Certs: Installing & Configuring Windows Server 2012 (70-410)

In this post for the 70-410 series of study notes I discuss the following 3 topics

70-410 – Install Servers

Plan Server installation, plan Server roles, plan server upgrade, install server core, optimize resource (features on demand), migrate roles from previous versions of windows

70-410 – Configure Servers

Configure server core, deploy roles on remote servers, convert server core to and from GUI, configure services

70-410 – Configure servers for remote management

Configure WinRM, down level server management, day-to-day management, configure server core

Windows Server 2012 New Features

  • Active Directory Certificate Services (AD CS) – Allows issue and management of public key infrastructure certificates (PKI)
  • Active Directory Domain Services (AD DS) – Deploy DC quicker, DC more flexible, perform admin tasks quicker and easier – graphical and scripted management
  • Active Directory Rights Management Services  (AD RMS) – Management & Development tools that let you work with security technologies, encryption, certificates and authentication. Protect information!
  • Bitlocker – Encrypt HDD, protect against data theft
  • BranchCache – Cache data and files locally from web servers on the WAN, improve app response times.
  • DHCP – Allocate IP address to devices on your network
  • DNS – Resolve a name to IP address and vice versa
  • Failover Clustering – High availability for network servers, file share storage for apps like Hyper-V and SQL Server.
  • File Server Resource Manager – Tools to manage the amount and type of data stored on servers, set quotas, reports, file-screening management
  • Hyper-V – Virtualized computing environment, allows you to run multiple OS’s simultaneously on one physical server, each virtual OS runs in its own virtual machine environment.
  • IPAM – Manage IP address infrastructure
  • Kerberos Authentication –
  • Managed Service Accounts – Delegate management to other administrators
  • Networking – BranchCache, Data Centre Bridging, NIC Teaming
  • RDP Services – Connect to virtual desktops, remote app programs and session-based desktops.
  • Security Auditing – Verify authorized / unauthorized access to machines, resources, applications and services
  • Smart Cards – two-factor authentication, need to have a physical card plus a PIN
  • TLS/SSL – Transport Layer Security, Secure Sockets Layer
  • Windows Deployment Services – Allows an admin to install windows remotely, network based installations.

Planning the Windows Server 2012 Installation

  1. What type of server to I need?
  2. Will it be a DC?
  3. What roles are needed on the server?
  4. When installing Win2012 you need to decide what features and roles will be installed. Below is a list of the available roles and features

Available Roles and Features

  • Active Directory Certificate Services (ADCS) – Build a PKI (Public key infrastructure)
  • Active Directory Domain Services (ADDS) – Create a secure and manageable infrastructure for user and resource management, support for directory enables apps like MS Exchange
  • Active Directory Federation Services (ADFS) – Internet based clients with secure identity access solution. Windows and non-windows based clients. Supports single sign on (SSO)
  • Active Directory Lightweight Directory Services (ADLDS or LDAP) – Support for directory enabled apps, without the need for domain related restrictions.
  • Active Directory Rights Managements Services (ADRMS) – Management and development tools the work with security technologies (certificates & encryption). Create data protection solutions.
  • Application Server – Environment to run custom server based business apps
  • Failover Clustering – Create and manage failover clusters for upto 4000 virtual machines or 64 physical nodes
  • File and Storage Services – Location on network to store files
  • Group Policy – Set of rules and configuration options that can be applied to users computers.
  • Hyper-V – Create and manage a virtualized environment
  • Networking  – Design deploy and maintain a windows 2012 network.
  • Network Load Balancing (NLB) – Dispenses traffic across multiple servers using TCP/IP. Combines two or more servers into a virtual cluster. Provides reliability and performance for mission critical servers
  • Network Policy and Access Servers – Install and configure NAP (network access protection), wires and wireless access points, RADIUS servers and proxies
  • Print and Document Services –
  • Remote Desktop Services – Allows for both Virtual Desktop Infrastructure (VDI) and session-based desktops, allowing users to connect from anywhere
  • Security and Protection – Access control, AppLocker, BitLocker, Credential Locker, Kerberos, NTLM, passwords, security auditing, smart cards, Windows Biometric Framework (WBF)
  • Telemetry – Allows feedback to be sent to Microsoft automatically via group policy.
  • Volume Activation – Deploy and manage volume licenses
  • Web Server (IIS) – Platform to host websites, services and applications
  • Windows Deployment Services – Allows admins to deploy windows all over the network without needing a DVD for each machine.
  • Windows Server Backup Feature – Backup and restore windows servers
  • Windows Server Update Services – Deploy app and OS updates, manage updates released via Microsoft update.
  • Windows System Resource Manager – Manage Server processor and memory usage through resource policies.

Server 2012 Migration Tools

2012 includes a set of migration tools that allow administrators to migrate server roles, features, OS settings and data. Migrate data from

  • 2003, 2003 R2, 2008, 2008 R2, or 2012 to a computer running 2012
  • Support migration to Server Core installation and virtual servers
  • Reduce migration downtime, increase accuracy, eliminate conflicts
  • Supports cross architecture (x86 to x64), supports physical to virtual, between full and server core installations.
  • To use feature must be installed on both source and destination servers.
  • Can be installed using the “Add roles and Features” wizard or by Powershell cmdlets
  • From powershell run the following “install –WindowsFeature Migration”

Which Version of Server 2012 To Use?

2012 Datacentre – Designed for organizations who have a highly virtualized private cloud environment, full functionality with unlimited virtual instances

2012 Standard – Organizations with physical or minimally virtualized environment, full functionality with two virtual instances

2012 Essentials – Small businesses, 25users 50 devices, no virtualization rights

2012 Foundation – Small companies, 15 users, no virtualization rights

Type of Installation – GUI or Server Core?

Server Core

  • Supports a limited number of roles
  • Does not have a GUI, all admin via the command line
  • Benefits – Reduced Management, Minimal Maintenance, Smaller Footprint, Tighter Security
  • Ability to upgrade and downgrade from GUI to SC or vice versa
  • Supports RODC (read only domain controller)
  • Use Powershell to upgrade to GUI
  • Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell –Restart
  • Uninstall-WindowsFeature Server-Gui-Mgmt-Infra –restart

Installing Windows Server 2012

Option 1  – Install with the GUI

Option 2 – Install Server Core

Using Windows Deployment Services

New version of RIS called Windows Deployment Services (WDS). Allows administrator to install a Windows OS without using the CD installation disk.

  • Can deploy XP, Server 2003, Vista, 7, Server 2008 / R2 and Server 2012#
  • Remotely install Win7 & 8
  • Simplifies management of server image
  • Quickly recover OS in event of a failure

WDS Server Requirements

  • Must be a DC or member of AD Domain
  • One partition must be NTFS
  • OS must be Server 2003, Server 2008/R2 or server 2012
  • A NIC must be installed
  • TCP/IP installed and configured
  • DHCP server available to issue IP’s to clients
  • DNS
  • Active Directory

Configure using WDS Configuration Wizard or by the WDSUTIL command line utility

WDS Client

  • PXE capable NIC installed
  • User account used to install must be a member of Domain Users group in AD

Configuring Remote Management

Windows Remote Management (WinRM utility), allows commands to be executed remotely and obtain management data from local and remote servers. Supports windows and non-windows based OS’s

Powershell – execute commands locally or remotely on Win2012 server, allows local or remote administration.

  • Interactive prompt and scripting environment, accept and return text.
  • Uses “Cmdlets” – Use them independently or string together to execute complex tasks
  • More than 100 Cmdlets included but admins can write their own

 

Features On Demand

Designed to save space on HDD, before 2012 if you disable a feature or role on the server the files remain on the disk, with 2012 admins can completely remove the role and files. Once done the state of “removed” is shown in Server Manager or “disabled with payload removed” is shown in dism.exe utility.

  • To remove a role or feature use the –Remove with the Uninstall –WindowsFeature Cmdlet from Windows Powershell

To reinstall use the –source option with Install -WindowsFeature Cmdlet

Loading