WS-011 Windows

Server 2019
administration

© Copyright Microsoft Corporation. All rights reserved.

Module 1: Windows
Server administration
Module overview

This module introduces you to Windows Server 2019

Lessons
 Introducing Windows Server 2019
 Overview of Windows Server Core
 Overview of Windows Server administration principles and tools
Lesson 1: Introducing
Windows Server 2019
Lesson 1 overview

In this lesson, you’ll learn about Windows Server 2019 editions and their capabilities
 Topics
o Windows Server 2019 editions

o Hardware requirements for Windows Server 2019

o Overview of deployment options

o Deployment accelerators

o Servicing channels for Windows Server

o Licensing and activation models for Windows Server

o What’s new in Windows Server 2019?

Windows Server 2019 editions

 Windows Server 2019 is released in four editions:

o Windows Server 2019 Essential
o Windows Server 2019 Standard
o Windows Server 2019 Datacenter
o Hyper-V server 2019
Hardware requirements for Windows Server 2019

 Hardware requirements will vary depending on:

o Job role

o Workload
Minimum hardware requirements for Windows Server 2019:

Component Requirement

Processor architecture 64 bit

Processor speed 1.4 gigahertz (GHz)

RAM 512 MB

Hard drive space 32 GB

Overview of deployment options (1 of 2)

Traditionally, new server versions always offered clean install. Windows Server 2019 also
provides the option for an in-place upgrade.
 Clean install:
o Boot the machine or VM from the Windows Server 2019 media

o Choose the installation language, time and currency formats, and keyboard layout

o Choose the architecture (either Standard or Datacenter) with or without Desktop

Experience
o Accept the license

o Choose custom installation

o Choose the volume that will host the installation

Overview of deployment options (2 of 2)

 In-place upgrade
o Insert the disk or mount the ISO of Windows Server 2019 media and then run
Setup.exe
o Respond to the prompt to download updates, drivers, and optional features
o Choose the architecture (either Standard or Datacenter) with or without Desktop
Experience
o Accept the license
o Choose what to keep: personal files and apps, or nothing
Deployment accelerators (1 of 2)

Microsoft provides free solution accelerators that provide guidance and content to help you
design and plan your Windows Server deployment. Solution accelerator scenarios focus on
security and compliance, management and infrastructure, and communication and
collaboration.
 MDT:
o Lightweight tool for automated server and desktop deployments

o Deploys standardized images

o Automates the deployment process by configuring unattended setup files

o Complements Windows Deployment Services and System Center Configuration

Manager
Deployment accelerators (2 of 2)

 Microsoft Assessment and Planning Toolkit

o Analyzes the inventory of an organization
o Assists in Hyper-V server planning
o Assesses the environment for Microsoft 365 and Office 2019
o Creates reports to use for upgrade and migration plans
Servicing channels for Windows Server

You can use servicing channels to choose whether new features and functionality will be
delivered regularly during a server’s production lifespan, or when to move to a new server
version
 There are two release channels:
o Long-Term Servicing Channel

• A major version of Windows Server will be released every two or three years
• Normal security updates and Windows updates will be delivered on a regular basis

o Semi-Annual Channel
• New features will be delivered semi-annually, in the spring and the fall
• Normal security updates and Windows updates will be delivered on a regular basis
• Semi-annual releases can be identified by their version number, which is a
combination of the year and month that the features were released
Licensing and activation models for Windows Server (1 of 2)

Licensing for Windows Server Standard and Datacenter is based on the number of cores,
not processors
 Each Windows Server has the following minimum license requirement:
o All physical cores must be licensed

o There must be 8 core licenses per processor

o There must be 16 core licenses per server

 Client access licenses are required for each user or device that connects to the server for
any purpose
Licensing and activation models for Windows Server (2 of 2)

To ensure that your organization has the proper licenses, and to receive notices for product
updates, you must activate every copy of Windows Server that you install
 Windows Server activation methods:
o Manual activation requires a product key
o Automatic activation options:
• Key Management Services
• Volume Activation Services server role
• Active Directory-based activation
• Volume Activation Management Tool
• Multiple Activation Key
• Automatic virtual machine activation
What’s new in Windows Server 2019? (1 of 2)

Windows Server 2019 is designed to easily link your on-

premises infrastructure with Microsoft Azure. The new features it offers include the following:

Feature Description

Manages Windows servers, clusters, hyper-converged

Windows Admin Center
infrastructure, as well as Windows 10 PCs

Deduplication for ReFS Windows Server 2019 fully supports deduplication of the ReFS
volumes file system

Cluster Sets Allow you to create large scale-out clusters

What’s new in Windows Server 2019? (2 of 2)

Feature Description

Windows Defender
A new set of host intrusion prevention such as attack detection
Advanced Threat
and zero-day exploits (previously only available for Windows 10
Protection and Windows
platforms)
Defender Exploit Guard

An optional feature that improves app compatibility of the

Server Core App
Windows Server Core by including a subset of binaries and
Compatibility packages from Windows Server with Desktop Experience

Shielded VMs for Linux Protects Linux VMs from attacks and rogue administrators
Lesson 1: Test your knowledge

Refer to the Student Guide for lesson-review questions

Lesson 2: Overview of
Windows Server Core
Lesson 2 overview

In this lesson, you’ll learn about the differences between Server Core and Windows Server wit
h Desktop Experience
 Topics
o Server Core vs. Windows Server with Desktop Experience

o Server Core installation and post-installation tasks

o Install features on demand

o Use sconfig in Server Core

o Demonstration: Configure Server Core

Server Core vs. Windows Server with Desktop Experience

The following table lists the major advantages and disadvantages of Server Core
Advantages Disadvantages
Small footprint that uses fewer server You cannot install several applications on
resources and less disk space, as little as 5 Server Core.
GB for a basic installation
Because Server Core installs fewer Several roles and role services are not
components, there are fewer software available.
updates. This reduces the number of monthly
restarts required and the time required for
you to service Server Core.
The small attack surface makes Server Core You cannot install many vendor lines of
much less vulnerable to exploits. business applications on Server Core, but the
App Compatibility FOD can help to mitigate
that in some cases.
Server Core installation and post-installation tasks

To install Server Core:

 Connect to the installation source
 Choose:
o Language

o Time and currency

o Keyboard

 Select the operating system to install

 Accept license
 Choose installation type
o Upgrade

o Custom

 Choose install disk

 Provide admin password
Install Features on Demand

 Server Core App Compatibility FOD installs binaries and packages from the Desktop
Experience, making it possible to install applications that might otherwise fail due to
missing dependencies
 The FOD can be installed two ways:
o Directly through Windows Update by using PowerShell

o By downloading the ISO to a network share and mounting the image

Use the sconfig tool in Server Core

 sconfig is a text-based utility that allows you configure Server Core to prepare it for use in
your production environment
 sconfig provides 15 different options for initial configuration
Demonstration:
Configure Server
Core
 Use the sconfig utility to perform basic
configuration tasks
Lesson 2: Test your knowledge

Refer to the Student Guide for lesson-review questions

Lesson 3: Overview of
Windows Server
administration principles
and tools
Lesson 3 overview

In this lesson, you’ll learn about Windows Server administration best practices and the tools a
vailable for managing Windows Servers
 Topics
o Overview of the least-privilege administration concept

o Delegate privileges

o Demonstration: Delegate privileges

o PAWs

o Jump servers

o Overview of the Windows Server Admin Center

o Server Manager

o Remote Server Administration Tools

o Windows PowerShell

o Demonstration: Manage servers remotely

Overview of the least-privilege administration concept

Most security breaches or data loss incidents are the result of human error, malicious activity,
or a combination of both. Least privilege is the concept of restricting access rights for users,
service accounts, and computing processes to only those resources absolutely required to
perform their job roles.
The principle states that all users should log on with a user account that has the absolute
minimum permissions necessary to complete the current task and nothing more. Doing so
provides protection against malicious code, among other attacks. This principle applies to
computers and the users of those computers.

Day to day Full admin account

standard user only used to perform
account for IT administration
admins functions
Delegated privileges

 Accounts that are members of high-privilege groups such as Enterprise Admins and
Domain Admins need to be guarded, but occasionally non-admins need rights to perform
certain functions, such as resetting passwords or modifying group memberships.
 Built-in groups with pre-defined admin rights exist to allow users to perform specific admin
tasks. If those groups do not suit your needs, you can delegate more granular permissions
by using the Delegation of Control Wizard.
o The wizard has pre-defined tasks that can be assigned to users or groups, or custom
permissions can be assigned.
Demonstration:
Delegate
privileges
 Create a group for sales managers and
add a user
 Use the Delegation of Control Wizard
to allow the sales managers group to
reset passwords for users in the sales
organizational unit
 Test the delegation
Privileged access workstations

 A PAW is a computer that is used for performing only administration tasks

o Protected from the Internet and locked down so that only the required administration
apps can run
 Microsoft recommends using Windows 10 Enterprise in one of these profiles:
o Dedicated hardware

o Simultaneous use

Credential guard Device guard

• Secure Boot • Secure Boot

• Virtual Secure • Configurable CI
Mode • Virtual Secure
• Isolated LSA Mode
(LSAIso) • HVCI & Protected
KMCI
Jump servers

 A jump server is a hardened server used to access and manage devices in a different
security zone, such as between an internal network and a perimeter network
 A jump server would typically be accessed by a PAW to ensure secure access
 This server will run on dedicated hardware that supports both hardware and software-
based security features such as:
o Credential Guard to encrypt the domain credentials in memory

o Remote Credential Guard to prevent remote credentials from being sent to the
jump server, instead using Kerberos protocol version 5 single sign-on tickets
o Device Guard: HVCI to leverage Virtualization-based security to enforce kernel
mode components to comply with the code integrity policy
o Device Guard: Config code integrity to allow admins to create a custom code
integrity policy, and specify trusted software
Overview of Windows Admin Center (1 of 2)

 Windows Admin Center consolidates multiple admin tools into a single console that can be
easily deployed and accessed through a web interface
 Windows Admin Center is a modular web application comprised of the following four
modules:
o Server manager

o Failover clusters

o Hyper-converged clusters

o Windows 10 clients

 Windows Admin Center has two main components:

o Gateway

o Web server
Overview of Windows Admin Center (2 of 2)

 Windows Admin Center offers the following benefits:

o Familiar functionality
o Easy to install and use
o Complements existing solutions
o Manageable from the internet
o Enhanced security
o Azure integration
o Extensibility
o No external dependencies
Server Manager

 Server Manager allows server administrators to:

o Manage the local server and remotely manage multiple servers
o Configure the local server

o Get basic information about installed hardware

o Query event logs

o Monitor status of services

o Perform best practice analysis

o Check performance monitors

 Server Manager initially opens to the dashboard, which provides quick access to:
o Add roles and features

o Add other servers to manage

o Create a server group

o Connect this server to cloud services

Remote Server Administration Tools

 To enable IT administrators to remotely manage roles and features in Windows Server from
a computer that is running Windows 10 or Windows 8.1, use RSAT
 RSAT include:
o Active Directory Domain Services tools

o DHCP server tools

o DNS server tools

o Failover clustering tools

o File services tools

o Group Policy management tools

o Windows Server Update Services tools

Windows PowerShell (1 of 2)

 Windows PowerShell is a command line shell and scripting language that allows task
automation and configuration management
 Windows PowerShell cmdlets execute at a Windows PowerShell command prompt or
combine into Windows PowerShell scripts
 Cmdlets:
o Are small commands that perform specific functions

o Can be combined to perform multiple tasks

o Can be piped together to perform multiple operations

 Modules:
o Cmdlets specific to a product are packaged together and installed as modules

o Some are installed with the product and some need to be added manually
Windows PowerShell (2 of 2)

 PowerShell Integrated Scripting Environment is a graphical user interface–based tool that

allows you to:
o Run commands and create, modify, debug, and test scripts

o Test the script while in development

 Windows PowerShell remote management:

o Allows Windows PowerShell to remotely run cmdlets on other Windows systems

o Depends on the Windows Remote Management service running on the target

systems
 PowerShell Direct:
o Enables you to run a Windows PowerShell cmdlet or script inside a virtual machine
from the host operating system
Demonstration:
Manage servers
remotely
 Enable PowerShell remote on the Server
Core machine and use PowerShell remote
to restart a service
Lesson 3: Test your knowledge

Refer to the Student Guide for lesson-review questions

Instructor-led
labs: Deploying
and configuring
Windows Server
 Deploying and configuring Server Core
 Implementing and configuring Windows A
dmin Center
Lab: Deploying and configuring Windows Server

 Exercise 1: Deploying and configuring Server Core

 Exercise 2: Implementing and configuring Windows Admin Center

Sign-in information for the exercise(s):

 Virtual machines:
o WS-011T00A-SEA-DC1-B

o WS-011T00A-SEA-ADM1-B

o WS-011T00A-SEA-SVR4

 Username: Contoso\Administrator
 Password: Pa55w.rd
Lab scenario

Contoso wants to implement several new servers in their environment, and they have decide
d to use Server Core. They also they want to implement Windows Admin Center for remote m
anagement of both these servers and other servers in the organization.
Module-review questions (1 of 2)

1. What tool is used for initial configuration of Server Core?

• Windows Admin Center
• PowerShell
• Sconfig
• Server Manager
2. You have Windows Server Standard edition installed and it has DNS and DHCP and Hyper-
V installed. How many virtual machines can you run in Hyper-V before you need to
purchase a license?
• One
• Two
• Unlimited
• None
Module-review questions (2 of 2)

3. True or False
You must install an SSL certificate to use the Windows Admin Center.
4. You want the helpdesk group to only be able to add and remove users from security
groups. How should you accomplish this?
• Add the helpdesk group to the Account Operators group
• Add the helpdesk group to the Server Operators group
• Add the helpdesk group to the Domain Admins group
• Use the Delegation of Control Wizard to assign the task
Module-review answers (1 of 2)

1. What tool is used for initial configuration of Server Core?

• Windows Admin Center
• PowerShell
• Sconfig
• Server Manager
Answer - Sconfig is the best tool for the initial configuration of Server Core. It allows for IP
address assignment, setting computer name, and domain membership
2. You have Windows Server Standard edition install and it has DNS and DHCP and Hyper-V
installed. How many virtual machines can you run in Hyper-V before you need to purchase a
license?
• One
• Two
• Unlimited
• None
Answer - You can run one virtual machine before you have to purchase a license because you
are using this host server for more than just a Hyper-V host.
Module-review answers (2 of 2)

3. True or False
• You must install an SSL certificate to use the Windows Admin center.
Answer- True - a self-generated one is included, but it is only valid for 60 days.

4. You want the helpdesk group to only be able to add and remove users from security
groups. How should you accomplish this?
• Add the helpdesk group to the Account Operators group
• Add the helpdesk group to the Server Operators group
• Add the helpdesk group to the Domain Admins group
• Use the Delegation of Control Wizard to assign the task
Answer - Use the Delegation of Control Wizard to assign the task. Although Account
Operators and Domain Admins would work, it would give unnecessary administrative
rights to the helpdesk group.
Thank you.

© Copyright Microsoft Corporation. All rights reserved.