 Select Role Screen

FIGURE 4.20 Content Location Selection screen

FIGURE 4.21 Confirmation Screen

FIGURE 4.22 Status Screen

FIGURE 4.23 Status Screen

FIGURE 4.24 Administrative Tools

FIGURE 4.25 Connect to Upstream Server screen

FIGURE 4.26 Choose Products screen

Chapter 5

FIGURE 5.1 TCP/IP model

FIGURE 5.2 TCP/IP process

FIGURE 5.3 A sample subnet

FIGURE 5.4 Network vs. host addresses

FIGURE 5.5 The network address and its subnet

FIGURE 5.6 The subnet mask revealed

FIGURE 5.7 Different ways to represent the same mask

FIGURE 5.8 Applying the subnet mask

FIGURE 5.9 Converting the subnet mask to decimal

FIGURE 5.10 An example of a smaller subnet address

FIGURE 5.11 Will Panek's IPv4 subnetting chart

FIGURE 5.12 Subnet mask represented by 1s

FIGURE 5.13 IPv4/IPv6 comparison

FIGURE 5.14 TCP/IPv6 Properties window

FIGURE 5.15 IPv6 configuration as seen from the command prompt

FIGURE 5.16 IPv6 dual IP layer diagram

FIGURE 5.17 IPv6 interface identifier for

ipconfig

display

Chapter 6

FIGURE 6.1 HOSTS file

FIGURE 6.2 The DNS hierarchy

FIGURE 6.3 Setting the Dynamic Updates option

FIGURE 6.4 DHCP settings for DNS

FIGURE 6.5 A sample DNS query

FIGURE 6.6 Setting up an Active Directory Integrated zone

FIGURE 6.7 DNS stub zone type

FIGURE 6.8 DNS Notify dialog box

FIGURE 6.9 DNS Zone Transfers tab

FIGURE 6.10 DNS zone replication scope

FIGURE 6.11 The Root Hints tab of the DNS server's Properties dialog box

FIGURE 6.12 The Start Of Authority (SOA) tab of the zone Properties dialog b...

FIGURE 6.13 The Name Servers tab of the zone Properties dialog box

Chapter 7

FIGURE 7.1 Format options on Windows Server 2022

FIGURE 7.2 Disk Management

FIGURE 7.3 Viewing TCP/IP information with the

ipconfig

utility

FIGURE 7.4 New Forest screen

FIGURE 7.5 New Forest screen

FIGURE 7.6 Domain Controller Options

FIGURE 7.7 Review Options screen

FIGURE 7.8 Prerequisites Check screen

FIGURE 7.9 Viewing Active Directory information using the Active Directory U...

FIGURE 7.10 General Tab of DNS zone properties

Chapter 8

FIGURE 8.1 Active Directory OUs

FIGURE 8.2 Mapping a business organization to an OU structure

FIGURE 8.3 A geographically based OU structure

FIGURE 8.4 New OU dialog box

FIGURE 8.5 The General tab of the OU's Properties dialog box

FIGURE 8.6 The Managed By tab of the OU's Properties dialog box

FIGURE 8.7 User Properties

FIGURE 8.8 New Group dialog box

FIGURE 8.9 The Filter Options dialog box

FIGURE 8.10 Advanced Features in the

System

folder of the Active Directory U...

Chapter 9

FIGURE 9.1 Choosing DHCP

FIGURE 9.2 DHCP snap-in

FIGURE 9.3 Choosing Authorize

FIGURE 9.4 Choosing Unauthorize

FIGURE 9.5 Welcome page of the New Scope Wizard

FIGURE 9.6 IP Address Range page of the New Scope Wizard

FIGURE 9.7 Add Exclusions And Delay page of the New Scope Wizard

FIGURE 9.8 Lease Duration page of the New Scope Wizard

FIGURE 9.9 Configure DHCP Options page of the New Scope Wizard

FIGURE 9.10 Router (Default Gateway) page of the New Scope Wizard

FIGURE 9.11 Domain Name And DNS Servers page of the New Scope Wizard

FIGURE 9.12 WINS Servers page of the New Scope Wizard

FIGURE 9.13 Activate Scope page of the New Scope Wizard

FIGURE 9.14 IPv6 Scope Name page of the New Scope Wizard

FIGURE 9.15 Scope Prefix page of the New Scope Wizard

FIGURE 9.16 General tab of the scope's Properties dialog box for an IPv4 sco...

FIGURE 9.17 General tab of the IPv4 Properties dialog box for the server

FIGURE 9.18 Advanced tab of the IPv4 Properties dialog box for the server

FIGURE 9.19 New Reservation dialog boxes for IPv4 and IPv6

FIGURE 9.20 DNS tab of the scope's IPv4 Properties dialog box

Chapter 10

FIGURE 10.1 Group Policy configuration settings

FIGURE 10.2 Group Policy options

FIGURE 10.3 Viewing GPO links to an Active Directory OU

FIGURE 10.4 A GPO's Security Settings dialog box

FIGURE 10.5 Setting the Enforced GPO option

FIGURE 10.6 Viewing Startup/Shutdown script policy settings

FIGURE 10.7 Setting scripting options

FIGURE 10.8 Viewing Group Policy User network configuration options

Chapter 11

FIGURE 11.1 Viewing the properties of an MSI package file

FIGURE 11.2 Deployment tab of the Software Installation Properties dialog bo...

FIGURE 11.3 Advanced Deployment dialog box

FIGURE 11.4 The Categories tab of the Software Installation Properties dialo...

FIGURE 11.5 Removing a software package

FIGURE 11.6 The Computer Selection page of the Group Policy Results Wizard

FIGURE 11.7 The User Selection page of the Group Policy Results Wizard

FIGURE 11.8 The Summary Of Selections page of the Group Policy Results Wizar...

FIGURE 11.9 The User Selection page for the administrator on computer WinSRV...

FIGURE 11.10 The Details tab of the object's Properties window

FIGURE 11.11 The Infrastructure Dashboard

Chapter 13

FIGURE 13.1 Azure Dashboard

FIGURE 13.2 New Azure Dashboard

FIGURE 13.3 Naming New Azure Dashboard

FIGURE 13.4 Edit Dashboard

FIGURE 13.5 Tile Gallery

FIGURE 13.6 Save Tile Gallery

FIGURE 13.7 Resource Groups Page

FIGURE 13.8 Pin to Dashboard

FIGURE 13.9 Copying a Tile

FIGURE 13.10 Configure Tile Size

FIGURE 13.11 Auto Refresh and Time Settings

FIGURE 13.12 Filter Icon

FIGURE 13.13 Configure Tile Settings

FIGURE 13.14 Override the Dashboard Time Settings at the Tile Level

FIGURE 13.15 Configure Tile Settings

FIGURE 13.16 Editing Tile Settings

FIGURE 13.17 Remove From Dashboard Settings

FIGURE 13.18 Browse All Dashboards

FIGURE 13.19 Delete the Dashboard

FIGURE 13.20 Azure Portal Settings

FIGURE 13.21 Switching Directories

FIGURE 13.22 Enabling Advanced Filters

FIGURE 13.23 Advanced Filters Options

FIGURE 13.24 Create a Filter option

FIGURE 13.25 Operator Value Screen

FIGURE 13.26 Appearance + Startup Views Screen

FIGURE 13.27 Startup Views Screen

FIGURE 13.28 Language + Region Pane

FIGURE 13.29 My Information pane

FIGURE 13.30 Signing Out + Notifications pane

FIGURE 13.31 Inactive Signing Out Settings

Chapter 14

FIGURE 14.1 Viewing Azure AD Dashboard

FIGURE 14.2 Viewing User Section

FIGURE 14.3 Viewing Group Section

FIGURE 14.4 Viewing the Settings Section of External Identities

FIGURE 14.5 Roles and Administrators Section

FIGURE 14.6 Viewing the Azure AD Connect Section

FIGURE 14.7 Viewing the Custom Domain Names section

FIGURE 14.8 Mobility (MDM and MAM) screen

FIGURE 14.9 Setting the Self-Service Password Reset

FIGURE 14.10 Conditional Access Policies section

Chapter 15

FIGURE 15.1 Example of a forest

FIGURE 15.2 Azure AD Connect Express

FIGURE 15.3 Azure AD Connect user Sign-in options

FIGURE 15.4 Multi-Factor Authentication Methods

FIGURE 15.5 Enable Self-Service Password Reset

FIGURE 15.6

Get-MsolDirSyncFeatures

Screen

Chapter 16

FIGURE 16.1 Autopilot Deployment

FIGURE 16.2 Configure Windows Information Protection Settings

FIGURE 16.3 System Center Configuration Manager console

FIGURE 16.4 Create Configuration Item Wizard

FIGURE 16.5 Create Configuration Item Wizard - Supported Platforms

FIGURE 16.6 Create Configuration Item Wizard - Device Settings

FIGURE 16.7 Create Configuration Item Wizard - Add App Rule

Chapter 17

FIGURE 17.1 Windows Security dialog box

FIGURE 17.2 Windows Defender Security Center

FIGURE 17.3 Run A New Advanced Scan link

FIGURE 17.4 Advanced Scans options

FIGURE 17.5 Windows Firewall settings dialog box

FIGURE 17.6 Windows Firewall With Advanced Security settings

FIGURE 17.7 Inbound rules

FIGURE 17.8 An inbound rule's Properties dialog box

FIGURE 17.9 Inbound rules

FIGURE 17.10 Installing Windows Defender Application Guard

FIGURE 17.11 Opening PowerShell as an administrator

FIGURE 17.12 New Application Guard Window option

FIGURE 17.13 Application Guard Starting Screen

FIGURE 17.14 Microsoft's website in Application Guard mode

FIGURE 17.15 Network Isolation GPO

FIGURE 17.16 Turn On Windows Defender Application Guard In Enterprise Mode s...

FIGURE 17.17 Turn On Virtualization Based Security setting

FIGURE 17.18 Turn On Ransomware setting

FIGURE 17.19 Protected Folders screen

FIGURE 17.20 Allow An App Through Controlled Folder Access screen

FIGURE 17.21 Virus and Threat Warning screen

FIGURE 17.22 Windows Defender SmartScreen

Chapter 18

FIGURE 18.1 Conditional Access Policies section

FIGURE 18.2 Devices Overview page

Guide

Cover

Title Page

Copyright

Dedication

About the Author

Acknowledgments

Introduction

Table of Contents

Begin Reading

Appendix: The Bottom Line

Index

End User License Agreement

Pages

iii

iv

v

vii

ix

xxi

xxii

xxiii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

Mastering Windows Server® 2022 with Azure Cloud Services

IaaS, PaaS, and SaaS

Copyright © 2023 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.Published simultaneously in Canada and the United Kingdom.

ISBN: 978-1-119-79892-7ISBN: 978-1-119-79909-2 (ebk.)ISBN: 978-1-119-79893-4 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Trademarks: WILEY, the Wiley logo, Sybex, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Microsoft and Windows Server are registered trademarks of the Microsoft group of companies. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. Mastering Windows Server 2022 with Azure Cloud Services is an independent publication and is neither affiliated with, nor authorized, sponsored, or approved by, Microsoft Corporation.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2021947073

Cover image: © Getty Images, Inc./Thomas NorthcuttCover design: Wiley

This book is dedicated to the three ladies of my life: Crystal, Alexandria, and Paige.

This book is also dedicated to a great man and friend, Doug Bassett. Doug has been a coworker and Technical Editor on many of my books. Unfortunately, my friend, passed away before this book was released. He was an incredible person and one of the best IT Trainers that I have ever worked with. His friendship will be missed greatly.

About the Author

William Panek holds the following certifications: MCP, MCP+I, MCSA, MCSA+ Security and Messaging, MCSE-NT (3.51 & 4.0), MCSE 2000, 2003, 2012/2012 R2, MCSE+Security and Messaging, MCDBA, MCT, MCTS, MCITP, CCNA, CCDA, and CHFI. Will is also a five-time Microsoft MVP winner.

After many successful years in the computer industry, Will decided that he could better use his talents and his personality as an instructor. He began teaching for schools such as Boston University and the University of Maryland, just to name a few. He has done consulting and training for some of the biggest government and corporate companies in the world including the United States Secret Service, Cisco, United States Air Force, and US Army.

Will currently lives in New Hampshire with his wife and two daughters. Will was also a Representative in the New Hampshire House of Representatives from 2010 to 2012. In his spare time, he likes to do blacksmithing, golfing, and riding his Harley. Will is also a commercially rated helicopter pilot.

Acknowledgments

I would like to thank my wife and best friend, Crystal. She is always the light at the end of my tunnel. I want to thank my two daughters, Alexandria, and Paige, for all of their love and support during the writing of all my books. The three of them are my support system and I couldn't do any of this without them.

I want to thank all of my family and friends who always help me when I'm writing my books. I want to thank my brothers Rick, Gary, and Rob. I want to thank my father for all of his love and support.

I want to thank everyone on my Sybex team, especially my development editor Kim Wimpsett, who helped me make this the best book possible.

I want to also thank Doug Bassett, who has been the technical editor of many of my books. Doug has been a really great friend and he always inspired me to be the best I could be.

Finally, I want to thank everyone else behind the scenes at Sybex that helped make this book possible. It's truly an amazing thing to have so many people work on my books to help make them the very best. I can't thank you all enough for your hard work.

Introduction

This book is drawn from more than 30 years of IT experience. I have taken that experience and translated it into a Windows Server 2022 book that will help you install and configure Windows Server 2022 while avoiding all of the possible configuration pitfalls.

Many Microsoft books just explain the Windows operating system, but I go a step further by providing many in-depth, step-by-step procedures to support my explanations of how the operating system performs at its best.

Microsoft Windows Server 2022 is the newest version of Microsoft's server operating system software. Microsoft has taken the best of their previous Windows Server versions and combined them into the latest creation, Windows Server 2022.

Windows Server 2022 eliminates many of the problems that plagued the previous versions of Windows Server, and it includes a much faster boot time and shutdown. It is also easier to install and configure, and it barely stops to ask the user any questions during installation. In this book, I will show you what features are installed during the automated installation and where you can make changes if you need to be more in charge of your operating system and its features.

This book takes you through all the ins and outs of Windows Server 2022, including installation, configuration, Group Policy objects, auditing, backups, the cloud, and so much more.

Windows Server 2022 has improved on Microsoft's desktop environment, made networking easier, enhanced searching capability, and improved performance—and that's only scratching the surface.

When all is said and done, this is a technical book for IT professionals who want to take Windows Server 2022 to the next step. With this book, you will not only learn Windows Server 2022, but you will also become a Windows Server 2022 expert.

Who Should Read This Book?

This book is intended for individuals who want to learn about Windows Server 2022 and connecting that network to the cloud.

This book will not only help anyone who is looking to learn the real ins and outs of the Windows Server 2022 operating system but it will also show you how to connect the Windows Server 2022 network to the cloud.

What's Inside?

Here is a glance at what's in each chapter:

Chapter 1

: Understanding Windows Server 2022

  In the first chapter, I explain the requirements and steps required to install and configure Windows Server 2022.

Chapter 2

: Understanding Virtualization

  This chapter will introduce you to virtual networking, virtual hard disks, migration types, and Integration Services.

Chapter 3

: Installing and Configuring Hyper-V

  This chapter will show you the virtualization requirements, understand how to build virtual machines, and know the different ways to build virtual machines.

Chapter 4

: Installing Windows Server 2022

  This chapter will show you how to implement and configure Windows Server 2022. You will learn about the different ways and different versions of Windows Server 2022.

Chapter 5

: Understanding IP

  In the chapter, I show you how TCP/IP gets configured on a server and within a network. I also show you how to subnet an IPv4 network. I also show you how to work with IPv6.

Chapter 6

: Implementing DNS

  This chapter shows you how to install Windows Server 2022 DNS in an enterprise environment.

Chapter 7

: Understanding Active Directory

  In this chapter I will explain the benefits of using Active Directory. I will explain how Forests, Trees, and Domains work and I will also show you how to install Active Directory.

Chapter 8

: Administering Active Directory

  This chapter shows you how to create accounts in Active Directory. I will show you how to do bulk imports into Active Directory and also how to create and manage groups. I will also show you how to create and manage service accounts.

Chapter 9

: Configuring DHCP

  I take you through the advantages and benefits of using Windows Server 2022 Dynamic Host Configuration Protocol (DHCP).

Chapter 10

: Building Group Policies

  This chapter will show you how to implement and configure Group Policy Objects (GPOs).

Chapter 11

: Advanced Group Policy Options

  This chapter shows you how to use GPOs to deploy and manage software applications. I will also show you how to lock applications down by using GPOs.

Chapter 12

: Understanding Cloud Concepts

  I take you through the advantages and benefits of using and understanding cloud concepts.

Chapter 13

: Configuring Azure

  This chapter will show you the benefits of understanding and using Azure. I will show you how to use the Azure portal and dashboard to configure Azure options.

Chapter 14

: Understanding Azure Active Directory

  In this chapter, I will dive into the world of Azure Active Directory. Azure Active Directory is Azure's database for controlling the Azure environment.

Chapter 15

: Creating a Hybrid Network

  In this chapter, I will show you how to connect your on-site domain to Azure using Azure AD Connect. I will also show you how to set up and manage this connection.

Chapter 16

: Understanding Microsoft Endpoint

  In this chapter, I will talk about the benefits of using Microsoft Endpoint and the tools and applications that will help IT administrators manage their software and applications.

Chapter 17

: Configuring Security

  In this chapter, I am also going to talk about defending your Windows systems by using the built-in security features called Windows Defender Security Center. I will show you the different ways that you can protect your system using the Defender Security Center options.

Chapter 18

: Creating Azure Policies

  In this chapter, I will discuss how to set up and configure Azure policies. Setting up Azure policies will allow administrators to set rules on how users and devices connect to your Azure network.

Recommended Home Lab Setup

To get the most out of this book, you will want to make sure you complete the exercises throughout the chapters. To complete the exercises, you will need one of two setups. First, you can set up a machine with Windows Server 2022 and complete the labs using a regular Windows Server 2022 machine.

The second way to set up Windows Server 2022 (the way I set up Server 2022) is by using virtualization. I set up Windows Server 2022 as a virtual hard disk (VHD), and I did all the labs this way. The advantages of using virtualization are that you can always just wipe out the system and start over without losing a real server. Plus, you can set up multiple virtual servers and create a full lab environment on one machine.

How to Contact Sybex or the Author

Sybex strives to keep you supplied with the latest tools and information you need for your work. Please check the website at www.wiley.com, where I'll post additional content and updates that supplement this book should the need arise.

You can contact me by going to my website at www.willpanek.com. You can also watch free videos on Microsoft networking at www.youtube.com/c/williampanek.

How to Contact the Publisher

If you believe you have found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”

Chapter 1Understanding Windows Server 2022

So, you have decided to start down the track of Windows Server 2022. The first question we must ask ourselves is what's the first step? Well, the first step is to learn about what's new about the Windows Server 2022 features and benefits that are available and how these features can help improve your organization's network.

So that's where I am going to start. I will talk about the different Windows Server 2022 versions and what version may be best for you. So, let's dive right into the server by talking about some of the features and advantages of Windows Server 2022.

IN THIS CHAPTER YOU'LL LEARN

Understand the roles and features in Windows Server 2022

Understand the different versions of Windows Server 2022

Know the features and roles that have been removed

Features and Advantages of Windows Server 2022

Before deciding to install and configure Windows Server 2022, it’s first important to learn about some of the features and the advantages it offers. Windows Server 2022 is built off of the solid foundation of Windows Server 2016, but Microsoft has stated that Windows Server 2022 is “The cloud-ready operating system.” This means that many of the features of Windows Server 2022 are built and evolve around cloud-based software and networking.

I will talk about all of these features in greater detail throughout this book. What follows are merely brief descriptions of some of the features of Windows Server 2022.

Built-in Security

  Microsoft has always tried to make sure that their operating systems are as secure as possible but with Windows Server 2022, Microsoft has included Windows Defender Advanced Threat Protection (ATP). This feature helps stop attackers on your system and allows a company to meet any compliance requirements.

Active Directory Certificate Services

Active Directory Certificate Services (AD CS)

provides a customizable set of services that allow you to issue and manage

public key infrastructure (PKI) certificates

. These certificates can be used in software security systems that employ public key technologies.

Active Directory Domain Services

Active Directory Domain Services (AD DS)

includes new features that make deploying domain controllers simpler and that let you implement them faster. AD DS also makes the domain controllers more flexible, both to audit and to authorize for access to files. Moreover, AD DS has been designed to make performing administrative tasks easier through consistent graphical and scripted management experiences.

Active Directory Federation Services

Active Directory Federation Services (AD FS)

provides Internet-based clients with a secure identity access solution that works on both Windows and non-Windows operating systems. AD FS gives users the ability to do a

single sign-on (SSO)

and access applications on other networks without needing a secondary password. Federation Services is one of the ways that you can connect your on-site domain with the cloud.

Active Directory Lightweight Directory Services

Active Directory Lightweight Directory Services (AD LDS)

is a

Lightweight Directory Access Protocol (LDAP)

directory service that provides flexible support for directory-enabled applications, without the dependencies and domain-related restrictions of AD DS.

Active Directory Rights Management Services

Active Directory Rights Management Services (AD RMS)

provides management and development tools that let you work with industry security technologies, including encryption, certificates, and authentication. Using these technologies allows organizations to create reliable information protection solutions.

Application Server

Application Server

provides an integrated environment for deploying and running custom, server-based business applications.

BitLocker

BitLocker

is a tool that allows you to encrypt the hard drives of your computer. By encrypting the hard drives, you can provide enhanced protection against data theft or unauthorized exposure of your computers or removable drives that are lost or stolen.

BranchCache

BranchCache

allows data from files and web servers on a wide area network (WAN) to be cached on computers at a local branch office. By using BranchCache, you can improve application response times while also reducing WAN traffic. Cached data can be either distributed across peer client computers (distributed cache mode) or centrally hosted on a server (hosted cache mode). BranchCache is included with Windows Server 2022 and Windows 10 / Windows 11.

Containers

  Windows Server 2022 has started focusing on an isolated operating system environment called Dockers. Dockers allow applications to run in isolated environments called containers. Containers are separate locations where applications can operate without affecting other applications or other operating system resources. To understand Dockers and containers, think of virtualization.

Virtual machines are operating systems that run in their own space on top of another operating system. Dockers and containers allow an application to run in its own space and because of this, it doesn't affect other applications. There are two different types of containers to focus on:

Windows Server Containers

  Windows Server 2022 allows for an isolated application to run by using a technology called process and namespace isolation. Windows Server 2022 containers allow applications to share the system's kernel with their container and all other containers running on the same host.

Hyper-V Containers

  Windows Server 2022 Hyper-V containers add another virtual layer by isolating applications in their own optimized virtual machine. Hyper-V containers work differently than Windows Server containers in the fact that the Hyper-V containers do not share the system's kernel with other Hyper-V containers.

Credential Guard

  Credential Guard helps protect a system's credentials and this helps avoid pass the hash attacks. Credential Guard offers better protection against advanced persistent threats by protecting credentials on the system from being stolen by a compromised administrator or malware.

Credential Guard can also be enabled on Remote Desktop Services servers and Virtual Desktop Infrastructure so that the credentials for users connecting to their sessions are protected.

DHCP

Dynamic Host Configuration Protocol (DHCP)

is an Internet standard that allows organizations to reduce the administrative overhead of configuring hosts on a TCP/IP-based network. Some of the features are DHCP failover, policy-based assignment, and the ability to use Windows PowerShell for DHCP Server.

DNS

Domain Name System (DNS)

services are used in TCP/IP networks. DNS will convert a computer name or fully qualified domain name (FQDN) to an IP address. DNS also has the ability to do a reverse lookup and convert an IP address to a computer name. DNS allows you to locate computers and services through user-friendly names.

Failover Clustering

Failover Clustering

gives an organization the ability to provide high availability and scalability to networked servers. Failover clusters can include file share storage for server applications, such as Hyper-V and Microsoft SQL Server, and for applications that run on physical servers or virtual machines.

File Server Resource Manager

File Server Resource Manager

is a set of tools that allows administrators to manage and control the amount and type of data stored on the organization's servers. By using File Server Resource Manager, administrators have the ability to set up file management tasks, use quota management, get detailed reports, set up a file classification infrastructure, and configure file-screening management.

File and Storage Services

File and Storage Services

allows an administrator to set up and manage one or more file servers. These servers can provide a central location on your network where you can store files and then share those files with network users. If users require access to the same files and applications or if centralized backup and file management are important issues for an organization, administrators should set up network servers as a file server.

Group Policy

Group policies

are a set of rules and management configuration options that you can control through the Group Policy settings. These policy settings can be placed on users' computers throughout the organization.

Hyper-V

Hyper-V

is one of the most changed features in Windows Server 2022. Hyper-V allows an organization to consolidate servers by creating and managing a virtualized computing environment. It does this by using virtualization technology that is built into Windows Server 2022.

Hyper-V allows you to run multiple operating systems simultaneously on one physical computer. Each virtual operating system runs in its own virtual machine environment.

Windows Server 2022 Hyper-V now allows an administrator to protect their corporate virtual machines using the feature called Shielded Virtual Machine. Shielded Virtual Machines are encrypted using BitLocker and the VMs can only run-on approved Hyper-V host systems.

Hyper-V also now includes a feature called containers. Containers add a new unique additional layer of isolation for and containerized applications.

IPAM

IP Address Management (IPAM)

is one of the features first introduced with Windows Server. IPAM allows an administrator to customize and monitor the IP address infrastructure on a corporate network.

Kerberos Authentication

  Windows Server 2022 uses the

Kerberos authentication

protocol and extensions for password-based and public key authentication. The Kerberos client is installed as a

security support provider (SSP)

, and it can be accessed through the

Security Support Provider Interface (SSPI)

.

Managed Service Accounts

  Stand-alone

managed service accounts

, originally created for Windows Server 2008 R2 and Windows 7, are configured domain accounts that allow automatic password management and

service principal names

(SPNs) management, including the ability to delegate management to other administrators.

Nested Virtualization

  Windows Server 2016 introduced a new Hyper-V feature called Nested Virtualization. Nested Virtualization allows administrators to create virtual machines within virtual machines. As an instructor, this was an awesome new feature. Now I can build a Windows Server 2022 Hyper-V Server with a training virtual machine. Then when I get to the part when I need to teach Hyper-V, I can just do that right in the classroom virtual machine. There are numerous possibilities and we will talk more about them throughout this book.

Nano Server

  Windows Server 2016 introduced a brand new type of server installation called Nano Server. Nano Server requires an administrator to remotely administer the server operating system. It was primarily designed and optimized for private clouds and datacenters. Nano Server is very similar to Server Core, but the Nano Server operating system uses significantly smaller hard drive space, has no local logon capability, and only supports 64-bit applications and tools.

Networking

  There are many networking technologies and features in Windows Server 2022, including BranchCache, Data Center Bridging (DCB), NIC Teaming, and many more.

Network Load Balancing

  The

Network Load Balancing (NLB)

feature dispenses traffic across multiple servers by using the TCP/IP networking protocol. By combining two or more computers that are running applications in Windows Server 2022 into a single virtual cluster, NLB provides reliability and performance for mission-critical servers.

Network Policy and Access Services

  Use the

Network Policy Server (NPS) and Access Services

server role to install and configure

Network Access Protection (NAP)

, secure wired and wireless access points, and RADIUS servers and proxies.

Print and Document Services

Print and Document Services

allows an administrator to centralize print server and network printer tasks. This role also allows you to receive scanned documents from network scanners and route the documents to a shared network resource, Windows SharePoint Services site, or email addresses. Print and Document Services also provides fax servers with the ability to send and receive faxes while also giving the administrator the ability to manage fax resources such as jobs, settings, reports, and fax devices on the fax server.

PowerShell Direct

  Windows Server 2016 included a new simple way to manage Hyper-V virtual machines called PowerShell Direct. PowerShell Direct is a powerful set of parameters for the PSSession cmdlet called VMName. This will be discussed in greater detail in the Hyper-V chapters and it is included with Windows Server 2022.

Remote Desktop Services

  Before Windows Server 2008, we used to refer to this as Terminal Services.

Remote Desktop Services

allows users to connect to virtual desktops, RemoteApp programs, and session-based desktops. Using Remote Desktop Services allows users to access remote connections from within a corporate network or from the Internet.

Security Auditing

Security auditing

gives an organization the ability to help maintain the security of an enterprise. By using security audits, you can verify authorized or unauthorized access to machines, resources, applications, and services. One of the best advantages of security audits is to verify regulatory compliance.

Smart Cards

  Using

smart cards

(referred to as

two-factor authentication

) and their associated

personal identification numbers (PINs)

is a popular, reliable, and cost-effective way to provide authentication. When using smart cards, the user not only must have the physical card but also must know the PIN to be able to gain access to network resources. This is effective because even if the smart card is stolen, thieves can't access the network unless they know the PIN.

Software Defined Networking

  Software Defined Networking (SDN) allows an administrator to centrally configure and manage their physical and virtual network devices. These devices include items such as routers, switches, and gateways in your datacenter.

Telemetry

  The

Telemetry

service allows the Windows Feedback Forwarder to send feedback to Microsoft automatically by deploying a Group Policy setting to one or more organizational units. Windows Feedback Forwarder is available on all editions of Windows Server 2022, including Server Core.

TLS/SSL (Schannel SSP)

Schannel

is a security support provider (SSP) that uses the

Secure Sockets Layer (SSL)

and

Transport Layer Security (TLS)

Internet standard authentication protocols together. The Security Support Provider Interface is an API used by Windows systems to allow security-related functionality, including authentication.

Volume Activation

  Windows Server 2022

Volume Activation

will help your organization benefit from using this service to deploy and manage volume licenses for a medium to large number of computers.

Web Server (IIS)

  The

Web Server (IIS)

role in Windows Server 2022 allows an administrator to set up a secure, easy-to-manage, modular, and extensible platform for reliably hosting websites, services, and applications.

Windows Deployment Services

Windows Deployment Services

allows an administrator to install Windows operating systems remotely. Administrators can use Windows Deployment Services to set up new computers by using a network-based installation.

Windows PowerShell Desired State Configuration

  Windows Server 2016 created a new PowerShell management platform called Windows PowerShell Desired State Configuration (DSC). DSC enables the deployment and management of configuration data for software services and it also helps manage the environment in which these services run.

DSC allows administrators to use Windows PowerShell language extensions along with new Windows PowerShell cmdlets and resources. DSC allows you to declaratively specify how a corporation wants their software environment to be configured and maintained.

DSC allows you to automate tasks like enabling or disabling server roles and features, manage registry settings, manage files and directories, manage groups and users, deploy software, and run PowerShell scripts to just name a few.

Windows Server Backup Feature

  The

Windows Server Backup

feature gives an organization a way to back up and restore Windows servers. You can use Windows Server Backup to back up the entire server (all volumes), selected volumes, the system state, or specific files or folders.

Windows Server Update Services

Windows Server Update Services (WSUS)

allows administrators to deploy application and operating system updates. By deploying WSUS, administrators have the ability to manage updates that are released through Microsoft Windows Update to computers in their network. This feature is integrated with the operating system as a server role on a Windows Server 2022 system.

Deciding Which Windows Server 2022 Version to Use

You may be wondering which version of Windows Server 2022 is best for your organization. After all, Microsoft offers the following four versions of Windows Server 2022.

Windows Server 2022 Datacenter

  This version is designed for organizations that are looking to migrate to a highly virtualized, private cloud environment. Windows Server 2022 Datacenter has full Windows Server functionality with unlimited virtual instances.

Windows Server 2022 Standard

  This version is designed for organizations with physical or minimally virtualized environments. Windows Server 2022 Standard has full Windows Server functionality with two virtual instances.

Windows Server 2022 Datacenter: Azure Edition

  Windows Server Azure Edition is a Windows Server version designed specifically to operate either as an Azure IaaS VM or as a VM on an Azure Stack HCI cluster.

Windows Server 2022 Essentials

  This version is ideal for small businesses that have as many as 25 users and 50 devices. Windows Server 2022 Essentials has a simpler interface and preconfigured connectivity to cloud-based services but no virtualization rights.

Table 1.1 will show you the locks and limitations of Windows Server 2022 Standard and Windows Server 2022 Datacenter. This chart was taken directly from Microsoft's website.

TABLE 1.1: Windows Server 2022 Locks and Limits

LOCKS AND LIMITS

WINDOWS SERVER 2022 STANDARD

WINDOWS SERVER 2022 DATACENTER

Maximum number of users

Based on CALs

Based on CALs

Maximum SMB connections

16,777,216

16,777,216

Maximum RRAS connections

unlimited

unlimited

Maximum IAS connections

2,147,483,647

2,147,483,647

Maximum RDS connections

65,535

65,535

Maximum number of 64-bit sockets

64

64

Maximum number of cores

unlimited

unlimited

Maximum RAM

24 TB

24 TB

Can be used as virtualization guest

Yes, 2 virtual machines, plus one Hyper-V host per license

Yes, unlimited virtual machines, plus one Hyper-V host per license

Server can join a domain

yes

yes

Edge network protection/firewall

no

no

DirectAccess

yes

yes

DLNA codecs and web media streaming

Yes, if installed as Server with Desktop Experience

Yes, if installed as Server with Desktop Experience

Table 1.2 shows you the difference between Windows Server 2022 Standard vs. Windows Server 2022 Datacenter. This chart was taken directly from Microsoft's website.

TABLE 1.2: Windows Server 2022 Standard vs. Datacenter

WINDOWS SERVER ROLES AVAILABLE

WINDOWS SERVER 2022 STANDARD

WINDOWS SERVER 2022 DATACENTER

Active Directory Certificate Services

Yes

Yes

Active Directory Domain Services

Yes

Yes

Active Directory Federation Services

Yes

Yes

AD Lightweight Directory Services

Yes

Yes

AD Rights Management Services

Yes

Yes

Device Health Attestation

Yes

Yes

DHCP Server

Yes

Yes

DNS Server

Yes

Yes

Fax Server

Yes

Yes

File and Storage Services

Yes

Yes

Host Guardian Service

Yes

Yes

Hyper-V

Yes

Yes, including Shielded Virtual Machines

Network Controller

No

Yes

Network Policy and Access Services

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

Print and Document Services

Yes

Yes

Remote Access

Yes

Yes

Remote Desktop Services

Yes

Yes

Volume Activation Services

Yes

Yes

Web Services (IIS)

Yes

Yes

Windows Deployment Services

Yes

Yes

Windows Server Essentials Experience

No

No

Windows Server Update Services

Yes

Yes

Table 1.3 will show you the features of Windows Server 2022 Standard and Windows Server 2022 Datacenter. This chart was taken directly from Microsoft's website.

TABLE 1.3: Windows Server 2022 Standard vs. Datacenter

WINDOWS SERVER FEATURES INSTALLABLE WITH SERVER MANAGER (OR POWERSHELL)

WINDOWS SERVER 2022 STANDARD

WINDOWS SERVER 2022 DATACENTER

.NET Framework 3.5

Yes

Yes

.NET Framework 4.7

Yes

Yes

Background Intelligent Transfer Service (BITS)

Yes

Yes

BitLocker Drive Encryption

Yes

Yes

BitLocker Network Unlock

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

BranchCache

Yes

Yes

Client for NFS

Yes

Yes

Containers

Yes (unlimited Windows containers; up to two Hyper-V containers)

Yes (unlimited Windows and Hyper-V containers)

Data Center Bridging

Yes

Yes

Direct Play

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

Enhanced Storage

Yes

Yes

Failover Clustering

Yes

Yes

Group Policy Management

Yes

Yes

Host Guardian Hyper-V Support

No

Yes

I/O Quality of Service

Yes

Yes

IIS Hostable Web Core

Yes

Yes

Internet Printing Client

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

IPAM Server

Yes

Yes

iSNS Server service

Yes

Yes

LPR Port Monitor

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

Management OData IIS Extension

Yes

Yes

Media Foundation

Yes

Yes

Message Queueing

Yes

Yes

Multipath I/O

Yes

Yes

MultiPoint Connector

Yes

Yes

Network Load Balancing

Yes

Yes

Peer Name Resolution Protocol

Yes

Yes

Quality Windows Audio Video Experience

Yes

Yes

RAS Connection Manager Administration Kit

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

Remote Assistance

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

Remote Differential Compression

Yes

Yes

RSAT

Yes

Yes

RPC over HTTP Proxy

Yes

Yes

Setup and Boot Event Collection

Yes

Yes

Simple TCP/IP Services

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

SMB 1.0/CIFS File Sharing Support

Installed

Installed

SMB Bandwidth Limit

Yes

Yes

SMTP Server

Yes

Yes

SNMP Service

Yes

Yes

Software Load Balancer

Yes

Yes

Storage Replica

Yes

Yes

Telnet Client

Yes

Yes

TFTP Client

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

VM Shielding Tools for Fabric Management

Yes

Yes

WebDAV Redirector

Yes

Yes

Windows Biometric Framework

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

Windows Defender features

Installed

Installed

Windows Identity Foundation 3.5

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

Windows Internal Database

Yes

Yes

Windows PowerShell

Installed

Installed

Windows Process Activation Service

Yes

Yes

Windows Search Service

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

Windows Server Backup

Yes

Yes

Windows Server Migration Tools

Yes

Yes

Windows Standards-Based Storage Management

Yes

Yes

Windows TIFF IFilter

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

WinRM IIS Extension

Yes

Yes

WINS Server

Yes

Yes

Wireless LAN Service

Yes

Yes

WoW64 support

Installed

Installed

XPS Viewer

Yes, when installed as Server with Desktop Experience

Yes, when installed as Server with Desktop Experience

Best Practices Analyzer

Yes

Yes

Direct Access

Yes

Yes

Dynamic Memory (in virtualization)

Yes

Yes

Hot Add/Replace RAM

Yes

Yes

Microsoft Management Console

Yes

Yes

Minimal Server Interface

Yes

Yes

Network Load Balancing

Yes

Yes

Windows PowerShell

Yes

Yes

Server Core installation option

Yes

Yes

Server Manager

Yes

Yes

SMB Direct and SMB over RDMA

Yes

Yes

Software-defined Networking

No

Yes

Storage Migration Service

Yes

Yes

Storage Replica

Yes, 1 partnership and 1 resource group with a single 2TB volume

Yes, unlimited

Storage Spaces

Yes

Yes

Storage Spaces Direct

No

Yes

Volume Activation Services

Yes

Yes

VSS (Volume Shadow Copy Service) integration

Yes

Yes

Windows Server Update Services

Yes

Yes

Windows System Resource Manager

Yes

Yes

Server license logging

Yes

Yes

Inherited activation

As guest if hosted on Datacenter

Can be a host or a guest

Work Folders

Yes

Yes

Once you choose what roles are going on your server, you must then decide how you're going to install Windows Server 2022. There are two ways to install Windows Server 2022. You can upgrade a Windows Server 2012 R2 (or above) machine to Windows Server 2022, or you can do a clean install of Windows Server 2022. If you are running any version of Server before 2012 R2, you must first upgrade to Windows Server 2012 R2 or 2016 before upgrading to Windows Server 2022. If you decide that you are going to upgrade, there are specific upgrade paths you must follow.

NOTE