Mastering Windows Server 2019电子书

Title Page

Copyright and Credits

Mastering Windows Server 2019 Second Edition

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Conventions used

Get in touch

Reviews

Getting Started with Windows Server 2019

The purpose of Windows Server

It's getting cloudy out there

Public cloud

Private cloud

Windows Server versions and licensing

Standard versus Datacenter

Desktop Experience/Server Core/Nano Server

Desktop Experience

Server Core

Nano Server

Licensing models - SAC and LTSC

Semi-Annual Channel (SAC)

Long-Term Servicing Channel (LTSC)

Overview of new and updated features

The Windows 10 experience continued

Hyper-Converged Infrastructure

Windows Admin Center

Windows Defender Advanced Threat Protection

Banned Passwords

Soft restart

Integration with Linux

Enhanced Shielded Virtual Machines

Azure Network Adapter

Always On VPN

Navigating the interface

The updated Start menu

The Quick Admin Tasks menu

Using the Search function

Pinning programs to the taskbar

The power of right-clicking

Using the newer Settings screen

Two ways to do the same thing

Creating a new user through Control Panel

Creating a new user through the Settings menu

Task Manager

Task View

Summary

Questions

Installing and Managing Windows Server 2019

Technical requirements

Installing Windows Server 2019

Burning that ISO

Creating a bootable USB stick

Running the installer

Installing roles and features

Installing a role using the wizard

Installing a feature using PowerShell

Centralized management and monitoring

Server Manager

Remote Server Administration Tools (RSAT)

Does this mean RDP is dead?

Remote Desktop Connection Manager

Windows Admin Center (WAC)

Installing Windows Admin Center

Launching Windows Admin Center

Adding more servers to Windows Admin Center

Managing a server with Windows Admin Center

Enabling quick server rollouts with Sysprep

Installing Windows Server 2019 onto a new server

Configuring customizations and updates onto your new server

Running Sysprep to prepare and shut down your master server

Creating your master image of the drive

Building new servers using copies of the master image

Summary

Questions

Core Infrastructure Services

What is a Domain Controller?

Active Directory Domain Services

Using AD DS to organize your network

Active Directory Users and Computers

User accounts

Security Groups

Prestaging computer accounts

Active Directory Domains and Trusts

Active Directory Sites and Services

Active Directory Administrative Center

Dynamic Access Control

Read-Only Domain Controllers (RODC)

The power of Group Policy

The Default Domain Policy

Creating and linking a new GPO

Filtering GPOs to particular devices

Domain Name System (DNS)

Different kinds of DNS records

Host record (A or AAAA)

ALIAS record - CNAME

Mail Exchanger record (MX)

Name Server (NS) record

ipconfig /flushdns

DHCP versus static addressing

The DHCP scope

DHCP reservations

Back up and restore

Schedule regular backups

Restoring from Windows

Restoring from the installer disc

MMC and MSC shortcuts

Summary

Questions

Certificates in Windows Server 2019

Common certificate types

User certificates

Computer certificates

SSL certificates

Single-name certificates

Subject Alternative Name certificates

Wildcard certificates

Planning your PKI

Role services

Enterprise versus Standalone

Root versus Subordinate (issuing)

Naming your CA server

Can I install the CA role onto a domain controller?

Creating a new certificate template

Issuing your new certificates

Publishing the template

Requesting a cert from MMC

Requesting a cert from the Web interface

Creating an auto-enrollment policy

Obtaining a public-authority SSL certificate

Public/private key pair

Creating a Certificate Signing Request

Submitting the certificate request

Downloading and installing your certificate

Exporting and importing certificates

Exporting from MMC

Exporting from IIS

Importing into a second server

Summary

Questions

Networking with Windows Server 2019

Introduction to IPv6

Understanding IPv6 IP addresses

Your networking toolbox

ping

tracert

pathping

Test-Connection

telnet

Test-NetConnection

Packet tracing with Wireshark or Message Analyzer

TCPView

Building a routing table

Multi-homed servers

Only one default gateway

Building a route

Adding a route with the Command Prompt

Deleting a route

Adding a route with PowerShell

NIC Teaming

Software-defined networking

Hyper-V Network Virtualization

Private clouds

Hybrid clouds

How does it work?

System Center Virtual Machine Manager

Network controller

Generic Routing Encapsulation

Microsoft Azure Virtual Network

Windows Server Gateway/SDN Gateway

Virtual network encryption

Bridging the gap to Azure

Azure Network Adapter

Summary

Questions

Enabling Your Mobile Workforce

Always On VPN

Types of AOVPN tunnel

User Tunnels

Device Tunnels

Device Tunnel requirements

AOVPN client requirements

Domain-joined

Rolling out the settings

AOVPN server components

Remote Access Server

IKEv2

SSTP

L2TP

PPTP

Certification Authority (CA)

Network Policy Server (NPS)

DirectAccess

The truth about DirectAccess and IPv6

Prerequisites for DirectAccess

Domain-joined

Supported client operating systems

DirectAccess servers get one or two NICs

Single NIC Mode

Dual NICs

More than two NICs

To NAT or not to NAT?

6to4

Teredo

IP-HTTPS

Installing on the true edge – on the internet

Installing behind a NAT

Network Location Server

Certificates used with DirectAccess

SSL certificate on the NLS web server

SSL certificate on the DirectAccess server

Machine certificates on the DA server and all DA clients

Do not use the Getting Started Wizard (GSW)!

Remote Access Management Console

Configuration

Dashboard

Operations Status

Remote Client Status

Reporting

Tasks

DA, VPN, or AOVPN? Which is best?

Domain-joined or not?

Auto or manual launch

Software versus built-in

Password and login issues with traditional VPNs

Port-restricted firewalls

Manual disconnect

Native load-balancing capabilities

Distribution of client configurations

Web Application Proxy

WAP as AD FS Proxy

Requirements for WAP

Latest improvements to WAP

Preauthentication for HTTP Basic

HTTP to HTTPS redirection

Client IP addresses forwarded to applications

Publishing Remote Desktop Gateway

Improved administrative console

Summary

Questions

Hardening and Security

Windows Defender Advanced Threat Protection

Installing Windows Defender AV

Exploring the user interface

Disabling Windows Defender

What is ATP, anyway?

Windows Defender ATP Exploit Guard

Windows Defender Firewall – no laughing matter

Three Windows Firewall administrative consoles

Windows Defender Firewall (Control Panel)

Firewall & network protection (Windows Security Settings)

Windows Defender Firewall with Advanced Security (WFAS)

Three different firewall profiles

Building a new inbound firewall rule

Creating a rule to allow pings (ICMP)

Managing WFAS with Group Policy

Encryption technologies

BitLocker and the virtual TPM

Shielded VMs

Encrypted virtual networks

Encrypting File System

IPsec

Configuring IPsec

Server policy

Secure Server policy

Client policy

IPsec Security Policy snap-in

Using WFAS instead

Banned passwords

Advanced Threat Analytics

General security best practices

Getting rid of perpetual administrators

Using distinct accounts for administrative access

Using a different computer to accomplish administrative tasks

Never browse the internet from servers

Role-Based Access Control (RBAC)

Just Enough Administration (JEA)

Summary

Questions

Server Core

Why use Server Core?

No more switching back and forth

Interfacing with Server Core

PowerShell

Using cmdlets to manage IP addresses

Setting the server hostname

Joining your domain

Remote PowerShell

Server Manager

Remote Server Administration Tools

Accidentally closing Command Prompt

Windows Admin Center for managing Server Core

The Sconfig utility

Roles available in Server Core

What happened to Nano Server?

Summary

Questions

Redundancy in Windows Server 2019

Network Load Balancing (NLB)

Not the same as round-robin DNS

What roles can use NLB?

Virtual and dedicated IP addresses

NLB modes

Unicast

Multicast

Multicast IGMP

Configuring a load-balanced website

Enabling NLB

Enabling MAC address spoofing on VMs

Configuring NLB

Configuring IIS and DNS

Testing it out

Flushing the ARP cache

Failover clustering

Clustering Hyper-V hosts

Virtual machine load balancing

Clustering for file services

Scale-out file server

Clustering tiers

Application-layer clustering

Host-layer clustering

A combination of both

How does failover work?

Setting up a failover cluster

Building the servers

Installing the feature

Running the failover cluster manager

Running cluster validation

Running the Create Cluster wizard

Recent clustering improvements in Windows Server

True two-node clusters with USB witnesses

Higher security for clusters

Multi-site clustering

Cross-domain or workgroup clustering

Migrating cross-domain clusters

Cluster operating-system rolling upgrades

Virtual machine resiliency

Storage Replica (SR)

Storage Spaces Direct (S2D)

New in Server 2019

Summary

Questions

PowerShell

Why move to PowerShell?

Cmdlets

PowerShell is the backbone

Scripting

Server Core

Working within PowerShell

Launching PowerShell

Default Execution Policy

Restricted

AllSigned

RemoteSigned

Unrestricted

The Bypass mode

Using the Tab key

Useful cmdlets for daily tasks

Using Get-Help

Formatting the output

Format-Table

Format-List

PowerShell Integrated Scripting Environment

PS1 files

PowerShell Integrated Scripting Environment

Remotely managing a server

Preparing the remote server

The WinRM service

Enable-PSRemoting

Allowing machines from other domains or workgroups

Connecting to the remote server

Using -ComputerName

Using Enter-PSSession

Desired State Configuration

Summary

Questions

Containers and Nano Server

Understanding application containers

Sharing resources

Isolation

Scalability

Containers and Nano Server

Windows Server containers versus Hyper-V containers

Windows Server Containers

Hyper-V Containers

Docker and Kubernetes

Linux containers

Docker Hub

Docker Trusted Registry

Kubernetes

Working with containers

Installing the role and feature

Installing Docker for Windows

Docker commands

docker --help

docker images

docker search

docker pull

docker run

docker ps -a

docker info

Downloading a container image

Running a container

Summary

Questions

Virtualizing Your Data Center with Hyper-V

Designing and implementing your Hyper-V Server

Installing the Hyper-V role

Using virtual switches

The external virtual switch

The internal virtual switch

The private virtual switch

Creating a new virtual switch

Implementing a new virtual server

Starting and connecting to the VM

Installing the operating system

Managing a virtual server

Hyper-V Manager

The Settings menu

Checkpoints

Hyper-V Console, Remote Desktop Protocol (RDP), or PowerShell

Windows Admin Center (WAC)

Shielded VMs

Encrypting VHDs

Infrastructure requirements for shielded VMs

Guarded hosts

Host Guardian Service (HGS)

Host attestations

TPM-trusted attestations

Host key attestations

Admin-trusted attestation – deprecated in 2019

Integrating with Linux

ReFS deduplication

ReFS

Data deduplication

Why is this important to Hyper-V?

Hyper-V Server 2019

Summary

Questions

Assessments

Chapter 1: Getting Started with Windows Server 2019

Chapter 2: Installing and Managing Windows Server 2019

Chapter 3: Core Infrastructure Services

Chapter 4: Certificates in Windows Server 2019

Chapter 5: Networking with Windows Server 2019

Chapter 6: Enabling Your Mobile Workforce

Chapter 7: Hardening and Security

Chapter 8: Server Core

Chapter 9: Redundancy in Windows Server 2019

Chapter 10: PowerShell

Chapter 11: Containers and Nano Server

Chapter 12: Virtualizing Your Data Center with Hyper-V

Another Book You May Enjoy

Leave a review - let other readers know what you think