Mastering Windows Server 2019, 3rd Edition
- Length: 673 pages
- Edition: 3
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2021-08-10
- ISBN-10: 1801078319
- ISBN-13: 9781801078313
- Sales Rank: #702971 (See Top 100 Books)
Enhance and secure your datacenter with Microsoft Windows Server 2019
Key Features
- Updated with four new chapters on Active Directory, DNS and DHCP, group policy, and troubleshooting
- Design and implement Microsoft Server 2019 in an enterprise environment
- Learn how to use Windows Server to create secure and efficient networks
Book Description
Windows Server 2019 has a lot to offer, with a variety of roles, features, toolsets, and server management interfaces that allow interaction with your servers from virtually anywhere in the world. This updated edition comes with four new chapters to provide you with the in-depth knowledge needed to implement and use this operating system in any environment.
Centralized management, monitoring, and configuration of servers are key to an efficient IT department. This book delves into multiple methods for quickly managing all your servers from a ‘single pane of glass’ ― the ability to monitor different servers across a network using Server Manager, Windows PowerShell, and even Windows Admin Center ― from anywhere. Despite the book being more focused on Windows Server 2019 LTSC, you will still explore containers and Nano Server, which are more related to the SAC of server releases. This additional coverage will give you insights into all aspects of using Windows Server 2019 in your environment.
This book covers a range of remote access technologies available in this operating system, teaches management of PKI and certificates, and empowers you to virtualize your datacenter with Hyper-V. You will also discover the tools and software included with Windows Server 2019 that assist in the inevitable troubleshooting of problems that crop up.
What you will learn
- Work with Server Core and Windows Admin Center
- Secure your network and data with modern technologies in Windows Server 2019
- Understand containers and understand when to use Nano Server
- Discover new ways to integrate your datacenter with Microsoft Azure
- Reinforce and secure your Windows Server
- Virtualize your datacenter with Hyper-V
- Explore Server Manager, PowerShell, and Windows Admin Center
- Centralize your information and services using Active Directory and Group Policy
Who This Book Is For
If you are a system administrator or an IT professional designing and deploying Windows Server 2019, this book is for you. Prior experience with Windows Server operating systems and familiarity with networking concepts is required.
Preface Who this book is for What this book covers To get the most out of this book Get in touch Getting Started with Windows Server 2019 The purpose of Windows Server It's getting cloudy out there The public cloud The private cloud Windows Server versions and licensing Standard versus Datacenter Three different interfaces Desktop Experience Server Core Nano Server – now only for containers Licensing models – SAC and LTSC Semi-Annual Channel (SAC) Long-Term Servicing Channel (LTSC) Overview of new and updated features The Windows 10 experience continued Hyper-Converged Infrastructure Windows Admin Center Windows Defender Advanced Threat Protection Banned passwords Soft restart Integration with Linux SAC releases are shrinking! Enhanced shielded virtual machines Azure Network Adapter Always On VPN System Insights Windows Server 2019 interface The updated Start menu The Quick Admin Tasks menu Using the Search function Pinning programs to the taskbar The power of right-clicking Using the newer Settings screen Two ways to do the same thing Creating a new user through Control Panel Creating a new user through the Settings menu Task Manager Task View Summary Questions Installing and Managing Windows Server 2019 Technical requirements Installing Windows Server 2019 Burning that ISO Creating a bootable USB stick Running the installer Installing roles and features Installing a role using the wizard Installing a feature using PowerShell Centralized management and monitoring Server Manager Remote Server Administration Tools (RSAT) Does this mean RDP is dead? Remote Desktop Connection Manager Windows Admin Center (WAC) Installing Windows Admin Center Launching Windows Admin Center Adding more servers to Windows Admin Center Managing a server with Windows Admin Center Changes are easy as pie Azure integrations Enabling quick server rollouts with Sysprep Installing Windows Server 2019 onto a new server Configuring customizations and updates onto your new server Running Sysprep to prepare and shut down your master server Creating your master image of the drive Building new servers using copies of the master image Summary Questions Active Directory What is a domain controller? Active Directory Domain Services Creating your first domain Prep your domain controller Install the AD DS role Configure the domain Trees, forests, and…domains? Multiple domain controllers for redundancy Active Directory Users and Computers User accounts Security groups Prestaging computer accounts Active Directory Domains and Trusts Building a trust Network connectivity Conditional DNS forwarding Configuring the trust Test it out! Active Directory Sites and Services Active Directory Administrative Center Dynamic Access Control Fine-Grained Password Policy Read-only domain controllers Group Policy Summary Questions DNS and DHCP The purpose of DNS Types of DNS records Host record (A or AAAA) Alias record – CNAME Mail Exchanger (MX) record TXT record SPF Record Enforcement rule -all Name Server (NS) record Public name server records ipconfig /flushdns Split-brain DNS Types of DNS zones Active Directory Integrated Zones Forward Lookup Zones Reverse Lookup Zones Primary Zone Secondary Zone Stub Zone Creating a new zone IP addressing with DHCP Creating a DHCP scope Scope Options DHCP reservations DHCP failover Two DHCP servers Hot standby mode Load sharing mode Configuring DHCP failover IPAM Summary Questions Group Policy Group Policy Object Group Policy background refresh cycle Building a GPO Adding Trusted Sites Mapping network drives Installing registry keys Scoping a GPO Links GPRESULT Continuing with the link Group Policy processing order Local Policy Site-level policies Domain-level policies OU-level policies Security Filtering WMI Filtering Item-level targeting Delegation Computer settings and user settings Computer Configuration User Configuration Linking GPOs accordingly Group Policy loopback processing Policy vs preference Policies Preferences Default Domain Policy Administrative Templates Implementing ADMX/ADML files Central Store Enable the Central Store Populate the Central Store Summary Questions Certificates in Windows Server 2019 Common certificate types User certificates Computer certificates SSL certificates Single-name certificates Multi-domain or subject alternative name certificates Wildcard certificates Planning your PKI Role services Enterprise versus Standalone Root versus subordinate (issuing) Naming your CA server Can I install the CA role onto a domain controller? Creating a new certificate template Issuing your new certificates Publishing the template Requesting a cert from MMC Requesting a certificate from the web interface Creating an auto-enrollment policy Obtaining a public-authority SSL certificate Public/private key pair Creating a certificate signing request Submitting the certificate request Downloading and installing your certificate Exporting and importing certificates Exporting from MMC Exporting from IIS Importing into a second server Summary Questions Networking with Windows Server 2019 Introduction to IPv6 Understanding IPv6 IP addresses Your networking toolbox ping tracert pathping Test-Connection Telnet Test-NetConnection Packet tracing with Wireshark TCPView Building a routing table Multi-homed servers Only one default gateway Building a route Adding a route with the Command Prompt Deleting a route Adding a route with PowerShell NIC Teaming Software-defined networking Hyper-V Network Virtualization Private clouds Hybrid clouds How does it work? System Center Virtual Machine Manager Network Controller Generic Routing Encapsulation Microsoft Azure Virtual Network RAS Gateway/SDN Gateway Virtual network encryption Bridging the gap to Azure Azure Network Adapter Summary Questions Remote Access Always On VPN Types of AOVPN tunnels User tunnels Device tunnels Device tunnel requirements AOVPN client requirements Domain-joined Rolling out the settings AOVPN server components Remote Access server Certification Authority (CA) Network Policy Server (NPS) DirectAccess The truth about DirectAccess and IPv6 Prerequisites for DirectAccess Domain-joined Supported client operating systems DirectAccess servers – one or two NICs? To NAT or not to NAT? Network Location Server Certificates used with DirectAccess Do not use the Getting Started Wizard (GSW)! Remote Access Management Console Configuration Dashboard Operations Status Remote Client Status Reporting Tasks DA, VPN, or AOVPN? Which is best? Domain-joined or not? Auto or manual launch Software versus built-in Password and login issues with traditional VPNs Port-restricted firewalls Manual disconnect Native load-balancing capabilities Distribution of client configurations Web Application Proxy WAP as AD FS Proxy Requirements for WAP Latest improvements to WAP Preauthentication for HTTP Basic HTTP to HTTPS redirection Client IP addresses forwarded to applications Publishing Remote Desktop Gateway Improved administrative console Summary Questions Hardening and Security Windows Defender Antivirus Installing Windows Defender Antivirus Exploring the user interface Disabling Windows Defender Antivirus What is ATP, anyway? Windows Defender ATP Exploit Guard Windows Defender Firewall – no laughing matter Three Windows Firewall administrative consoles Windows Defender Firewall (Control Panel) Firewall & network protection (Windows Security Settings) Windows Defender Firewall with Advanced Security (WFAS) Three different firewall profiles Building a new inbound firewall rule Creating a rule to allow pings (ICMP) Managing WFAS with Group Policy Encryption technologies BitLocker and the virtual TPM Shielded VMs Encrypted virtual networks Encrypting File System IPsec Configuring IPsec Azure AD Password Protection Fine-grained password policy Advanced Threat Analytics – end of support What is (was) ATA? Azure ATP General security best practices Getting rid of perpetual administrators Using distinct accounts for administrative access Using a different computer to accomplish administrative tasks Never browse the internet from servers Role-Based Access Control (RBAC) Just Enough Administration (JEA) Disable external RDP…NOW Summary Questions Server Core Why use Server Core? No more switching back and forth Interfacing with Server Core PowerShell Using cmdlets to manage IP addresses Setting the server hostname Joining your domain Remote PowerShell Server Manager Remote Server Administration Tools Accidentally closing Command Prompt Windows Admin Center for managing Server Core The Sconfig utility Roles available in Server Core Building a Server Core domain controller Install the AD DS role Promote this server to a domain controller Verify that it worked What happened to Nano Server? Summary Questions PowerShell Why move to PowerShell? Cmdlets PowerShell is the backbone Scripting Server Core Working within PowerShell Launching PowerShell Default execution policy Restricted AllSigned RemoteSigned Unrestricted Bypass mode Using the Tab key Useful cmdlets for daily tasks Query user or quser IP addressing cmdlets Using Get-Help Formatting the output Format-Table Format-List Using a pipeline Export to CSV Pipes can invoke action PowerShell Integrated Scripting Environment PS1 files Working with PowerShell ISE Remotely managing a server Preparing the remote server The WinRM service Enable-PSRemoting Allowing machines from other domains or workgroups Connecting to the remote server Using -ComputerName Using Enter-PSSession Desired State Configuration Summary Questions Redundancy in Windows Server 2019 Network Load Balancing (NLB) Not the same as round-robin DNS What roles can use NLB? Virtual and dedicated IP addresses NLB modes Unicast Multicast Multicast IGMP Configuring a load-balanced website Enabling NLB Enabling MAC address spoofing on VMs Configuring NLB Configuring IIS and DNS Testing it out Flushing the ARP cache Failover clustering Clustering Hyper-V hosts Virtual machine load balancing Clustering for file servers Scale-out file server Clustering tiers Application-layer clustering Host-layer clustering A combination of both How does failover work? Setting up a failover cluster Building the servers Installing the feature Running Failover Cluster Manager Running cluster validation Running the Create Cluster wizard Clustering improvements in Windows Server 2019 True two-node clusters with USB witnesses Higher security for clusters Multi-site clustering Cross-domain or workgroup clustering Migrating cross-domain clusters Cluster operating system rolling upgrades Virtual machine resiliency Storage Replica (SR) Configuring Storage Replica Initializing disks as GPT Testing preparedness for Storage Replica Configuring Storage Replica Shifting the primary server to FS02 Storage Spaces Direct (S2D) New in Server 2019 Summary Questions Containers and Nano Server Understanding application containers Sharing resources Isolation Scalability Containers and Nano Server Windows Server containers versus Hyper-V containers Windows Server containers Hyper-V containers Docker and Kubernetes Linux containers Docker Hub Docker Trusted Registry Kubernetes Working with containers Installing the role and feature Installing Docker for Windows Docker commands docker version docker info docker --help docker images docker search docker pull docker run docker ps -a Downloading a container image Running a container Summary Questions Hyper-V Designing and implementing your Hyper-V Server Installing the Hyper-V role Using virtual switches External virtual switch Internal virtual switch Private virtual switch Creating a new virtual switch Implementing a new virtual server Starting and connecting to the VM Installing the operating system Managing a virtual server Hyper-V Manager The Settings menu Checkpoints Configuring auto stop and start Expanding a virtual disk Hyper-V console, Remote Desktop Protocol (RDP), or PowerShell Windows Admin Center (WAC) Shielded VMs Encrypting VHDs Infrastructure requirements for shielded VMs Guarded hosts Host Guardian Service (HGS) Host attestations TPM-trusted attestations Host key attestations Admin-trusted attestation – deprecated in 2019 Integrating with Linux ReFS deduplication ReFS Data deduplication Why is this important to Hyper-V? Hyper-V Server 2019 Summary Questions Troubleshooting Windows Server 2019 Backup and Restore Schedule regular backups Restoring from Windows Restoring from the installer disk Task Manager Resource Monitor Performance Monitor Windows Firewall with Advanced Security System Insights Remote toolsets Event Logs Filtering event logs Exporting Windows event logs with PowerShell Common Event IDs MMC and MSC shortcuts Summary Questions Appendix: Answers to the end-of-chapter Questions Other Books You May Enjoy Index
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Mastering Windows Server 2019, 3rd Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.