38,39 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Written by a 10-time Microsoft MVP with 25 years of IT and technical coaching experience, this practical guide offers real-world expertise in Windows Server management. From building and connecting servers to securing them, and even intentionally breaking them to learn, you’ll find comprehensive, experience-based coverage that takes you deep into professional administration.
Fully updated for the 2025 release, this edition prepares you to manage any Windows Server environment, whether deploying the latest version or maintaining Server 2012 in a modern infrastructure. You'll work with PowerShell, Server Manager, Windows Admin Center, RSAT, and Azure Arc to achieve centralized and efficient administration. While the focus is on Windows Server 2025 LTSC with Desktop Experience, the book also explores Server Core, containerization, and the evolving role of Nano Server.
Along the way, you'll gain hands-on experience with core services, including Active Directory, DNS, DHCP, and Group Policy, and explore advanced topics such as certificate services and PKI, Hyper-V virtualization, Remote Desktop Services, failover clustering, DFS, and Intune integration.
By the end of this book, you’ll have the skills to manage and modernize complex server infrastructures with confidence.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 1411
Veröffentlichungsjahr: 2025
Ähnliche
Mastering Windows Server 2025
Fifth Edition
Accelerate your journey from IT Pro to System Administrator using the world’s most powerful server platform
Jordan Krause
Mastering Windows Server 2025
Fifth Edition
Copyright © 2025 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Portfolio Director: Kartikey Pandey
Relationship Lead: Reshma Raman
Project Manager: Sonam Pandey
Content Engineer: Sayali Pingale
Technical Editor: Simran Ali
Copy Editor: Safis Editing
Indexer: Pratik Shirodkar
Proofreader: Sayali Pingale
Production Designer: Aparna Bhagat
Growth Lead: Shreyans Singh
First published: October 2016
Second edition: March 2019
Third edition: July 2021
Fourth edition: May 2023
Fifth edition: October 2025
Production reference: 2250925
Published by Packt Publishing Ltd.
Grosvenor House
11 St Paul’s Square
Birmingham
B3 1RB, UK.
ISBN 978-1-83702-991-4
www.packtpub.com
Contributors
About the author
Jordan Krause is an IT professional with more than 25 years of experience and has received 10 Microsoft MVP awards for his work with Microsoft server and networking technologies. One of the world’s first experts on Microsoft DirectAccess, his authorship journey began with a book about Microsoft remote access technologies and has evolved into a dozen books on more extensive topics such as Windows Server, security, Group Policy, and even cookbooks (not the food kind). Jordan lives in beautiful West Michigan (USA) and manages a team of IT engineers spread across the country.
About the reviewer
Premnath Sambasivam is a seasoned IT professional with over 12 years of experience in the industry. He is a passionate Microsoft enthusiast and currently works for a leading US-based global retail company as a senior cloud engineer. He specializes in designing and implementing solutions using Microsoft technologies, including Microsoft Azure, Active Directory, and Microsoft System Center Configuration Manager (SCCM). He reviewed the books Mastering Windows Server 2019 and Mastering Windows Security and Hardening, which is also published by Packt Publishing.
Contents
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Your Book Comes with Exclusive Perks - Here’s How to Unlock Them
Unlock Your Book’s Exclusive Benefits
How to unlock these benefits in three easy steps
Step 1
Step 2
Step 3
Need help?
Getting Started with Windows Server 2025
The purpose of Windows Server
Your head in the clouds
Public cloud
Private cloud
Windows Server versions and licensing
Standard versus Datacenter
Windows Server 2025 Essentials
Windows Server 2025 Datacenter: Azure Edition
Three different user interfaces
Desktop Experience
Server Core
Nano Server – now only for containers
Licensing models – what happened to SAC?
Long-Term Servicing Channel (LTSC)
Semi-Annual Channel (SAC) (now retired)
License purchase and packs
Core packs (physical server licensing)
At what point do I turn to Datacenter?
Client Access Licenses (CALs)
Overview of new and updated features
CPU compatibility
Updated in-place upgrades
Hotpatching
The Windows 11 experience is here!
Azure Edition
Bluetooth
Wireless networking
Microsoft accounts
Credential Guard
Azure Local
Windows Admin Center (WAC)
Active Directory improvements
Delegated Managed Service Accounts (dMSA)
Dynamic Tracing (DTrace)
Windows Local Administrator Password Solution (LAPS)
ReFS improvements
Compress to…
SMB over QUIC
OpenSSH
Windows VPN hardening
Azure Arc
AI-ready
Feedback Hub
Hyper-converged infrastructure (Azure Local)
Features deprecated in Server 2025
SAC releases
Guarded fabric and shielded VMs
IIS6 Management Console and SMTP server
Wordpad
NTLMv1
PowerShell 2.0
TLS 1.0 and 1.1
Windows Internal Database (WID)
Windows Server Update Services (WSUS)
Navigating the interface
The updated Start menu
The Quick Admin Tasks menu
Using the Search function
Pinning programs to the taskbar or Start menu
The power of right-clicking
App snapping
Windows Settings
Two ways to do the same thing
Creating a new user through Control Panel
Creating a new user through the Settings menu
Task Manager
Task View
Summary
Questions
Installation and Management
Technical requirements
Installing Windows Server 2025
Burning that ISO
Creating a bootable USB stick with software
Creating a bootable USB stick with PowerShell
Running the installer
Installing roles and features
Installing a role using the wizard
Installing a feature using PowerShell
Centralized management and monitoring
Server Manager
Remote Server Administration Tools
Does this mean RDP is dead?
Remote Desktop Connection Manager
Windows Admin Center
Installing WAC
Launching WAC
Adding more servers to WAC
Managing a server with WAC
Changes are as easy as pie
Azure integrations
Azure Arc
Adding a server to Azure Arc
Quick server rollouts with Sysprep
Installing Windows Server 2025 onto a new server
Configuring customizations and updates on your new server
Running Sysprep to prepare and shut down your master server
Creating your master image of the drive
Building new servers using copies of the master image
In-place upgrading to Windows Server 2025
Downloading and running the installer
Upgrading from Settings
Summary
Questions
Active Directory
What is a domain controller?
Active Directory Domain Services
Creating your first domain
Prep your domain controller
Install the AD DS role
Configure the domain
Trees, forests, and… domains?
Domain controller options
Additional options
Paths
Review options, prerequisites check, and installation
Multiple domain controllers for redundancy
Active Directory Users and Computers
User accounts
Security groups
Prestaging computer accounts
Active Directory Domains and Trusts
Building a trust
Network connectivity
Conditional DNS forwarding
Configuring the trust
Test it out!
Active Directory Sites and Services
Active Directory Administrative Center
Dynamic Access Control
Fine-Grained Password Policy
Active Directory Recycle Bin
Read-only domain controllers
FSMO roles
Viewing current FSMO role holders
RID, PDC, and Infrastructure master
Schema master
Domain naming master
View them all in one place
FSMO role visibility through PowerShell
Transferring FSMO roles
Transferring FSMO roles via PowerShell
Demoting an old domain controller
Demoting while the old server is still online
Cleaning up Active Directory Sites and Services
Demoting when the old server is gone
Move FSMO roles
Delete it
Clean up Sites and Services and DNS
Intro to Group Policy
Microsoft Entra ID
Entra ID
Active Directory on an Azure VM
Microsoft Entra Domain Services
Entra Connect
Summary
Questions
DNS and DHCP
The purpose of DNS
Types of DNS records
Host record (A or AAAA)
Alias record – CNAME
Mail exchanger record
Microsoft 365 MX records
TXT record
SPF record
The -all enforcement rule
DKIM signatures
Name server (NS) record
Public NS records
ipconfig /flushdns
Split-brain DNS
Types of DNS zones
Active Directory integrated zones
Forward lookup zones
Reverse lookup zones
Primary zone
Secondary zone
Stub zone
Creating a new forward lookup zone
Creating a new reverse lookup zone
DNS-over-HTTPS
Finding a DoH provider
Enabling DoH on a workstation
DNS-over-HTTPS on Windows DNS server
IP addressing with DHCP
Creating a DHCP scope
Authorizing the DHCP server
Scope options
DHCP reservations
DHCP failover
Two DHCP servers
Hot standby mode
Load-sharing mode
Configuring DHCP failover
IPAM
Summary
Questions
Join us on Discord
Group Policy
Group Policy Objects
Group Policy background refresh cycle
Building a GPO
Adding trusted sites
Mapping network drives
Installing registry keys
Preventing the shutdown of the system
Disabling removable USB drives
Adding a shortcut to the desktop
Scoping a GPO
Links
Gpresult
Continuing with the link
Group Policy processing order
Local Policy
Site-level policies
Domain-level policies
OU-level policies
Security Filtering
WMI Filtering
Item-level targeting
Delegation
Computer settings and user settings
Computer Configuration
User Configuration
Linking GPOs accordingly
Group Policy loopback processing
Policy versus preference
Policies
Preferences
Default Domain Policy
Administrative Templates
Implementing ADMX/ADML files
The Central Store
Enabling the Central Store
Populating the Central Store
Summary
Questions
File Management
Data is a company’s lifeblood
File shares
The role
Defining storage space
Planning carefully
Creating shares
Share permissions
Discovering shares
Computer Management
Backslash-Backslash (\\)
Mapping a drive
Mapping via the command line
Backups, backups, backups
Automated drive mappings
GPO drive mapping
Intune drive mapping
Crafting the drive mapping script
A special note about updating Intune drive mappings
File permissions
Use those groups!
To inherit or not to inherit…that is the question
Deny always wins
Effective access
Distributed File System (DFS)
DFS namespaces
Standalone versus domain-based namespaces
Establishing DFS namespaces
Adding folder targets to your DFS namespace
Re-mapping your network drives
DFS replication (DFSR)
Enabling DFSR
Verifying it works
Filtering out certain files
File Transfer Protocol (FTP)
FTP versus FTPS versus SFTP
Creating a Windows FTP server
Installing the role
Configuring FTP services
Testing file transfer via FTP
SMB over QUIC
Deployment via WAC
Deployment via PowerShell
Testing it out!
Mapping SMB over QUIC network drives
Summary
Questions
Join us on Discord
Certificates
Common certificate types
User certificates
Computer certificates
SSL certificates
Single-name certificates
Multi-domain or subject alternative name certificates
Wildcard certificates
Planning your PKI
Role services
Enterprise versus standalone
Root versus subordinate (issuing)
Naming your CA server
Can I install the CA role onto a domain controller?
Creating a certificate template
Issuing certificates
Publishing the template
Requesting a certificate from MMC
Requesting a certificate from the web interface
Creating an auto-enrollment policy
Obtaining a public authority SSL certificate
Public/private key pair
Creating a certificate signing request
Submitting the certificate request
Downloading and installing your certificate
Re-keying certificates
Exporting and importing certificates
Exporting from MMC
Exporting from IIS
Importing into a second server
OpenSSL for Linux webservers
Generate a CSR
Acquire the certificate
Install the certificate
Linux chaining certificate
Summary
Questions
Networking with Windows Server 2025
IPv4 “need-to-know” information
IP addresses
VPN overlap
Private addressing
Subnet mask
Public subnetting
Default gateway
MAC addresses
Introduction to IPv6
Your networking toolbox
ping
tracert
pathping
Test-Connection
telnet
Test-NetConnection
Packet tracing with Wireshark
PsPing
TCPView
netstat
The Windows routing table
Multi-homed servers
Only one default gateway
Building a route
Adding a route with Command Prompt
Deleting a route
Adding a route with PowerShell
NIC teaming
Software-defined networking
Hyper-V Network Virtualization
Private clouds
Hybrid clouds
How does it work?
System Center Virtual Machine Manager
Network Controller
Network Security Groups
Generic Routing Encapsulation
Microsoft Azure Virtual Network
RAS gateways/SDN gateways
Virtual network encryption
Bridging the gap to Azure
A VPN gateway
Azure ExpressRoute
Third-party options
Azure Network Adapter
Summary
Questions
Join us on Discord
Remote Access
Regular ol’ VPN
Routing and Remote Access Service (RRAS)
Configuring VPN inside RRAS
Securing your VPN
Configuring VPN on the client
Always On VPN
Types of AOVPN tunnels
User tunnels
Device tunnels
Device tunnel requirements
AOVPN client requirements
Domain-joined
Rolling out the settings
AOVPN server components
Remote Access server
Certification authority (CA)
Network Policy Server (NPS)
DirectAccess
The truth about DA and IPv6
Prerequisites for DA
Domain-joined
Supported client operating systems
DirectAccess servers: one or two NICs?
To NAT or not to NAT?
Network location server
Certificates used with DirectAccess
Do not use the Getting Started Wizard (GSW)!
Remote Access Management Console
Configuration
Dashboard
Operations Status
Remote Client Status
Reporting
Tasks
DA, VPN, or AOVPN? Which is best?
Domain-joined or not?
Auto or manual launch
Software versus built-in
Password and login issues with traditional VPNs
Port-restricted firewalls
Manual disconnect
Native load-balancing capabilities
Distribution of client configurations
Web Application Proxy
WAP as AD FS Proxy
Requirements for WAP
Latest improvements to WAP
Pre-authentication for HTTP Basic
HTTP to HTTPS redirection
Wildcard domain publishing
Client IP addresses forwarded to applications
Publishing Remote Desktop Gateway apps
Improved administrative console
Summary
Questions
Hardening and Security
Microsoft Defender Antivirus
Installing Microsoft Defender Antivirus
Exploring the user interface
Disabling Microsoft Defender Antivirus
Microsoft Defender for Endpoint
Windows Defender Exploit Guard
Windows Defender Firewall: no laughing matter
Three Windows Firewall administrative consoles
Windows Defender Firewall (Control Panel)
Firewall & network protection (Windows Security Settings)
Windows Defender Firewall with Advanced Security (WFAS)
Three firewall profiles
Building a new inbound firewall rule
Creating a rule to allow pings (ICMP)
Managing WFAS with Group Policy
Encryption technologies
BitLocker and the virtual TPM
Shielded VMs
Encrypted virtual networks
Encrypted File System
IPsec
Configuring IPsec
Microsoft Entra Password Protection
Fine-grained password policy
Windows LAPS
Implementing LAPS
Prepping the environment
Configuring the clients
Finding a password
Finding a password in Entra
Rotating a password
Advanced Threat Analytics: end of support
What is (was) ATA?
Microsoft Defender for Identity
General security best practices
Getting rid of perpetual administrators
Using distinct accounts for administrative access
Using a different computer to accomplish administrative tasks
Never browse the internet from servers
Role-Based Access Control
Just Enough Administration
Adjusting RDP away from 3389
Disable external RDP… NOW
Disable insecure encryption protocols
Windows registry
IIS Crypto
Summary
Questions
Join us on Discord
Server Core
Why use Server Core?
No more switching back and forth
Interfacing with Server Core
PowerShell
Using cmdlets to manage IP addresses
Setting the server hostname
Joining your domain
Remote PowerShell
Server Manager
Remote Server Administration Tools
Accidentally closing Command Prompt
Using Windows Admin Center to manage Server Core
The SConfig utility
Roles available in Server Core
Building a Server Core domain controller
Installing the AD DS role
Promoting this server to a domain controller
Verifying that it worked
What happened to Nano Server?
Can we run Server Core in Azure?
Summary
Questions
PowerShell
Why move to PowerShell?
Cmdlets
PowerShell is the backbone
Scripting
Server Core
Working within PowerShell
Launching PowerShell…err…Windows Terminal?
Default execution policy
Restricted
AllSigned
RemoteSigned
Unrestricted
Bypass mode
Using the Tab key
Useful cmdlets for daily tasks
Query user or quser
IP addressing cmdlets
Using Get-Help
Formatting the output
Format-Table
Format-List
Visual customizations
Importing a module
Using a pipeline
Exporting to CSV
Pipes can invoke action
PowerShell Integrated Scripting Environment
PS1 files
PowerShell ISE
Remotely managing a server
Preparing the remote server
The WinRM service
Enable-PSRemoting
Allowing machines from other domains or workgroups
Connecting to the remote server
Using -ComputerName
Using Enter-PSSession
Desired State Configuration
WinGet application management
PowerShell for M365
Installing and importing the module for the first time
Connecting to M365
Issuing commands
Windows Terminal in Server 2022
Summary
Questions
Redundancy in Windows Server 2025
Network Load Balancing
Not the same as round-robin DNS
What roles can use NLB?
Virtual and dedicated IP addresses
NLB modes
Unicast
Multicast
Multicast IGMP
Configuring a load-balanced website
Enabling NLB
Enabling MAC address spoofing on VMs
Configuring NLB
Configuring IIS and DNS
Testing it out
Flushing the ARP cache
Failover clustering
Clustering Hyper-V hosts
VM load balancing
Clustering for file servers
Scale-Out File Server
Clustering tiers
Application layer clustering
Host layer clustering
A combination of both
How does failover work?
Setting up a failover cluster
Building the servers
Installing the feature
Running Failover Cluster Manager
Running cluster validation
Running the Create Cluster wizard
Clustering improvements in Windows Server
Cluster rolling OS upgrades
Workgroup cluster live migration
GPU-P live migration support
AutoSites
Clustering Affinity
Improvements to BitLocker protected cluster storage
Slightly older improvements (but still cool)
Cluster administration via Windows Admin Center
True two-node clusters with USB witnesses
Higher security for clusters
Multi-site clustering
Cross-domain or workgroup clustering
Cluster operating system rolling upgrades (a history lesson)
Storage Replica
Configuring Storage Replica
Initializing disks as GPT
Testing preparedness for Storage Replica
Configuring Storage Replica
Shifting the primary server to FS02
Storage Spaces Direct
Recent enhancements in S2D
Summary
Questions
Containers
Understanding application containers
Sharing resources
Isolation
Scalability
Latest enhancements for containers
32-bit applications in Nano Server
Nano Server Features on Demand (FoD)
Smaller image size for Server Core
Virtualized time zones
Initial IPv6 support
HostProcess containers
Enhanced management through Windows Admin Center (WAC)
A new base image option
Container base images
Nano Server
Server Core
Windows Server
Windows Server containers versus Hyper-V containers
Windows Server containers
HostProcess containers
Hyper-V containers
Docker and Kubernetes
Linux containers
Docker Hub
Public and private repositories
Docker Trusted Registry (where’d it go?)
Kubernetes
Working with containers
Installing the role and feature
Installing Docker for Windows 10/11
Installing Docker for Windows Server 2025
Docker CE/Moby runtime installation
Docker commands
docker version
docker info
docker --help
docker images
docker search
docker pull
docker run
docker ps -a
Downloading a container image
Running a container
Where is Azure in all this?
Azure Container Registry
Azure Kubernetes Service (AKS)
AKS on Azure Local
Summary
Questions
Join us on Discord
Hyper-V
Designing and implementing Hyper-V server
Installing the Hyper-V role
Nested virtualization
AMD processors are now supported
What’s new in 2025?
Generation 2 by default
GPU-P
Live migration for Workgroup clusters
Hyper-V performance
Virtual switches
External virtual switch
Internal virtual switch
Private virtual switch
Creating a new virtual switch
Implementing a virtual server
Starting and connecting to the VM
Installing the operating system
Managing a virtual server
Hyper-V Manager
The Settings menu
Checkpoints
Configuring auto stop and start
Expanding a virtual disk
Hyper-V console, Remote Desktop Protocol (RDP), or PowerShell
Windows Admin Center (WAC)
Copying files into VMs without network connectivity
Shielded VMs
Encrypting VHDs
Infrastructure requirements for shielded VMs
Guarded hosts
Host Guardian Service (HGS)
Host attestations
TPM-trusted attestations
Host key attestations
Admin-trusted attestation – deprecated in 2019
Resilient Filesystem (ReFS) deduplication
ReFS
Data deduplication
Why is this important to Hyper-V?
The future of shielded VMs
Integrating Hyper-V with Linux
Hyper-V Server…2019?
Summary
Questions
Remote Desktop Services
Wherefore art thou, role?
Components of an RDS environment
Remote Desktop Session Host
Remote Desktop Connection Broker
Remote Desktop License Manager
Remote Desktop Web Access
Remote Desktop Gateway
Publishing RDS sessions
Creating an RDS environment
Your first RDS collection
Adding RD Gateway and RD Licensing
Collection configuration
Connecting to it
Editing deployment and collection properties
Deployment Properties
Collection Properties
Adding RDSH servers to your collection
Drain-stopping an RDSH for maintenance
Installing applications on an RDSH
No users logged in
Install mode
RDS licensing
User CALs
Device CALs
Specifying the RD License server
RD Licensing Manager
RDS user profiles
Local profiles
Roaming profiles
User Profile Disks
FSLogix
Installing the agent on RDSH servers
Importing FSLogix settings into Group Policy
RemoteApp
RDS maintenance considerations
Install mode
Server Manager errors related to RDS
Logging directly into RDSH servers
SSL certificate replacements
Cloning RDSH servers
Sidder
GPOs and RDS
Azure Virtual Desktop
Summary
Questions
Join us on Discord
Troubleshooting
Backup and restore
Schedule regular backups
Restoring from Windows
Restoring from the installer disk
Task Manager
Resource Monitor
Performance Monitor
Sysinternals tools
Descriptions of popular tools
TCPView
PsPing
Disk2vhd
Autologon
Autoruns
Diskmon
LogonSessions
PsExec
PsKill
PsShutdown
Process Monitor (Procmon)
AccessEnum
DTrace
Windows Firewall with Advanced Security
System Insights
Remote toolsets
Event Logs
Filtering event logs
Exporting Windows event logs with PowerShell
Common event IDs
MMC and MSC shortcuts
Feedback Hub
Summary
Questions
Appendix: Answers to the End-of-Chapter Questions
Chapter 1: Getting Started with Windows Server 2025
Chapter 2: Installation and Management
Chapter 3: Active Directory
Chapter 4: DNS and DHCP
Chapter 5: Group Policy
Chapter 6: File Management
Chapter 7: Certificates
Chapter 8: Networking with Windows Server 2025
Chapter 9: Remote Access
Chapter 10: Hardening and Security
Chapter 11: Server Core
Chapter 12: PowerShell
Chapter 13: Redundancy in Windows Server 2025
Chapter 14: Containers
Chapter 15: Hyper-V
Chapter 16: Remote Desktop Services
Chapter 17: Troubleshooting
Other Books You May Enjoy
Index
Landmarks
Cover
Index
Preface
Working in IT is so very interesting. It is complicated, problematic, complex, rewarding, and even dramatic some days. There are so many facets to working with technology; many people focus on one area and build a lifelong career out of it, never encroaching on other aspects of IT. You can specialize in custom computer builds, deployments, printers, networks, security, and the list goes on and on. When talking about IT within a business environment, there is almost always one common thread woven throughout the options: Windows Server. Servers of any flavor are designed to serve up information to your users and computers, and while Microsoft does not hold the entire market on servers, a career in IT guarantees you will interface with Windows Server at some point. During my career, I have had the privilege of working in many hundreds of business environments, and without exception, they have all been standing on top of Windows Server infrastructure. Some of these “datacenters” have looked like a coffee cart shoved in the corner of a utility closet, some have been enormous buildings littered with facial recognition cameras and argon gas tubes. Perhaps my favorite server discovery was the one we found hanging in a rack inside a single-stall bathroom. Right there on the wall! What is so fascinating about Windows Server is that it is universal to all these environments. Some businesses have small and simple needs when providing data to users, while others require rows and rows of server racks to get the job done across hundreds of thousands of people. In both scenarios, the Windows Server operating system running on those servers is the same.
Windows Server 2025 is Microsoft’s latest and greatest way of serving up information. It stores files, validates identities, connects your remote workforce, routes network traffic, and protects your business in the process. This is starting to sound like an infomercial, but it’s all true. I genuinely don’t know where we would be without Windows Server underpinning so much of the computing world.
New versions of Windows Server always come with updates and enhancements. Sometimes they are subtle tweaks to already-great features and capabilities. Sometimes these updates are “in your face,” such as the new graphical interface brought to us by Windows Server 2025, finally bringing the refreshed Windows 11 look and feel into the server world. We are here to dive into what’s new and fresh, but also to build a foundational baseline for working with Windows Server in general. So much of this knowledge carries from one version to the next. Change is constant, but the theories and ideologies that underpin system administration will carry you to success when stepping into any Windows-centric environment. The information provided in these pages seeks to build that baseline, enabling anyone familiar with computers to start working with servers, while at the same time, providing seasoned professionals with updated information to get the most out of Windows Server 2025.
Many businesses today employ a hybrid approach to serving up data. They continue to host physical server hardware inside an office or datacenter, and have also dipped their toes into cloud hosting. Almost always, both on-premises and cloud hosting platforms are running instances of Windows Server, so no matter your perspective on cloud journeys, knowing and understanding Windows Server is a key component to successful systems administration. The advent of cloud-based computing has not released us from the responsibility of understanding server administration; indeed, it has arguably made server administration more complex.
A lot of fresh IT engineers are coming into the workforce prepared with some knowledge of SaaS resource administration, such as Microsoft 365 and SharePoint, and this is wonderful! One of my primary motivations in writing this book is to provide a resource for new and growing admins to be successful in their careers. You may have learned through school or certification exams how to begin working in these new cloud platforms, but perhaps lack the foundational knowledge of the Microsoft technology that underpins a lot of Azure: Windows Servers. So many of the roles that exist inside Windows Server are foreign to engineers, but this is critical information to know as you continue your IT career journey and grow into more advanced positions. To pinpoint just one example, I often ask questions during interviews about DNS. It is entirely surprising to me how often answers to these questions come up short. DNS has been one of the staple roles in any Windows Server environment for as far back as I can remember, but until you have worked with it and gone through some of the learning hardships firsthand, it seems this is a common area that is somehow missed during standard IT learning.
I use DNS as an example because it’s true, but also because it is very meme-worthy. “It’s always DNS.” You may have heard some of your tenured administrators say these words, but until you experience it for yourself, you may not quite appreciate their significance. The answer to so many questions lies within this one little role; incorrect configuration of DNS can cause multitudes of problems. I found the following graphic on the internet and take no credit for it, but also find it completely true, and hilarious.
Figure 1: It’s always DNS
Technical books are supposed to be a little mundane; that is why they are called technical books. It’s the nature of the industry, I suppose. I tried to resist this stereotype wherever possible; you may even find a dad joke or two scattered throughout these pages. I genuinely hope that you find this book to be a helpful resource and that the information learned here can be directly applied to your work in information technology.
Who this book is for
Anyone interested in Windows Server 2025 or in learning more in general about a Microsoft-centric datacenter will benefit from this book. An important deciding factor when choosing which content was appropriate for such a volume was making sure that anyone who had a baseline in working with computers could pick this up and start making use of it within their own networks.
If you are already proficient in Microsoft infrastructure technologies and have worked with prior versions of Windows Server, then there are some focused topics on the aspects and parts that are brand-new and only available in Server 2025. On the other hand, if you are currently in a desktop support role, or if you are coming fresh into the IT workforce, care was taken in the pages of this book to ensure that you will receive a rounded understanding, not only of what is brand-new in Server 2025, but also what core capabilities it includes as carryovers from previous versions of the operating system, which are still crucial information to have at hand when working in a Microsoft-driven datacenter.
What this book covers
Chapter 1, Getting Started with Windows Server 2025, gives us an introduction to the latest Server operating system and an overview of the new technologies and capabilities that it can provide. We will also spend a little bit of time exploring the updated interface for those who may not be comfortable with it yet.
Chapter 2, Installation and Management, dives right into the very first thing we will have to do when working with Server 2025: install it! While this seems like a simple task, there are several versioning and licensing variables that need to be understood before you proceed with your own installation. From there, we will start to expand upon Microsoft’s centralized management mentality, exploring ways we can manage and interact with our servers without ever having to log in to them.
Chapter 3, Active Directory, leads us into the most core and essential role that exists in a Windows Server environment. AD is the central repository for many different types of data inside most corporate infrastructures, and without understanding the tools that exist to interface with this directory, you will not be able to do much work with those fancy new servers.
Chapter 4, DNS and DHCP, segues into two other important roles that exist in almost every network. DNS and DHCP are both necessary technologies and concepts to understand for any IT administrator, and both happen to be roles that can be serviced from Windows Server 2025. We’ll dig into both.
Chapter 5, Group Policy, showcases a fantastic policy engine that can be used inside any Active Directory environment to create a centralized management location for your users and workstations. Whether you are interested in setting up password policies, configuring security lockdowns on your systems, automatically mapping network drives, or even distributing software, Group Policy is a powerful tool that is often underutilized.
Chapter 6, File Management, is all about storing and securing one of your company’s most valuable assets: data. Windows Server 2025 is so much more than a general file server. We’ll talk about automated drive mappings via GPO and Intune, FTP, DFS-R, and even mapped network drives that connect over the internet, without VPN, via the new SMB over QUIC protocol!
Chapter 7, Certificates, jumps into one of the pieces of Windows Server that has existed for many years, and yet most server administrators that I meet are unfamiliar with it. We’ll take a closer look at certificates as they become more and more commonly required for new technologies that we roll out. By the end of this chapter, you should be able to spin up your own PKI and start issuing certificates for free!
Chapter 8, Networking with Windows Server 2025, begins with a baseline navigation of IPv4 and an introduction to that big, scary IPv6, and continues from there into building a toolbox of items that are baked into Windows Server 2025 and can be used in your daily networking tasks. We will also discuss the parts and pieces that make up software-defined networking.
Chapter 9, Remote Access, looks at the different remote access technologies that are built into Windows Server 2025. Follow along as we explore the capabilities and recent changes in VPN, DirectAccess, Web Application Proxy, and Always On VPN.
Chapter 10, Hardening and Security, gives some insight into security and encryption functions that are built into Windows Server 2025. Security is the primary focus of CIOs everywhere, so we’ll explore what protection mechanisms are available to us out of the box. We’ll even get our hands dirty with the recently refreshed Windows Local Administrator Password Solution (LAPS).
Chapter 11, Server Core, throws us into the shrinking world of headless servers. Server Core has flown under the radar for many years, but is critical to understand as we bring our infrastructures into a more security-conscious mindset. We’ll make sure you have the information necessary to make your environment more secure and more efficient, all while lowering the amount of space and resources that are consumed by those servers. We’ll also find an answer to the question, “Whatever happened to Nano Server?”.
Chapter 12, PowerShell, gets us into the newer, bluer (or black or yellow or purple, or whatever color you desire!) command-line interface so that we can become comfortable using it and also learn why it is so much more powerful than Command Prompt. PowerShell is quickly becoming an indispensable tool for administering servers, especially in cases where you are adopting a centralized management and administration mindset. We will also take a look at the latest Microsoft command-line interface, Windows Terminal, natively included in Windows Server 2025 but requiring some work to get it into other versions of the server operating system.
Chapter 13, Redundancy in Windows Server 2025, looks at the platforms in this recent operating system that provide powerful data and computing redundancy. Follow along as we discuss network load balancing, failover clustering, Storage Spaces Direct, and build our own instance of Storage Replica.
Chapter 14, Containers, incorporates the terms open source and Linux into a Microsoft book! Application containers are quickly becoming the new standard for hosting modern, scalable applications. Learn how to begin writing your DevOps story using tools such as Windows Server containers, Hyper-V containers, Docker, and Kubernetes.
Chapter 15, Hyper-V, covers a topic that every server administrator should be very familiar with. Organizations have been moving their servers over to virtual machines en masse for many years. We’ll use this chapter to make sure you understand how that hypervisor works and give you the resources required to build and manage one if and when you have the need.
Chapter 16, Remote Desktop Services, showcases an enormous functionality set built into Windows Server 2025; indeed, the administration of RDS servers is a skill set unto its own. Providing users with virtual desktop sessions on a farm (collection) of Windows servers can literally change your entire ideology about how users access their information.
Chapter 17, Troubleshooting, provides information about tools and software included with Windows Server that can be used to troubleshoot common problems. We expect Server 2025 to be Microsoft’s most stable and reliable server operating system to date, yet as you all know, nothing is perfect, and issues are bound to present themselves. Here, we discover tools such as Resource Manager, Performance Monitor, and System Insights that help to keep our servers tuned and running well.
To get the most out of this book
Each technology that we discuss within the pages of this book is included in, or relates directly to, Windows Server 2025. If you can get your hands on a piece of server hardware and the Server 2025 installer files, you will be equipped to follow along and try these things out for yourself. We will talk about and reference some enterprise-class technologies that come with stiffer infrastructure requirements to make them work fully, and so you may have to put the actual testing of those items on hold until you are working in a more comprehensive test lab or environment, but the concepts are all still included in this book.
We will also discuss some items that are not included in Server 2025 itself, but that are used to extend its capabilities and features. Some of these items help tie us into an Azure cloud environment, and some are provided by third parties, such as using Docker and Kubernetes on your Server 2025 to interact with application containers. Ultimately, you do not need to use these tools to manage your new Windows Server 2025 environment, but they do facilitate some pretty cool things that I think you will want to explore.
As I have done with my own test lab used throughout the pages of this book, if you have one server or high-powered computer available and download the Windows Server 2025 installer, you can easily enable the ability to create many virtual machines and different instances of Server 2025. In this case, you may want to skip ahead to certain sections of Chapter 2 and Chapter 15, so that you are equipped to install a host operating system and configure Hyper-V upon it, then loop back to the beginning of the book so you have the same platform available as I did when building out these pages and the servers I used to populate them. With a simple test lab environment, you will be able to follow along with every piece of technology we build together in this book.
Download the color images
We also provide a PDF file that has color images of the screenshots/diagrams used in this book.
You can download it here: https://packt.link/gbp/9781837029914
Conventions used
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and X/Twitter handles. For example: “Inside DNS, I am going to create an alias record that redirects intranet to WEB1.”
Any command-line input or output is written as follows:
Uninstall-WindowsFeature -Name Windows-DefenderBold: Indicates a new term, an important word, or words that you see on the screen. For instance, words in menus or dialog boxes appear in the text like this. For example: “Simply find the appropriate OU for his account to reside within, right-click on the OU, and navigate to New | User.”
Warnings or important notes appear like this.
Tips and tricks appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book or have any general feedback, please email us at [email protected] and mention the book’s title in the subject of your message.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you could report this to us. Please visit http://www.packt.com/submit-errata, click Submit Errata, and fill in the form.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit http://authors.packt.com/.
Your Book Comes with Exclusive Perks - Here’s How to Unlock Them
Unlock this book’s exclusive benefits now
Scan this QR code or go to https://packtpub.com/unlock, then search this book by name. Ensure it’s the correct edition.
Note: Keep your purchase invoice ready before you start.
Enhanced reading experience with our Next-gen Reader:
Multi-device progress sync: Learn from any device with seamless progress sync.
Highlighting and notetaking: Turn your reading into lasting knowledge.
Bookmarking: Revisit your most important learnings anytime.
Dark mode: Focus with minimal eye strain by switching to dark or sepia mode.
Learn smarter using our AI assistant (Beta):
Summarize it: Summarize key sections or an entire chapter.
AI code explainers: In the next-gen Packt Reader, click the Explain button above each code block for AI-powered code explanations.
Note: The AI assistant is part of next-gen Packt Reader and is still in beta.
Learn anytime, anywhere:
Access your content offline with DRM-free PDF and ePub versions—compatible with your favorite e-readers.
Unlock Your Book’s Exclusive Benefits
Your copy of this book comes with the following exclusive benefits:
Next-gen Packt Reader
AI assistant (beta)
DRM-free PDF/ePub downloads
Use the following guide to unlock them if you haven’t already. The process takes just a few minutes and needs to be done only once.
How to unlock these benefits in three easy steps
Step 1
Keep your purchase invoice for this book ready, as you’ll need it in Step 3. If you received a physical invoice, scan it on your phone and have it ready as either a PDF, JPG, or PNG.
For more help on finding your invoice, visit https://www.packtpub.com/unlock-benefits/help.
Note: Did you buy this book directly from Packt? You don’t need an invoice. After completing Step 2, you can jump straight to your exclusive content.
Step 2
Scan this QR code or go to https://packtpub.com/unlock.
On the page that opens (which will look similar to Figure 2 if you’re on desktop), search for this book by name. Make sure you select the correct edition.
Figure 2: Packt unlock landing page on desktop
Step 3
Sign in to your Packt account or create a new one for free. Once you’re logged in, upload your invoice. It can be in PDF, PNG, or JPG format and must be no larger than 10 MB. Follow the rest of the instructions on the screen to complete the process.
Need help?
If you get stuck and need help, visit https://www.packtpub.com/unlock-benefits/help for a detailed FAQ on how to find your invoices and more. The following QR code will take you to the help page directly:
Note: If you are still facing issues, reach out to [email protected].
Share your thoughts
Once you’ve read Mastering Windows Server 2025, Fifth Edition, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.
Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.
1
Getting Started with Windows Server 2025
Driving around the interface of Windows Server is usually comfortable territory for anybody who regularly works on a Windows computer. This is because, historically, Windows Server operating systems have utilized the same code base for a graphical interface as their workstation counterparts. Additionally, in most cases throughout Windows rollout history, it has been true that any release of a major version of Windows Server follows closely on the heels of a Windows workstation version increase, and familiarity with your desktop equates to automatic ease of navigation on the new server. In fact, let’s take a minute and walk through that history for anybody here who is not on the gray-hair side of IT (me) and may not have this historical context.
Many years ago, Microsoft adjusted its operating system release ideology so that the latest Windows Server operating system maintained a similar graphical structure, and very similar release date, to whatever the latest and greatest Windows client operating system was going to have. This has been the trend for some time now, with Server 2008 R2 closely reflecting Windows 7, Server 2012 feeling a lot like Windows 8 (unfortunately), and many of the same usability features that came with the Windows 8.1 update also included with Server 2012 R2. This, of course, carried over to Server 2016 as well—giving it the same look and feel as if you were logged into a Windows 10 workstation.
At the time of Server 2016’s release, we were already familiar and comfortable with the Windows 10 interface, and it felt quite natural to jump right into Server 2016 and start giving it a test drive. Windows Server 2019 diverged from this standard path a little bit by maintaining a look and feel that was very similar to its predecessor, Windows Server 2016. Why did Windows Server 2019 not come with a fancy new graphical interface to match the new version of the Windows client operating system? Because Microsoft changed the game with Windows 10. Now, instead of releasing new versions of Windows (11, 12, 13, and so on), we were, for the time being, simply sticking with Windows 10 and giving it sub-version numbers, indicative of the dates when each operating system version was released. For example, Windows 10 version 1703 was released around March 2017. Windows 10 version 1709 was released in September 2017.
Then came 1803 and 1809—although 1809 was delayed a little and didn’t release until somewhere closer to November, which wasn’t the original plan. Follow that up with 1903 and 1909, and you start to see a pattern emerging. Then we moved into the year 2020, and suddenly our spring release of Windows 10 was called 2004. Hmm… 2004 sounds fine when you pronounce it “twenty-oh-four”, indicating the year 2020 and the month of April, but when seeing 2004 on paper, most folks started calling it “two-thousand-four,” which sounds quite old and outdated, don’t you think? I can’t say for sure, but perhaps this is part of the reason that the next release version of Windows 10 went by the name 20H2. This nomenclature seems to have stuck around, and we are continuing the trend with bi-annual client OS releases that reflect this pattern. All in all, you can see that Microsoft’s current plan is to continue releasing a new feature release version of the Windows operating system every 6 months or so.
However, expecting IT departments to lift and shift all of their servers just for the purposes of moving to an OS that is 6 months newer is crazy; sometimes it takes longer than that simply to plan a migration, let alone execute it.
Anyway, I’m getting ahead of myself a little, as we will discuss the versioning of Windows Server later in this chapter, in our Windows Server versions and licensing section. The point here is that Windows Server 2019 looks and feels like the latest version of the Windows client operating system that was released at about the same time—that OS being Windows 10 1809.
Now, forget everything I ever told you, as we cue the caveat of Windows Server 2022. When this last major server version hit shelves, it was after Windows 11 was out in the wild, yet Server 2022 stuck with the more traditional Windows 10 graphical interface. At the time, I thought this to be a good idea, and indeed, I maintain that, given some discomforts with Windows 11 at the time, this seems to have been a good move, whether it was intentional or a side effect of the updated GUI not being quite ready to ride on a server. Whatever the true reason, Microsoft essentially left the GUI alone when releasing Windows Server 2022. It is genuinely difficult to tell, graphically, whether you are working on 2019 or 2022 without checking System Properties.
So, what about Windows Server 2025? I just finished creating an instance of this brand-new operating system, it booted successfully, and I’m staring this in the face.
Figure 1.1: The Server 2025 lock screen
I’m sure you saw where this was going. We now have the Windows 11 graphical interface! At this point in the Windows 11 journey, you should be quite comfortable with using it. Indeed, as I type these words, we are facing the fact that Windows 10 goes end-of-life in less than one year. We will see much more of this updated interface as we work through the entire book, but for the purpose of this chapter, I want to discuss more of the conceptual enhancements and benefits brought to us through Windows Server 2025.
Before we get started talking about the features of Windows Server, it is important to establish a baseline for usability and familiarity with the operating system itself before diving deeper into the technologies running under the hood.
Let’s spend a few minutes exploring the new graphical interface and options that are available for finding your way around this latest release of Windows Server, as we cover the following topics:
The purpose of Windows ServerYour head in the cloudsWindows Server versions and licensingOverview of new and updated featuresFeatures deprecated in Server 2025Navigating the interfaceWindows settingsTask ManagerTask ViewLet’s get started!
The purpose of Windows Server
What is a server? Is that a silly question? I don’t think so. It’s a good question to ponder, especially now that the definition of servers and server workloads changes on a regular basis. The answer to this question for Windows clients is simpler. A Windows client machine is a requester, consumer, and contributor of data.
Data is life for many businesses. Where is this data kept? From where is this data being pushed and pulled? What enables the mechanisms and applications running on the client operating systems to interface with this data? What secures these users and their data? The answers to these questions reveal the purpose of servers in general. Servers house, protect, and serve up data to be consumed by clients.
Everything revolves around data in business today. Our email, documents, databases, customer lists—everything that we need to do business—is data. That data is critical to us. Servers are what we use to build the fabric upon which we trust our data to reside.
We traditionally think about servers using a client-server interface mentality. A user opens a program on their client computer, this program reaches out to a server in order to retrieve something, and the server responds as needed. This idea can be correctly applied to almost every transaction you may have with a server. When your domain-joined computer needs to authenticate you as a user, it reaches out to Active Directory on the server to validate your credentials and receive an authentication token. When you need to contact a resource by name, your computer asks a DNS server how to get there. If you need to open a file, you ask the file server to send it your way.
Servers are designed to be the brains of our operation, and often by doing so transparently. In recent years, large strides have been taken to ensure resources are always available and accessible in ways that don’t require training or a large effort on the part of our employees. It used to be true that the general user population knew the name of your server and how to contact it because that was required for them to be able to get the information they needed.
If their mapped drives disappeared, it wasn’t uncommon that everyone would know how to throw \\server\share into File Explorer to get there via plan B.
It also used to be the case that your average business only ran one single server, enabling plan B above to be true. Today, our server landscape is vastly different, with even small businesses running a virtualization host that typically contains a dozen or more virtual servers, and much effort is made so that your workforce doesn’t know or care anything about that server infrastructure; they simply expect to have access to their data, 100% of the time.
In most organizations, many different servers are needed to provide your workforce with the capabilities they require. Each service inside Windows Server is provided as, or as part of, a role. When you talk about needing new servers or configuring a new server for any particular task, what you are really referring to is the individual role or roles that are going to be configured on that server to get the work done. A server without any roles installed is useless, though, depending on the chassis, could make an excellent paperweight. A 3U SAN device could weigh upward of 100 pounds and keep your desk orderly even in the middle of a hurricane!
If you think of roles as the meat and potatoes of a server, then the next bit we will discuss is sort of like adding salt and pepper. Beyond the overhead roles you will install and configure on your servers, Windows also contains many features that can be installed, which sometimes stand alone but, more often, complement specific roles in the operating system. Features may add functionality to the base operating system, as is the case with Telnet Client. Or, a feature may be added to a server in order to enhance an existing role, such as adding the Network Load Balancing feature to an already equipped remote access or IIS server. The combination of roles and features inside Windows Server is what equips that piece of metal to do work.
This book will, quite obviously, focus on a Microsoft-centric infrastructure. In these environments, the Windows Server operating system is king and is prevalent across all facets of technology. There are alternatives to Windows Server and different products that can provide some of the same functions for an organization, but it is quite rare to find a business environment anywhere that is running without some semblance of a Microsoft infrastructure.
Windows Server contains an incredible amount of technology, all wrapped up in one small installation disk. With Windows Server 2025, Microsoft has us thinking out of the box about what it means to be a server in the first place, and it comes with some exciting new capabilities, which we will spend time covering in these pages. Things such as PowerShell, containers, Windows Admin Center, software-defined storage, and software-defined networking are changing the way that we manage and size our computing environments; these are exciting times to be or to become a server administrator!
Your head in the clouds
The cloud. You’ve probably heard of it. In fact, you have likely heard it in many different contexts, some of which don’t make any sense at all. That is the power of a buzzword in the technical world; it often ends up misused and spoken of inappropriately. Those things aside, the idea of cloud infrastructure is an incredibly powerful one that anybody working in IT needs to understand.
A cloud fabric is one that revolves around virtual resources—virtual machines (VMs), virtual disks, and even virtual networks. Being “plugged into” the cloud typically enables things such as the ability to spin up new servers on a whim, or even the ability for particular services themselves to increase or decrease their needed resources automatically, based on utilization.
Think of a simple e-commerce website where a consumer can go to order goods. Perhaps 75% of the year, the company can operate this website on a single web server with limited resources, resulting in a fairly low cost of service. But the other 25% of the year, maybe around the holiday seasons, utilization ramps way up, requiring much more computing power. Prior to cloud mentality, this would mean that the company would need to size its environment to fit the maximum requirements all the time, in case it was ever needed. They would be paying for more servers and much more computing power than was needed for much of the year. With a cloud fabric, which gives the website the ability to increase or decrease the number of servers it has at its disposal as needed, the total cost of such a website or service can be drastically decreased. This is a major driving factor of the cloud in business today.
Public cloud
Most of the time, when your neighbor Suzzi Knowitall talks to you about the cloud, she is simply talking about the internet. Well, more accurately, she is talking about some service that she uses, which she connects to by using the internet. For example, Office 365, Google Drive, OneDrive, and Dropbox—these are all public cloud resources, as they store your data in the cloud. In reality, your data is just sitting on servers that you access via the internet, but you can’t see those servers, and you don’t have to administer and maintain those servers, which is why it feels like magic and is then referred to as the cloud.
To IT departments, the term cloud more often means one of the big three cloud hosting providers. Since this is a Microsoft-driven book, and since I truly feel this way anyway, Microsoft Azure is top-notch in this category. Azure itself is another topic for another book (or many other books), but it is a centralized cloud computing architecture that can host your data, your services, or even your entire network of servers.
Moving your datacenter to Azure enables you to stop worrying or caring about server hardware, replacing hard drives, and much more. Rather than purchasing servers, unboxing them, racking them, installing Windows on them, and then setting up the roles you want configured, you simply click a few buttons to spin up new virtual servers that can be resized at any time for growth. You then pay ongoing op-ex costs for these servers—monthly or annual fees for running systems in the cloud—rather than the big upfront cap-ex costs for server hardware.
Other cloud providers with similar capabilities are numerous, but the big three are Azure, Amazon (AWS), and Google. As far as enterprise is concerned, Azure simply takes the cake and eats it too. I’m not sure that the others will ever be able to catch up with all of the changes and updates that Microsoft constantly makes to the Azure infrastructure.
Private cloud
While
