Server 2019 Versions PDF
Document Details
Uploaded by EnviableGhost
Tags
Related
- 3- Static routing in windows server 2019.pdf
- Fundamentals of Pathology Medical Course and Step 1 Review (2019 Edition) PDF
- Guide to Operating Systems, 6th Edition Lecture Notes PDF
- Windows Server 2019 Presentation PDF
- Ordenança reguladora de l'administració electrònica de l'Ajuntament de Barcelona PDF
- Server 2019 Versions PDF
Summary
This document discusses various server 2019 versions, upgrading/downgrading procedures, BitLocker/EFS encryption, boot/install processes, WDS functionality, DNS records, and System Centre Configuration Manager (SCCM). It also covers the FSRM role and its use cases.
Full Transcript
**Server 2019 Versions** Server 2019 Versions, each can be installed without the desktop experience Essentials - Up to 25 users - lower price Standard - 2 Hyper-V VM's Datacenter - unlimited VM's - very expensive **Upgrading / Downgrading** **Upgrade:** 1\. 2012 R2 & 2016 only to 2019 2\. Ba...
**Server 2019 Versions** Server 2019 Versions, each can be installed without the desktop experience Essentials - Up to 25 users - lower price Standard - 2 Hyper-V VM's Datacenter - unlimited VM's - very expensive **Upgrading / Downgrading** **Upgrade:** 1\. 2012 R2 & 2016 only to 2019 2\. Backup first 3\. Mount installation ISO 4. Run Setup 5. Choose to keep settings **Downgrade:** 1\. Only to server 2016 2\. Must have downgrade rights from Microsoft 3\. Backup first! **BitLocker / EFS** All Server 2019 version support bitlocker but you have to enable it in PowerShell or using Server Manager A full volume encryption feature included with Microsoft Windows versions starting with Windows Vista It is designed to protect data by providing encryption for entire volumes When you use BitLocker on a file it becomes a small volume BitLocker allows only the Authorised User to access the data EFS - The Encrypting File System is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption **BOOT / INSTALL.WIM** The default boot and wim images are available from the DVD The windows image file boot.wim - is to boot the operating system The boot file contains Windows PE WDS sends the boot file out to the target computers first The windows machine unpacks and boots into windows PE using the boot.wim file, then a basic operating system allows the administrator to choose options Windows PE then facilitates the installation of an INSTALL.WIM file containing the full operating system, applications and settings Obviously the boot.wim file is often much smaller than the install.wim file **WDS Terminology** When you create an image to deploy with WDS this is called a Standard Image The image comes from a Reference Computer ** If you do not have PXE compliant network cards you need to create a Discover Image (rare nowadays)** Auto cast multicasts the image to all machines, this begins after the first client connects when multiple machines are being deployed There are two main files in a windows image ○ INSTALL.WIM - containing the OS and Settings/Applications ○ BOOT.WIM with drivers and windows PE **DNS Records** The DNS zone used for AD DS is a forward lookup zone A forward lookup zone can have multiple record types, but it is most commonly used to convert host names to IP addresses If you have an AD DS domain named contoso.com, you need to have a DNS zone named contoso.com to support the domain DNS Record Types include - A IPv4, AAAA - IPv6, CNAME - Alias, MX - Mail, NS - Name Server **AD CS (Certificate Services)** Standalone signs certificates offline (root authority) - this is often kept offline - subordinate certificate servers only trusts the root CA Enterprise within a domain (intermediate) Subordinate below a higher authority (issuing server) Certificate Servers maintain lists of valid and invalid certificates, certificates can be invoked or revoked, revoked certificates go onto a CRL (certificate revocation list) **SCCM** System Centre configuration manager lets you deploy software based on a schedule Administrators can deploy applications and get reports on the success/failure of the deployments We must pay for it so we cannot set it up in a lab, SCCM does not come with windows server out of the box - it must be downloaded and installed onto the server after a licence is purchased SCCM also allows advanced administration tasks such as remote installation, patch management and OS deployment FSRM Role A role in Windows Server that enables you to manage and classify data stored on file servers Can automatically classify files, perform tasks based on these classifications, set quotas on folders, and create reports monitoring storage usage: 1\) Quota Management -- how much storage is allowed per directory 2\) File screening management -- what kind of data may be stored 3\) Classification Management (criticality) 4\) File Management Tasks (runs based on classification) 5) Storage Reports Management **FSRM use cases:** Create a 200 megabyte quota for each user's home directory and notify them when they are using 180 megabytes Do not allow any music files to be stored in personal shared folders Schedule a report that runs every Sunday night at midnight that generates a list of the most recently accessed files from the previous two days ○ This can help you determine the weekend storage activity and plan your server downtime accordingly: **Role Description** Print and Document Services enables you to centralize print server and network printer tasks. With this role, you can also receive scanned documents from network scanners and route the documents to a shared network resource, Windows SharePoint Services site, or email addresses Fax Server sends and receives faxes and allows you to manage fax resources such as jobs, settings, reports, and fax devices on your fax server Print Spooler ard to set up in a virtual environment! The print spooler is a software program that is responsible for managing all print jobs currently being sent to the computer printer or print server It is recommended that if you have a lot of printers, or users sending large documents to your printers, that you move the print spooler off your C drive and onto a different hard drive The print spooler program allows a user to delete a print job being processed or otherwise manage the print jobs currently waiting to be printed **RAID - Redundant Array of Inexpensive Disks** RAID properties can be verified in Disk Management, raid disks are configured with LUN (logical unit numbers RAID 0 Striping RAID 1 Mirroring RAID 5 Parity bit Raid 10 = 1+0 Accessing Resources through RDS If remote access users have to be able to access network based resources from home but also access their local drives when using their remote access connection How would we configure this? On the Remote Desktop Connection \> click Show Options \> Local Resources \> Local devices and resources \> More \> Check the appropriate Drives check box (or boxes) as required As more and more workers work from home making "cloud" services available through azure/office 365 will become more and more important **Space saving technologies** NTFS data compression - built in feature of the file system Compression tools like WinZip copies files then compress them into an archive however - must remove the compression to work with the files Data deduplication - Identifies repeated patterns and eliminates duplicate patterns potentially excellent, depending on the data type (VDI files, software installation files being excellent) **Automating Tasks** PowerShell offers ways to automate tasks through: ○ Cmdlets - very small classes appear as system commands ○ Scripts - combinations of cmdlets and associated logic ○ Executables - standalone tools ○ Install-WindowsFeature - replaces an old cmd utility called servermanagercmd.exe for adding roles to the server DHCP Process The client sends a DHCPDiscover packet broadcast to which all available DHCP servers can respond DHCP servers reply with a DHCPOffer unicast packet containing IP addressing information that can be used by the client The client sends a DHCPRequest broadcast indicating it accepts the DHCPOffer, the first DHCPOffer received is the one accepted All DHCP servers identify which offer was accepted, so they don't reserve addresses for this client The DHCP server responds with a DHCPAck unicast packet, this identifies that the DHCP client knows the offer was accepted and that the client can begin using the IP address DHCP Leases: Default lease length in windows server is eight days, clients will attempt to renew that lease with the original DHCP server at 50% of lease length (4 days) if not successful, again at 87.5% (7 days) If the lease cannot be renewed and expires, the client loses its IP address and might obtain a lease from another DHCP server or begin using APIPA Eight days ensures clients can use the IP for an extended period, it also makes it difficult to make network changes Routers almost always block broadcast packets from passing between networks, DHCP Discover packets are not normally able to cross from one network to another through routers To allow a single DHCP server to service multiple subnets, you need to implement a DHCP relay **DHCP Options** Reservations an IP in the scope that is given to a specific DHCP client, the DHCP server identifies the client based on the client's MAC address Options within a DHCP Packet many options can be set some examples include- 002 Time Offset, 003 Router, 004 NTP Server, 006 DNS Servers, 015 DNS Domain Name Availability three options for redundancy: ○ Scope Splitting (80:20) ○ Hot Standby (Failover Relationship) ○ Load-Balanced (the servers have to communicate to prevent duplicate address allocation) **Delegation of Control Wizard:** From Active Directory Users and Computers - The Delegation of Control Wizard facilitates delegating control of different portions of Active Directory to other administrators and users The wizard simplifies the process by allowing only the administrator to assign permissions at the level of organizational units (OUs) Assigning permissions to OUs rather than to particular directory objects ultimately simplifies the Active Directory administrator's work **Enable the Windows Defender Gui** By default, Microsoft Defender Antivirus is installed and functional on Server 2016 2019 The GUI is installed by default on some systems, but is not required because you can use PowerShell or other methods to manage Microsoft Defender Antivirus Add the GUI using the Add Roles and Features or PowerShell Under Windows Defender Features, select 'GUI for Windows Defender **Objects** Active Directory structures are arrangements of information about objects Objects fall into two broad categories: resources (e.g., printers) and security principals (user or computer accounts and groups) each object represents a single entity Certain objects can contain other objects - like OU's An object is uniquely identified by its name and has a set of attributes---the characteristics and information that the object represents--- defined by a schema, which also determines the kinds of objects that can be stored in Active Directory If an object is deleted it goes into the active directory recycle bin for its "tombstone lifetime"
