· 6 years ago · Feb 28, 2020, 06:10 AM
1Stop at 226 or finish chap 1 at 240
24 sessions a day, and you gotta finish 55 pages each time for 3 days.
3Get to 322 today
4And check out the questions at the end of Chap 1.
5813 is the end.
6- Chapter 1: Installing Windows Server 2016
7*Key Topics
8+ Install, upgrade, and migrate servers and workloads
9++ WS16 (Windows Server 2016) install req
10++ Correct WS16 editions per workloads
11++ Install WS16
12++ Install WS16 features and roles
13++ install and configure WS Core
14++ Manage WS Core installs w/ Windows PowerShell,Commands Line, and remote management capabilities
15++ Implement Windows Powershell Desired State Configs (DSC) to install and maintain integrity of installed environments
16++ Preform upgrades and migrations of servers and core workloads from previous versions of WS
17++ Determine the appropriate activation model for server installation such as Automatic Virtual Machine Activation (AVMA), Key Management Server (KMS), and Active Directory-based Activation.
18
19+ Install and configure Nano Server
20++ Determine appropriate usage scenario and req for Nano Server
21++ Install Nano Server
22++ Implement Roles and Features on Nano Server
23
24
25*Start
26+ Features and Adventages of WS16
27WS16 = "The cloud-ready operating system."
28Many of WS16 features are built and evolve around cloud based software and networking.
29++ Built-in security
30 - Built in breach resistance.
31This feature helps stop attackers on your system and allows a company to meet *compliance requirements.
32
33Regulatory compliance
34- An organization's adherence to laws, regulations, guidelines and specifications relevant to its business processes. Violations of regulatory compliance regulations often result in legal punishment including federal fines.
35
36++ Active Directory Certificate Services
37- Provides a customizable set of services that allow you to assign and manage public key infrastruction (PKI) certificates.
38Certificates can be used in software security systems that employ public key technologies.
39
40Certificates
41- A certificate contains a public key. The certificate, in addition to containing the public key, contains additional information such as issuer, what the certificate is supposed to be used for, and other types of metadata. Typically, a certificate is itself signed by a certificate authority (CA) using CA's private key.
42
43++ Active Directory Domain Services (AD DS)
44- New features that allow you to deploy domain controllers easier and implement them faster.
45- Makes domain controllers more flexible, both to audit and to authorize for file access.
46Designed to make preforming administrative tasks easier.
47
48Active Directory (AD)
49- Microsoft product that consists of several services that run on Windows Server to manage permissions and access to networked resources. Active Directory stores data as objects. An object is a single element, such as a user, group, application or device, such as a printer.
50
51Domain Controller (DC)
52- A domain controller is a server that responds to authentication requests and verifies users on computer networks. Domains are a hierarchical way of organizing users and computers that work together on the same network. The domain controller (DC) is the box that holds the keys to the kingdom- Active Directory (AD).
53
54++ Active Directory Rights Managment Services (AD RMS)
55- Provides management and dev tools that allow work with industty security tech, including encryption, certificates, and authentification.
56Allows for reliable info protection solutions.
57
58++ BitLocker
59- Allows you to encrypt the hard drives of your computer.
60Enhaces protection against data theft or unauthorized exposure of data. This applies to removable drives that are lost or stolen.
61
62++ BranchCache
63- Allows data from files and web server on a Wide Area Network (WAN) to be cached on computers at a local branch office.
64Improve application response times while reducing WAN traffic.
65Cached data can be either distributed across peer client computers (Distributed cache mode) or centrally hosted on a server (hosted cache mode).
66
67Cache
68- Data stashed on a device to assist in processes in an app or website.
69
70++ Containers
71- WS16 started focusing on an isolated operating system environment called Dockers.
72- Dockers allow apps to run in isolated environments called containers.
73Containers are separate location where apps can operate w/o affecting other apps or other operating system resources.
74+++ Two kinds of containers:
751 Windows Server Containers
76Allows for isolated apps to run by using process and namespace isolation.
77WS16 allow apps to share the system's kernel with their container and all other containers running on the same host.
782 Hyper-V Containers
79Adds another virtual layer by isolating applications in their own optimized virtual machine.
80Doesn't share the home system's kernel.
81
82++ Credential Guard
83- Helps protect a system's credentials which helps avoid pass the hash attacks.
84Provides better protection against advanced persistent threats by protecting credentials on the system from being stolen by a compromised admin or malware.
85Can be enabled on Remote Desktop Services servers and Virtual Desktop Infrastructure so that the credentials for users connection to their sessions are protected.
86
87Pass the Hash
88- A pass the hash attack is an expoit in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick an authentication system into creating a new authenticated session on the same network.
89
90Hashing
91- When a password has been “hashed” it means it has been turned into a scrambled representation of itself. A user’s password is taken and – using a key known to the site – the hash value is derived from the combination of both the password and the key, using a set algorithm.
92
93++ DHCP (Dynamic Host Configuration Protocol)
94- Internet standard that allows for orgs to reduce admin overhead of configuring hosts on a TCP/IP-based network.
95Some of the features are DHCP failover (Backup servers?), policy-based assignment (Policies are like rules and regulations for connection/getting access), the ability to use Windows PowerShell for DHCP.
96
97TCP/IP
98- The Internet works by using a protocol called TCP/IP, or Transmission Control Protocol/Internet Protocol. ... In base terms, TCP/IP allows one computer to talk to another computer via the Internet through compiling packets of data and sending them to right location.
99
100++ DNS (Domain Name System)
101- Used in TCP/IP networks. DNS will convert a computer name or fully qualified domain name (FQDN) to an IP address.
102DNS also has the ability to do a reverse lookup and convert an IP address to a computer name. This allows you to locate computers and services through user-friendly names.
103
104++Failover Clustering
105- Gives an org the ability to provide high availability and scalability to networked servers. Failover clusters can include file share storage for server applications, such as Hyper-V and Microsoft SQL Server, and those that run on physical servers or VM's.
106
107++ File Server Resource Manager
108- Set of tools that allows admins to manage and control the amount and type of data stored on servers.
109Using this admins can set up file management tasks, quota management, get detailed reports, and set up a file classification infrastructre. ALso can configure file-screening managment.
110
111++ Group Policy Objects
112- Set of rules and management config options that you can control through the group Policy Settings.
113Can be places on user computers to change their configs.
114
115Group Policy
116- Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.
117
118++ Hyper-V
119- Allows for servers to be strengthened by creating and managing a virtualized computing environment.
120Allows for multiple operating systems to be run on one physical computer. Each virtual OS runs it's own VM environment.
121- Shielded VM: Encrypted using BitLocker, and needs authorization to run on other host systems.
122
123Kerberos -
124is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
125
126Network nodes -
127The physical pieces that make up a network. They usually include any device that both receives and then communicates information. But they might receive and store the data, relay the information elsewhere, or create and send data instead.
128I.e. bridges, switches, hubs, and modems to other computers, printers, and servers.
129
130Security Support Provider Interface (SSPI)
131- is a Win32 API used by Microsoft Windows systems to perform a variety of security-related operations such as authentication
132
133API (Application Programming Interface)
134- A software intermediary that allows two applications to talk to each other. In other words, an API is the messenger that delivers your request to the provider that you're requesting it from and then delivers the response back to you.
135
136KMS (Key Management Service)
137- is one of the methods to activate Microsoft Windows and Microsoft Office. Activation ensures that the software is obtained from and licensed by Microsoft. KMS is used by volume license customers, usually medium to large businesses, schools, and non-profits.
138
139PowerShell
140- task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language.
141
142Difference between VMware and Hyper-V
143- Vmware supports Dynamic Memory Support for all types of Operating Systems whereas Hyper-V supports only for Windows. Referring to scalability Vmware support's only 160 logic processors but Hyper-V supports 320 logical processors.
144
145Difference between PowerShell and CMD
146- PowerShell is a more advanced version of the cmd used to run external programs like ping or copy and automate many different system administration tasks which are not accessible from cmd.exe. It's quite similar to cmd except it's more powerful and uses different commands altogether.
147
148++ IPAM (IP Address Managment)
149- Allows an admin to customize and monitor the IP address infrastruction on a corporate network.
150
151++ Kerberos Authentification
152- Password-based and public key auth. The Kerberos client is installed as a security support provider (SSP), can be accessed through it's interface.
153
154++ Managed Service Accounts (gMSAs)
155- Configured accounts that allow auto pass management and Service Principle Names (SPNs) managment. Includes the ability to delegate management to other admins.
156Service accounts are accounts that an admin creates to be used to start a service.
157Managed service accounts are accounts created by PowerShell, and then AD manages the account such as changing the password.
158
159++ Nano Server
160- Allows an admin to remotely admin the server OS. Made for private clouds and datacenters.
161Similar to Server Core. Uses less hard drive space, has no local logon capability, and only supports 64x apps and tools.
162
163Server Core
164- a way to run Windows Server with a limited set of features and with support for only certain server roles.`
165
166++ Nested Virtualization
167- New Hyper-V feature, allows admins to create VM's in VM's.
168
169++ Networking Technologies
170- BranchCache,Data Center Bridging (DCB), NIC Teaming, and more.
171
172++ PowerShell Direct
173- Powerful set of parameters for the PSSession cmdlet called VMName.
174
175PSSession
176- PSSession cmdlet creates a PowerShell session (PSSession) on a local or remote computer. When you create a PSSession, PowerShell establishes a persistent connection to the remote computer.
177
178++ Remote Desktop Services
179- Allows users to connect to virtual desktops, RemoteApp programs, and session-based desktops. Using Remote Desktop Services allow users to access remote connections from within a corporate network or from the internet.
180
181++ Security Auditing
182- Allows you to verify authorized or unauthorized access to machines, resources, apps, and services. Best advantage is to verify regulatory compliance.
183
184++ Smart Cards
185- Using two factor or PINs is reliable and cost-effective way to provide auth.
186
187++ TLS/SSL (Schannel SSP)
188- Schannel is a security support provider (SSP) that uses the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) together.
189
190++ Windows Deployment Services
191- Allows admins to install windows OS remotely.
192
193++ Windows PowerShell Desired State Config
194- Enables the deploying and managing of configuration data for software services and it also helps manage the environment in which the services run. Allows for language extensions along with new Windows PowerShell cmdlets, and resources. DSC allows you to declaratively specify how a corporation wants their software environment to be configures and maintained. DSC allows you to automate tasks like enabling or disabling server roles and features, manage registry settings, management files and directories, manage groups and users, deploy software, and run PowerShell scripts to just name a few.
195
196++ Windows Server Backup Feature
197- It's a backup, you know this.
198
199+ WS16 Installation
200
201++Important questions to ask beforehand:
2021 What type of server do I need?
2032 Will the server be a domain controller?
2043 What roles do I need to install on this server?
205
206+Server Roles in WS16
207
208++ Don't underuse or overuse a server. Find a happy medium.
209- For example, a domain controller, considering they're not very busy all day long. They have tasks to preform all day, but these aren't heavy on machine usage in comparison to an SQL server machine or an Exchange Mail server. Monitoring servers is important to measure usage.
210If a DC (Domain Controller) is hosted on a VM and has no other applications aside from DNS obviously, then it most likely is fine. But if servers are limited, consider putting other apps and services alongside it if the server can handle it. However, some apps work better on member servers rather than DCs.
211
212Member server
213- Just another server managed by the DC.
214
215*List of roles:
216
217++Active Directory Certificate Services (AD CS)
218- Allows you to build a PKI and provide public key cryptography, digital certificates, and digital signature capabilities for your org.
219--Feature: Provides a customizable set of services that allows you to issue and manage PKI certs.
220--Role: Allows you to build PKI and provide public key ryptography, digital certificates, and digital signature capabilities for your org.
221
222++ AD Domain Services
223- The server role allows you to create a scalable, secure, and manageable infrastructure for user and resourse management. Provides support for directory-enabled apps such as Microsoft Exchange Server.
224
225Microsoft Exchange Server
226- Just a mail server and calander server.
227
228++ AD Federation services (AD FS)
229- Provides internet-based clients with a secure identity access solution that works on both Windows and non-Windows OS. Gives ability for single sign-on and access apps on other networks w/o needing a secondary pass.
230
231++ AD Lightweight Directory Services (AD LDS)
232- is a Lightweight Directory Access Protocol (LDAP)
233Provides flexible support for directory-enabled apps w/o dependencies and domain related restrction of AD DS.
234
235++ AD Rights Managment Services (AD RMS)
236- Server role that provides you w/ management and development tools that work with industry security tech including encryption, certs, and auth to protect.
237
238++ Device Health Attestation
239- Verifies clients to follow corporate policy.
240EX: Can check for updates, antivirus, and proper config policies before connection to the network.
241
242++ DHCP
243- Reduced administrative overhead of config hots on a TCP/IP-based network. Some features included are DHCP Failover, Policy-based assignments, and the ability to use Windows Powershell for the DHCP server.
244
245++ DNS (Domain Name Services)
246- Used in TCP/IP networks, DNS will convert a computer name or fully qualified domain name (FQDN) to an IP address. Has the ability to do reverse lookup to convert an IP address to a computer name. Allows you to locate computers.
247
248++ Fax Server
249- Allows for the sending and recieving of faxes. Allows you to manage fax resources such as jobs, settings, reports, and fax devices on a specific computer or network.
250
251++ File and Storage Services
252- Allows an adsmin to set up and manage on or more file servers.
253Provides a central location on your network where you can store and share files w/ network users. Good for when mutliple people need access to the same file.
254
255++ Host Guardian Service (HGS)
256- Allows you to have a more secure environment for your networks VM's. This role provides the Attestation and Key Prot services that enable Guarded hosts to run Shielded VMs.
257
258++ Hyper-V
259- Allows admins to create and manage a virtualized environment. When Hyper-V is installed, all required virtualization componenets are installed.
260Components include: Windows HyperVisor, VM management service, virtualization WMI provider, VMbus, Virtualization services provider (VSP), and virtual infrastructure driver (VID).
261
262++ Multipoint Services
263- Allows multiple users to share on computer.
264
265++ Network Controller
266- Allows for configuration, monitoring, and diagnostics of virtual networks, physical networks, network services, network topology, address management, and so on within datacenter.
267
268++ Network Policy and Access Services
269- A roll to install and configure NPS (Network Policy Server) which safeguard the security of your network.
270
271NPS
272- used to manage network access across your network.
273
274++ Print and Document Services
275- Allows an admin to centralize print server and network printer tasks. This role also allows you to recieved scanned docs from the network scanners and route them to a network resource, Windows Sharepoint Services Site, or email. Also allows for faxing and managing faxing.
276
277++ Remote Access
278- Provides connectivity through DirectAccess, VPN, and web app proxies.
279Direct access provides a 24/7 monitoring experience.
280VPN allows for site-to-site connectivity.
281Web app proxies enable web-based apps from your corp net to client devices outside of the corp net. Allows for routing such as Net Address Translation (NAT)
282
283++ Remote Desktop Services
284- Allows for faster desktop and app deployments to all devices. Allows for a virtual desktop infrastructure (VDI) and session-based desktops, allowing users to connect from anywhere.
285
286++ Volume Activation Services
287- Allows you to deploy and manage volume licenses for a medium to large amount of computers.
288
289Volume licensing
290- Allows you to activate multiple keys all at once accross an array of computers.
291
292++ Web Server (IIS)
293- A role that allows admins to set a easily manageable, modular, extensible platform for reliably hosting websites, services, and apps.
294
295++ Windows Deployment Servies
296- Allows an admin to install Windows OS over a network.
297
298++ Windows Server Essentials Experience
299- Allows for the setup of the IT Infrastructure, provides powerful fuctions like PC Backups. Allows you to easily connect to cloud-based apps and services.
300
301++ Windows Server Update Services (WSUS)
302- Allows for admins to deploy apps and OS sys updates.
303
304+ Migrating Roles and features to WS16
305- You can migrate roles and features from a previous windows server.
306- Allows for migration between physical and virtual environments
307- To work, must be installed on source and destination computers.
308
309Stages to migrate:
3101 Install Windows Server Migration Tools on destination servers.
3112 Creating deployment folders on destination servers for copying
3123 Copying Deployment folders from destination servers to source servers
3134 Registering Windows Server Migration Tools on source servers.
314
315Must have admin on both servers.
316Can use Add Roles or Features Wizard or PowerShell deployment CMDlets for server manager.
317
318To install WS Migration Tools on a Server Core:
3191 Open PowerShell in CMD by typing
320powershell.exe
321and press enter.
3222 In the powershell session, using the Windows Powershell Install -WindowsFeature cmdlet, type
323Install -Windows Feature Migration -ComputerName computer_name
324
325+ Deciding Which Windows Server 2016 Version to use
326New ones are always being released, there are 6 in the book.
327
328Versions:
329
330WS16 Datacenter
331- Designed for orgs that want to migrate a highly virtualized, private cloud environment. WS16 DC has full WS functionality with UNLIMITED virtual instances.
332
333WS16 Standard
334- Designed for orgs with physical or minimally virtualized environments. Full functionality with two virtual instances.
335
336Windows Server 2016 Essentials
337- Ideal for small businesses that have as many as 25 users and 50 devices. Simple interface and preconfigured connectivity to cloud-based services with no virtualization rights.
338
339Windows Hyper-V Server 2016
340- Stand alone version that has the Windows Hypervisor, Windows Server Driver Model, and other virtualization components only. Allows for simple virtualization solution with allows you to reduce costs.
341
342Hypervisor
343- A software, firmware, or hardware that creates and runs VMs
344
345Windows Storage Server 2016
346- Not open for sale for the general public. Only available as an integrated hardware offering or as a available field upgrade from your hardware manufacturer. Fully supoorts upgrades from previous versions.
347
348Windows Multipoint Premium 2016 Server
349- Stand-Alone windows product designed for environments that have multiple users on the same machine. The same has WS16 w/ multipoints services installed.
350
351+ Ways to install Windows Server 2016
3521 Upgrade WS12 or WS12 R2 to WS16
3532 Clean install.
354
355If upgrading, follow the table in the folder.
356
357+ Types of installs for WS16
358
359WS16 (Desktop Experience)
360- Most common, uses Microsoft Management Console (MMC) allows for the use of a mouse during installation.
361
362WS16 Server Core
363- Bare bones installation.
364
365WS16 Nano Server
366- Allows for admin to remotely administer the server OS. Designed and optimized for private clouds and datacenters. Similar to server core, only difference being that Nano Servers use a super small amount of hard drive space. Has no local logon capability, and only supports 64-but apps and tools.
367
368+ What server core supports role wise:
369AD Certificate Services
370AD Domain Services
371AD Federation Services
372AD Lightweight Directory Services
373AD Directory Rights Managment Services
374DHCP Server
375DNS Server
376Fax Server
377File and Storage Services
378
379BITS Server
380- facilitates asynchronous, prioritized, and throttled transfer of files between machines using idle network bandwidth. It also plays a role in the download of files from a peer.
381
382BranchCache
383Hyper-V
384Network Policy and Access Services
385Print and Document Services
386Remote Access
387Remote Desktop Services
388Volume Activation Services
389
390Web Server (IIS)*
391- runs on Windows systems to serve requested HTML pages or files.
392
393Windows Deployment Services
394Windows Server Update Services
395.NET Framework 3.5 Features*
396.NET Framework 4.6 Features*
397
398.NET Framework
399- . NET Framework is a software development framework for building and running applications on Windows
400
401Streaming Media Services
402Failover Clustering
403
404iSCSI (Internet Small Computer Systems Interface)
405- iSCSI is a transport layer protocol that works on top of the Transport Control Protocol (TCP). It enables block-level SCSI data transport between the iSCSI initiator and the storage target over TCP/IP networks.
406
407Network Load Balancing
408- The Network Load Balancing (NLB) feature distributes traffic across several servers by using the TCP/IP networking protocol.
409
410MPIO
411- A Microsoft framework designed to mitigate the effects of a host bus adapter (HBA) failure by providing an alternate data path between storage devices and a Windows operating system.
412
413Host Bus Adapter (HBA)
414- A circuit board and/or integrated circuit adapter that provides input/output (I/O) processing and physical connectivity between a host system, or server, and a storage and/or network device.
415
416qWave
417- A networking platform for audio video streaming applications
418
419Telnet Server/Client*
420
421Telnet
422- A protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network
423
424Windows Server Migration Tools
425Windows PowerShell 4.0
426
427Server Core doens't have a normal Windows interface or GUI. Everything is mostly configured via command line or Remote Server Admin Tools from a full version of WS16.
428Benefits:
429Reduced Management
430- Since Server Core has a minimum num of apps installed, it reduces management effort.
431Minimal Maintenance
432- Only basic systems can be installed, reduces keepup.
433Smaller Footprint
434- Only required 1GB of disk space and 2GB of free space for operations
435Tigher Security
436- w/ only a few apps, less vulnerable to attacks.
437All you need for Server Core is a WS16 instal media, product key, and hardware to put it on.
438After you install the base OS, use PowerShell or Remote Admin tools to configure network settings, add the machine to the domain, create and format disks, and install roles and features.
439
440Example:
441Hospital with no computer rooms. Use Server Core since it has no GUI and it's a slimmed down version of Windows. Makes it harder to hack into locally. Use a domain controller called "Read-only domain controller." This wouild make it safter to put it on someone's desk or in less secure places.
442
443+ Nic Teaming
444- Also known as load balancing and failover (LBFO) gives an admin the abilkity to allow multiple network adapters on a system to be placed into a team.
445
446Difference between a network adapter and a NIC?
447- Technically, a NIC is a physical card that connects to an expansion slot in a computer. While the terms "NIC" and "network adapter" are often used synonymously, a NIC is a type of network adapter while a network adapter is not necessarily a NIC.
448
449Network adapter
450- A network adapter is the component of a computer's internal hardware that is used for communicating over a network with another computer.
451
452Only requirement for NIC teaming is having a Ethernet Adapter. For fault protection, have two instead of one. WS16 can set up 32 Network Adapters in a NIC team.
453
454Super common in Hyper-V since it allows for load balancing.
455NIC teaming allows for a VM to use a virtual network adapter in Hyper-V. Benefit of NIC teaming in Hyper-V is the ability to connect more than one Hyper-V switch. Allows Hyper-V to maaintain connectivity even if the network adapter under the Hyper-V gets disconnected.
456Can be configures in Server Manager or PowerShell
457
458Installing process for WS16 Standard:
459Book shows WS16 Datacenter (Desktop experience), but you can use standard. The next one is for a server core, and then a nano server.
460
4611 Insert DVD or select from the digital list of ones.
462WS16 Standard
4632 First screen is Language, Time, and keyboard settings.
4643 The next screen press install now
4654 Depending what version of WS16, it might ask for a product key.
4665 Select the OS you want, in our case it would be WS16 Standard (Desktop experience) Refer to picture in folder.
4676 Liscense terms, agree and check the box, then next.
4687 What kinda install, go for custom.
4698 Choose where to install windows, if it's already formatted with NTFS then click the drive and go. If not, choose the new link and create a partition. Click the format link, once it's done, choose that and click next.
4709 Then it'll install and reboot mid session.
47110 Once done, it'll ask for admin password, choose wisely, something complex. Then finish.
47211 Login with admin pass, set up the admin acc.
47312 Server Manager Dashboard automatically appears. You're done.
47413 CLose Server Manager.
475
476Installing WS16 using server core:
477
4781 Insert DVD or choose from digital list.
4792 Configure time, language, and keyboard.
4803 Install now.
4814 Might be asked for a key.
4825 Select what you want without the desktop experience.
4836 Agree to the terms and liscensing
4847 Choose custom install
4858 Choose where to install it and weird formatting thing.
4869 Begins install, will reboot.
48710 Admin pass stuff.
48811 Screen tells you the pass is changed, hit enter.
48912 Auto logs in. CMD will appear. Server core is done. type
490Shutdown /s /t o
491to shutdown.
492
493Nano server:
494Nano server has an even smaller install, no gui or local logon. Only allows 64-bit apps and utilities. Great for DNS servers, ISS server, app server for cloud based operations, or even on a storage machine.
495Cannot be a domain controller. Group policy objects (Rules that you can put on machines or users.) aren't supported. Cannot be configured to use Sys Center Config Manager, Sys Center Data Prot Manager, NIC teaming, or as a proxy server. Only supports Current Branch for Business.
496Super easy way to make a Nano Server virtual hard drive (VHD) is to use a Nano Server Image Builder, lets yoou easily create one and boot up a server with or in use in Hyper-V.
497
498Steps:
4991 Get the Nano Server Image Builder
5002 NanoServerImageBuilder.msi is in there, run it.
5013 Wizard begins, click next at the intro screen.
5024 Accept terms and stuff
5035 Choose a directory
5046 Press install
5057 Finish
5068 Open windows explorer and find the directory you chose. Click the NanoServerImageBuilder.exe and run it.
5079 For this to work you're gonna need the Windows ADK kit. Download it from the microsoft dev website.
50810 Save it to the same folder and run the adksetup.exe.
50911 Specify where you want the ADK files and install
51012 At the windows kit Piracy screen, just say no, don't send feedback.
51113 Agree to terms.
51214 At features accept the defaults and click install.
51315 Close it when it's done.
51416 Run the NanoServerImageBuilder.exe
51517 Now we can make a Nano Server image or a bootable USB, they're making an image, choose the top choice of, "Create a new Nano Server Image"
51618 At the before you being screen click next.
51719 At installation media, point the folder to your WS16 installation files where the NanoServer Folder resisdes, then next.
51820 Agree to terms
51921 At deployment screen, make a new VM and name it whatever.vhd change the configs as needed for storage. Place the VHD in the WS16 Nano Server folder then next. Refer to image in folder if needed.
52022 At the basic installation click next.
52123 At the slect optional packages you can choose to install stuff like DNS IIS and whatever.
52224 At the Drivers screen add any that may be needed for your install
52325 The destination screen will appear, this is where you'll enter the name of the computer and the admin pass. Check timezone and then next.
52426 Join a domain if needed.
52527 Configure network settings if needed.
52628 Choose, "Create a basic nano server image."
52729 It'll take you to confirmation, press create.
52830 Once complete close.
52931 Find the folder where the VHD was and make sure the VHD has been created. This can be ran in Hyper-V
530
531Nano server will not allow the following:
532ADSL, ADO, and WMI type Adapatrs
533Enable-PSRemoting, Disable-PSRemoting (PS is PowerShell)
534Scheduled jobs and PSScheduledJobModule
535Computer cmdlets for joining a domain (Add/remove)
536Reset-ComputerMachinePassword, Test-ComputerSecureChannel
537Profiles (You can add a startup script for incoming remote connections with Set-PSSessionConfiguration.)
538Clipboard cmdlets
539EventLog cmdlets (Use New-WinEvent and Get-WinEvent cmdlets instead.)
540Get-PfxCertificate cmdlet
541TraceSource cmdlet
542Counter cmdlets
543Some web-related cmdlets(New-WebServiceProxy, Send-MailMessage, ConvertTo-Html)
544Logging and tracing using PSDiagnostics module
545Get-HotFix
546Implicit remoting cmdlets (Export-PSSession/Import)
547New-PSTransportOption
548PS transactions and transaction cmdlets
549PS Workflow infrasture, modules, and cmdlets
550Out-Printer
551Update-list
552WMI v1 cmdlets: Get-WmiObject, Invoke-WmiMethod, etc.
553
554+ Activating and servicing windows
555
556Using Volume Activation Management Tool to activate many products at once.
557
558++ Key Management Service
559- Allows for an easy and automated way to get activated, allows for local network activation if you have a KMS client-server network. As long as you have static TCP/IP or and DNS server setup, it's possible.
560To configure KMS host systems you must configure and retrieve VOlume Activation Information. Ths is done by using a Software License Manager. Can be run on a local or remote system on a user account with an elevated command prompt. KMS host sys can be anything running windows Vista or higher, or any windows server above WS3.
561
562Modification of slmgr. vbs scripts (SL manager):
563Use Wscript.exe or Cscript.exe.
564When changes are made, the Software Licensing Service must be restarted. Can be done by using the Services Microsoft Management Console (MMC) or by running the Net Stop and Net Start commands at an elevated command prompt (net stop sppsvc and net start sppsvc)
565
566Elevated command prompt
567- Literally just running CMD as an administrator.
568
569The Slmgr.vbs script has diff command line switches that you can use. (CMD or PS)
570List of parameters:
571/ato
572- Used to retail and volume sys editions with a KMS host key or Multiple Activation Key installed. Prompts windows to try and do an online activation. For any systems using a Generic Volume Liscense Key, this will make the system attempt the activation.
573/cdns
574- Allows the admin to disable KMS hose automatic DNS publishing
575/cpri
576- Admins can use this to lower the priority of KMS host processes
577/dli
578- Admins can use this to view the curent KMS activation count
579/dlv
580- Shows the license information for the installed OS
581/ipk
582- will try to install a 5x5 product key.
583/sai activationInterval
584- Allows admin to change how often a KMS client attempts to activate itself when it cannot find a KMS host. Default is 120 min. Change this by replace ActivationInterval with how many minutes.
585/sdns
586- Allows an admin to enable KMS host automatic DNS publishing
587/spri
588- This allows an admin to set the CPU priority of the KMS host processes to normal.
589/sprt PortNumber
590- Allows admin to change the default TCP communications port on a KMS host from 1688 to whichever port the admin wants to use. Replace just like before with the TCP port num.
591/sri RenewalInterval
592- Allows an admin to change how often a KMS client attempts to renew its activation by contacting a KMS host. Replace the Interval with the number of minutes, default is 10080.
593
594To run this script remotely, admins must apply additional parameters. They must include the computer name of the target computer as well as a username and pass of a user account that has local admin rights on the target computer. If run remotely without a specified username and passsword, the script uses the credentials of the user running the the script.
595For example:
596slmgr.vbs TargetComputerName Username Password /parameter (options)
597
598++ AVMA
599
600Another method of activation is Automatic Virtual Machine Activation (AVMA). Works the same way that proof-of-purchase works. The second there is proof that the WS16 OS is used in accordance with Microsoft Software License terms, AVMA allows you to install VMs on that WS OS w/o the need of using keys for each virtual machine.
601
602AVMA attatches the VM activation to the properly activated Hyper-V machine during the startup process. It will produvde admins with realtime reporting data. When your VMs are properly activated using volume or OEM licensing, AVMA benefits us by activating VMs in remote areas and even w/o internet connection.
603As long as Hyper-V is legally licensed then VMs are activated as well.
604AVMA needs WS16 with Hyper-V, that's all.
605
606AVMA Keys? Refer to the image in the folder.
607
608++ AD Based Activations
609- AD is a centralized database of objects for a corp called a domain.
610Admins can use this for activation by domain connection.
611Orgs have remote locations with company owned software that needs to be registered. Instead of keys, they use the domain assuming they're connected to it.
612ADBA will automatically activate the computers version of Win either online with Microsoft or thorugh activation proxy.
613
614Proxy
615- A proxy server, also known as a "proxy" or "application-level gateway", is a computer that acts as a gateway between a local network (for example, all the computers at one company or in one building) and a larger-scale network such as the internet. Proxy servers provide increased performance and security.
616
617Servicing models for WS16, reference folder for image.
618
619LTCB
620- Servicing is like how long it's supported by microsoft. Typically it goes 5 years of mainstream support and 5 years of extended support for the diff version of the Win OS. This is LTCB.
621
622CCB
623- Current branch for business is used for Nano Server servicing. Designed with cloud in mind. Will continue to provide new features and function to the WS allowing the server to evolve and grow with the rapidly chaning industry. Updated mutliple times in a year.
624
625+ Windows Deployment Services (WDS)
626Used to install Win OS without install disc. Allows for network installation. Can deploy XP,WS3,Vista,7,8,10,WS8/R2,WS12/R2,WS16.
627Simplifies management, can quickly recover the OS in the event of a comp failure.
628
629Steps from a PXE-enable WDS client:
6301 WDS Client initiates a special boot process thru the PXE net adapater (And the comp BIOS configured for a network boot). On a PXE client, the user presses F12 to start the PXE boot process and to indicate that they want to preform a WDS install.
6312 A list of available Windows PE boot images is displayed. Select appropriate Win PE boot image.
6323 Win Welcome is displayed. Next.
6334 The WDS user is prompted to enter credentials for accessing and installing images from the WDS server.
6345 A list of available OS images are displayed. Select the image file.
6356 The WDS user is prompted to enter the product key for image
6367 The Partition and Configure The Disk Screen is displayed. Provides ability to install a mass storage device driver if needed with F6.
6378 The image copy process is initiated, and the selected image is copied to the WDS client comp.
638
639Preparing the WDS Server
6401 Make sure the server meets the req for running WDS
6412 Install WDS
6423 Configure and start WDS
6434 Configure the WDS server to respond to client computers (if not already enabled)
644
645WDS req:
646Computer must be a domain controller or a member of an AD domain
647At least one partition on the server must be formated as NTFS
648WDS must be installed on the server
649The OS must be WS3, WS8/R2, WS12/R2, or WS16.
650A network adapter must be installed
651
652Network Services
653TCP/IP installed and configured
654A DHCP server for assign DHCP addresses to WDS clients.
655A DNS server to locate the AD controller
656AD to locate WDS servers and clients. Authorize WDS clients and manage WDS conig and client install options.
657
658Installing the WDS Server Components
659Can be configured through Win Deployment Services Config Wizard or by using the WDSUTIL command line utility as shown through these command line options.
660Options:
661/initialize-server
662- Starts config of the WDS server
663/uninitialize-server
664- Undoes any changes mage during the start of the WDS server
665/add
666- Adds images and devices to the WDS server
667/convert-ripimage
668- Converts Remote Install Prep (RIprep) images to WIM images
669/remove
670- Removes images from server
671/set
672- sets info in images, image groups, WDS servers, and WDS devices
673/get
674- gets info from images from the same stuff.
675/new
676- Creates new capture images or discover images
677/copy-image
678- copies images from the image store
679/export-image
680- exports to WIM files images contained within image store
681/start
682- Starts the WDS services
683/Stop
684- Stops WDS services
685/disable
686- disables WDS Services
687/enable
688- enables WDS services
689/approve-autoadddevices
690- approves auto add devices
691/reject-autoadddevices
692- rejects the same
693/delete-autoadddevices
694- Deltes records from the auto-add database
695/update
696- uses a known good resourse to update a server resource
697
698First step in setting up a WDS to deploy OS to the clients is to install the WDS role with server manager.
699WDS can work with windows imaging .wim files
700These can be created with Win Sysprep Utility
701Pay attention to Preboot Execution Environment (PXE) net devices. These are NICs that can talk to a net without an OS. PXE boot NIC adapters are net adapters that have a set of preboot commands within the boot firmware.
702This is important since they request the data to load the OS remotely.
703You need DHCP to accept PXE machines. They also need TCP/IP addresses so they can connect to a WDS server.
704
705Prepping client for WDS
706Needs to meet req
707Have a PXE-capable net adapter installed
708A WDS server present on the network
709User account must be a member of the Domain Users group in AD
710
711Steps to install WDS client:
7121 Start computer, press f12 with prompted for a net service boot. Windows PE appears.
7132 Win Welcome, next.
7143 Enter the user and pass of an acc that has perms to access and install images from the WDS server
7154 List of available OS stored on the WDS server appears. Select the image to install and click next
7165 Enter product key for image
7176 Partition and config the disk screen appears, partition or just click ok for default options
7187 Initiate process with next, win setup will begin after image is copied
719
720Understanding features on Demand
721Roles can be deleted after being disabled.
722Shown as removed in server manager when you've done so.
723Need installation files to get it back.
724
725To remove a role from a sys:
726-Remove (w/ the Uninstall-WindowsFeature cmdlet of win PS)
727To reinstall:
728- Source (w/ Install-WindowsFeature Server Manager cmdlet)
729States path where the WIM image files and the index num of the image will be located.
730If not available on local machine, use win update or installation media.
731
732Steps to reinstalling a role or feature using a WIM image:
7331 Run this in PS:
734Get-windows image -imagepath /install.wim
735Imagepath is where thw WIM files are located.
7362 Install-WindowsFeature Featurename -source wim: path:index
737FeatureName is it's name, path is the path to the wim mount point, and index is the index of the server image from step 1.