Efnisyfirlit

• Mastering Windows Server 2016
• Table of Contents
• Mastering Windows Server 2016
• Credits
• About the Author
• About the Reviewer
• www.PacktPub.com
• eBooks, discount offers, and more
• Why subscribe?
• Instant updates on new Packt books
• Preface
• What this book covers
• What you need for this book
• Who this book is for
• Conventions
• Reader feedback
• Customer support
• Piracy
• Questions
• 1. Getting Started with Windows Server 2016
• What is the purpose of Windows Server?
• It’s getting “cloudy” out there
• Private cloud
• An overview of new features
• The Windows 10 experience
• Software-Defined Networking
• PowerShell 5.0
• Built-in malware protection
• Soft restart
• Nano Server
• Web Application Proxy
• Shielded virtual machines
• Navigating the interface
• The new Start menu
• The hidden Admin menu
• Using the Search function
• Pin programs to the taskbar
• The power of right-click
• Using the new Settings screen
• Two ways to do the same thing
• Creating a new user through the Control Panel
• Creating a new user through the Settings menu
• Task Manager
• Task View
• Summary
• 2. Installing and Managing Windows Server 2016
• Installing Windows Server 2016
• Burning that ISO
• Installing from USB
• Running the installer
• Installing roles and features
• Installing a role using the wizard
• Installing a feature using PowerShell
• Centralized management and monitoring
• Server Manager
• Remote Server Administration Tools
• Azure Server Management Tools
• Does this mean RDP is dead?
• Remote Desktop Connection Manager
• Sysprep enables quick server rollouts
• Installing Windows Server 2016 onto a new server
• Configuring customizations and updates onto your new server
• Running sysprep to prepare and shut down your master server
• Creating your master image of the drive
• Building new servers using copies of the master image
• Summary
• 3. Core Infrastructure Services
• What is a domain controller?
• Using AD DS to organize your network
• Active Directory Users and Computers
• User accounts
• Security Groups
• Prestaging computer accounts
• Active Directory Domains and Trusts
• Active Directory Sites and Services
• Active Directory Administrative Center
• Dynamic Access Control
• Read-only domain controllers
• The power of Group Policy
• The Default Domain Policy
• Create and link a new GPO
• Filtering GPOs to particular devices
• DNS overview
• Different kinds of DNS records
• Host record (A or AAAA)
• Alias record – CNAME
• Mail Exchanger record
• Name Server record
• Ipconfig /flushdns
• DHCP versus static addressing
• The DHCP scope
• DHCP reservations
• Back up and restore
• Schedule regular backups
• Restoring from Windows
• Restoring from the disc
• MMC and MSC shortcuts
• Summary
• 4. Certificates in Windows Server 2016
• Common certificate types
• User certificates
• Computer certificates
• SSL certificates
• Single-name certificates
• Subject Alternative Name certificates
• Wildcard certificates
• Planning your PKI
• Enterprise versus standalone
• Root versus subordinate
• Can I install the CA role onto a domain controller?
• Creating a new certificate template
• Issuing your new certificates
• Publishing the template
• Requesting a cert from MMC
• Requesting a cert from the Web interface
• Creating an autoenrollment policy
• Obtaining a public authority SSL certificate
• Creating a Certificate Signing Request (CSR)
• Submitting the certificate request
• Downloading and installing your certificate
• Exporting and importing certificates
• Exporting from MMC
• Exporting from IIS
• Importing onto a second server
• Summary
• 5. Networking with Windows Server 2016
• Intro to IPv6
• Networking toolbox
• Ping
• Tracert
• Pathping
• Test-Connection
• Telnet
• Packet tracing with Wireshark or Netmon
• TCPView
• Building a routing table
• Multihomed servers
• Only one default gateway
• Building a route
• Adding a route with Command Prompt
• Deleting a route
• Adding a route with PowerShell
• Software-Defined Networking
• Hyper-V Network Virtualization
• Private clouds
• Hybrid clouds
• How does it work?
• System Center Virtual Machine Manager
• Network Controller
• Generic Routing Encapsulation
• Microsoft Azure virtual network
• Windows Server Gateway
• Summary
• 6. Enabling Your Mobile Workforce
• DirectAccess – automatic VPN!
• The truth about DirectAccess and IPv6
• Prerequisites for DirectAccess
• Domain joined
• Supported client operating systems
• DirectAccess servers get one or two NICs?
• Single NIC mode
• Edge mode with two NICs
• More than two NICs?
• To NAT or not to NAT?
• 6to4
• Teredo
• IP-HTTPS
• Installing on the true edge – on the Internet
• Installing behind a NAT
• Network Location Server
• Certificates used with DirectAccess
• SSL certificate on the NLS web server
• SSL certificate on the DirectAccess server
• Machine certificates on the DA server and all DA clients
• Do not use the Getting Started Wizard!
• Remote Access Management Console
• Configuration
• Dashboard
• Operations Status
• Remote Client Status
• Reporting
• Tasks
• DirectAccess versus VPN
• Domain-joined versus non-domain-joined
• Auto versus manual launch
• Software versus built-in
• Password and login issues with VPN
• Web Application Proxy
• Requirements for WAP
• Server 2016 improvements to WAP
• Preauthentication for HTTP Basic
• HTTP to HTTPS redirection
• Client IP addresses forwarded to applications
• Publishing Remote Desktop Gateway
• Improved administrative console
• Summary
• 7. Hardening and Security
• Windows Defender
• Installing Windows Defender
• Exploring the user interface
• Disabling Windows Defender
• Windows Firewall – no laughing matter
• Two Windows Firewall administrative consoles
• Windows Firewall settings
• Windows Firewall with Advanced Security
• Three different firewall profiles
• Building a new Inbound Rule
• How to build a rule for ICMP?
• Managing WFAS with Group Policy
• Encryption technologies
• BitLocker and the Virtual TPM
• Shielded VMs
• Encrypting File System
• IPsec
• Configuring IPsec
• Server policy
• Secure Server policy
• Client policy
• IPsec Security Policy snap-in
• Using WFAS instead
• Advanced Threat Analytics
• Lightweight Gateway
• General security best practices
• Get rid of perpetual administrators
• Use distinct accounts for administrative access
• Use a different computer to accomplish administrative tasks
• Never browse the Internet from servers
• Role-Based Access Controls
• Just Enough Administration
• Device Guard
• Credential Guard
• Summary
• 8. Tiny Servers
• Why Server Core?
• No more switching back and forth
• Interfacing with Server Core
• PowerShell
• Cmdlets to manage IP addresses
• Setting the server hostname
• Joining your domain
• Server Manager
• Remote Server Administration Tools
• Accidentally closing Command Prompt
• Roles available in Server Core
• Nano Server versus Server Core
• Sizing and maintenance numbers
• Accessibility
• Capability
• Installation
• Setting up your first Nano Server
• Preparing the VHD file
• Creating a virtual machine
• Nano Server Image Builder
• Administering Nano Server
• Nano Server Recovery Console
• Remote PowerShell
• Windows Remote Management
• Other management tools
• Summary
• 9. Redundancy in Windows Server 2016
• Network Load Balancing
• Not the same as round-robin DNS
• What roles can use NLB?
• Virtual and dedicated IP addresses
• NLB modes
• Unicast
• Multicast
• Multicast IGMP
• Configuring a load balanced website
• Enabling NLB
• Enabling MAC address spoofing on VMs
• Configuring NLB
• Configuring IIS and DNS
• Test it out
• Flushing the ARP cache
• Failover clustering
• Clustering Hyper-V hosts
• Scale-Out File Server
• Clustering tiers
• Application layer clustering
• Host layer clustering
• A combination of both
• How does failover work?
• Setting up a failover cluster
• Building the servers
• Installing the feature
• Running the Failover Cluster Manager
• Running cluster validation
• Running the Create Cluster wizard
• Clustering improvements in Windows Server 2016
• Multi-Site clustering
• Cross-domain or workgroup clustering
• Cluster Operating System Rolling Upgrade
• Virtual Machine Resiliency
• Storage Replica
• Stretch Cluster
• Cluster to Cluster
• Server to Server
• Storage Spaces Direct
• Summary
• 10. Learning PowerShell 5.0
• Why move to PowerShell?
• Cmdlets
• PowerShell is the backbone
• Scripting
• Server Core and Nano Server
• Working within PowerShell
• Launching PowerShell
• Default Execution Policy
• Restricted
• AllSigned
• RemoteSigned
• Unrestricted
• Bypass
• Using the Tab key
• Useful cmdlets for daily tasks
• Using Get-Help
• Formatting the output
• Format-Table
• Format-List
• PowerShell Integrated Scripting Environment
• PS1 file
• Integrated Scripting Environment
• Remotely managing a server
• Preparing the remote server
• WinRM service
• Enable-PSRemoting
• Allowing machines from other domains or workgroups
• Connecting to the remote server
• Using –ComputerName
• Using Enter-PSSession
• Testing it with Server Core and Nano Server
• Desired State Configuration
• Summary
• 11. Application Containers and Docker
• Understanding application containers
• Sharing resources
• Isolation
• Scalability
• The differences between hypervisors and containers
• Windows Server Containers versus Hyper-V Containers
• Windows Server Containers
• Hyper-V Containers
• Starting a container with PowerShell
• Preparing your container host server
• Starting a Windows Server Container
• What is Docker?
• Docker on Windows Server 2016
• Docker Hub
• Docker Trusted Registry
• Summary
• 12. Virtualizing Your Datacenter with Hyper-V
• Designing and implementing your Hyper-V Server
• Installing the Hyper-V role
• Using virtual switches
• External virtual switch
• Internal virtual switch
• Private virtual switch
• Creating a new virtual switch
• Implementing a new virtual server
• Starting and connecting to the VM
• Installing the operating system
• Managing a virtual server
• Hyper-V Manager
• Settings menus
• Checkpoints
• Hyper-V Console, RDP, and PowerShell
• Shielded VMs
• Encrypting the VHDs
• Hyper-V Server 2016
• Summary
• Index