Configuring Windows Server –
A server is rarely ready to perform all the tasks you have planned for it immediately after installation. Typically some postinstallation configuration is required and further configuration changes might become necessary after the server is in service.
■ Configure Server Core
■ Delegate administration
■ Add and remove features in offline images
■ Deploy roles on remote servers
■ Convert Server Core to and from full GUI
■ Configure services
■ Configure NIC teaming
■ Install and configure Windows PowerShell Desired State Configuration (DSC)
Completing post-installation tasks
As part of the new emphasis on cloud-based services in Windows networking, Windows Server 2012 R2 contains a variety of tools that have been overhauled to facilitate remote server management capabilities.
The new Server Manager, for example, is designed to enable administrators to manage Windows servers without having to interact directly with the server console, either physically or remotely. However, there are some tasks that administrators might have to perform immediately after the operating system installation that require direct access to the server console:
■ Configuring the network connection
■ Setting the time zone
■ Enabling Remote Desktop
■ Renaming the computer
■ Joining a domain
Using GUI tools
In Windows Server 2012 R2, the Properties tile in Server Manager, provides the same functionality as the Initial Configuration Tasks window in previous Windows Server versions. To complete any or all of the post-installation configuration tasks on a GUI Windows Server 2012 R2 installation, you can use the tools in the Properties tile, either by working directly at the server console or by using Remote Desktop to access the server from another computer.
The Ethernet entry in the Properties tile specifies the current status of the computer’s network interface. If there is an active Dynamic Host Configuration Protocol (DHCP) server on the network, the server will have already retrieved an IP address and other settings and used them to configure the interface. If there is no DHCP server on the network, or if you must configure the computer with a static IP address, click the Ethernet hyperlink to display the Network Connections window from the Control Panel. You can use this to open the Ethernet Properties sheet and the Internet Protocol Version 4 (TCP/IPv4) Properties sheet, where you can configure the TCP/IP client.
Accurate computer clock time is essential for Active Directory Domain Services communication. If the server is located in a time zone other than the default Pacific zone, click the Time Zone hyperlink to open the Date and Time dialog box, where you can correct the setting.By default, Windows Server 2012 R2 does not allow Remote Desktop connections. To enable them, click the Remote Desktop hyperlink to open the Remote tab of the System Properties sheet.
In a manual operating system installation, the Windows Setup program assigns a unique name beginning with WIN to the computer. To change the name of the computer and join it to a domain, click the Computer Name hyperlink to open the System Properties sheet and click Change to open the Computer Name/Domain Changes dialog box.
Using command-line tools
If you selected the Server Core option when installing Windows Server 2012 R2, you can perform the same postinstallation tasks from the command line. At the very minimum, you will have to rename the computer and join it to a domain. To do this, you can use the Sconfig.exe or Netdom.exe program.
To rename a computer, run Netdom.exe with the following syntax, as shown in Figure:
netdom renamecomputer %ComputerName% /NewName:
To restart the computer as directed, use the following command:shutdown /r
Then, to join the computer to a domain, use the following syntax:netdom join %ComputerName% /domain: /userd: /passwordd:*
In this command, the asterisk (*) in the /passwordd parameter causes the program to prompt you for the password to the user account you specified.
These commands assume that a DHCP server has already configured the computer’s TCP/IP client. If this is not the case, you must manually configure it before you can join a domain. To assign a static IP address to a computer using Server Core, you can use the Netsh.exe program or the New-NetIPAddress cmdlet in Windows PowerShell.
Converting between GUI and Server Core
In Windows Server 2012 R2, you can convert a computer installed with the full GUI option to Server Core and add the full GUI to a Server Core computer. This is a major improvement in the usefulness of Server Core over the version in Windows Server 2008 R2, in which you can only change the interface by reinstalling the entire operating system.
With this capability, administrators can install servers with the full GUI, use the graphical tools to perform the initial setup, and then convert them to Server Core to conserve system resources. If it later becomes necessary, it is possible to reinstall the GUI components.
To convert a full GUI installation of Windows Server 2012 R2 to Server Core by using Server
Manager, you must run the Remove Roles And Features Wizard and uninstall the following
features, as shown in Figure:
■ Graphical Management Tools And Infrastructure
■ Server Graphical Shell
To add the full GUI to a Server Core computer, you must use Windows PowerShell to install the same features you removed in the previous procedure. To convert a Windows Server 2012 R2 Server Core installation to the full GUI option, use the following Windows PowerShell command:
Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart To convert a full GUI server installation to Server Core, use the following command:
Uninstall-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell -Restart
Configuring NIC teaming
NIC teaming is a feature in Windows Server 2012 R2 that enables administrators to combine the bandwidth of multiple network interface adapters, providing increased performance and fault tolerance. Virtualization enables administrators to separate vital network functions on different systems without having to purchase a separate physical computer for each one. However, one of the drawbacks of this practice is that a single server hosting multiple VMs is still a single point of failure for all of them. A single malfunctioning network adapter, a faulty switch, or even an unplugged cable can bring down a host server and all its VMs.
The objectives for the 70-410 exam specifically mention the use of the NIC teaming feature. Exam candidates should be familiar with this feature and its operation.
NIC teaming, also called bonding, balancing, and aggregation, is a technology that has been available for some time, but it was always tied to specific hardware implementations. The NIC teaming capability in Windows Server 2012 R2 is hardware independent and enables you to combine multiple physical network adapters into a single interface. The results can include increased performance by combining the throughput of the adapters and protection from adapter failures by dynamically moving all traffic to the functioning NICs.
NIC teaming in Windows Server 2012 R2 supports two modes:
■ Switch Independent Mode All the network adapters are connected to different switches, providing alternative routes through the network.
■ Switch Dependent Mode All the network adapters are connected to the same switch, providing a single interface with their combined bandwidth. In Switch Independent Mode, you can choose between two configurations. The active/active configuration leaves all the network adapters functional, providing increased throughput. If one adapter fails, all the traffic is shunted to the remaining adapters. In the active/standby configuration, one adapter is left offline to function as a failover in the event the active adapter fails. In active/active mode, an adapter failure causes a performance reduction; in active/standby mode, the performance remains the same before and after an adapter failure.
In Switch Dependent Mode, you can choose static teaming, a generic mode that balances the traffic between the adapters in the team, or you can opt to use the Link Aggregation Control Protocol defined in IEEE 802.3ax, assuming that your equipment supports it.
In Windows Server 2012, there is one significant limitation to NIC teaming. If your traffic consists of large TCP sequences, such as a Hyper-V live migration, the system will avoid using multiple adapters for those sequences to minimize the number of lost and out-of-order TCP segments. You will therefore not realize any performance increase for large file transfers using TCP. In Windows Server 2012 R2, a new Dynamic Mode splits these large TCP sequences into smaller units and distributes them among the NICs on a team. This is now the default loadbalancing mode in Windows Server 2012 R2.
You can create and manage NIC teams by using Server Manager or Windows PowerShell.
To create a NIC team by using Server Manager, follow these steps.
1. In Server Manager, in the Properties tile, click NIC Teaming. The NIC Teaming window opens, as shown in Figure:
2. In the Teams tile, click Tasks and select New Team to open the New Team page.
3. Click the Additional Properties arrow to expand the window, as shown in Figure:
4. In the Team Name text box, type the name you want to assign to the team.
5. In the Member Adapters box, select the network adapters you want to add to the team.
6. In the Teaming Mode drop-down list, select one of the following options:
■ Static Teaming
■ Switch Independent
7. In the Load Balancing Mode drop-down list, select one of the following options:
■ Address Hash
■ Hyper-V Port
8. If you selected Switch Independent for the Teaming Mode value, use the Standby Adapter drop-down list to select one of the adapters to function as the offline standby.
9. Click OK. The new team is listed in the Teams tile, as shown in Figure
Once you have created a NIC team, the NIC Teaming window enables you to monitor the status of the team and the team interface you have created. The team itself and the individual adapters all have status indicators that inform you if an adapter goes offline.
If this occurs, the indicator for the faulty adapter immediately switches to disconnected, as shown in Figure 1-10, and depending on which teaming mode you chose, the status of the other adapter might also change.
Using Server Manager
The Server Manager tool in Windows Server 2012 R2 is an application that is the most obvious evidence of a major paradigm shift in Windows Server administration. Prior to Windows Server 2012, an administrator who wanted to install a role by using graphical controls had to work at the server console by either physically sitting at the keyboard or by connecting to it by using Remote Desktop Services (formerly Terminal Services). In contrast, the Windows Server 2012 R2 Server Manager can install roles and features to any server on the network. Adding servers The primary difference between the Windows Server 2012 and Windows Server 2012 R2 Server Managers and previous versions is the ability to add and manage multiple servers at once. When you log on to a GUI installation of Windows Server 2012 R2 with an administrative account, Server Manager loads automatically, displaying the Welcome tile.
The Server Manager interface consists of a navigation pane on the left containing icons representing various views of server resources. Selecting an icon displays a home page in the right pane, which consists of a number of tiles containing information about the resource. The Dashboard page, which opens by default, contains, in addition to the Welcome tile, thumbnails that summarize the other views available in Server Manager, as shown in below Figure. These other views include a page for the Local Server, one for All Servers, and others for server groups and role groups.
Although only the local server appears in Server Manager when you first run it, you can add other servers, enabling you to manage them together. The servers you add can be physical or virtual and can be running any version of Windows Server since Windows Server 2003. After you add servers to the interface, you can create groups containing collections of servers, such as the servers at a particular office location or those performing a particular function. These groups appear in the navigation pane, enabling you to administer them as a single entity.
To add servers in Server Manager, use the following procedure.
1. Open Server Manager and, in the navigation pane, click All Servers. The All Servers home page opens, as shown in below Figure.
2. From the Manage menu, select Add Servers. The Add Servers dialog box opens, as
shown in below Figure.
3. Select one of the following tabs to specify how you want to locate servers to add:
■ Active Directory Enables you to search for computers running specific operating systems in specific locations in an Active Directory Domain Services domain
■ DNS Enables you to search for servers in your currently configured Domain Name System (DNS) server
■ Import Enables you to supply a text file containing the names of the servers you want to add
4. Initiate a search or upload a text file to display a list of available servers, as shown in below Figure.
5. Select the servers you want to add and click the right arrow button to add them to the Selected list.
6. Click OK. The servers you selected are added to the All Servers home page. For administrators of enterprise networks, it might be necessary to add a large number of servers to Server Manager. To avoid having to work with a long scrolling list of servers, you can create server groups based on server locations, functions, or any other organizational paradigm.
Adding roles and features
The Server Manager program in Windows Server 2012 R2 combines what used to be separate wizards for adding roles and features into one, the Add Roles And Features Wizard. Once you add multiple servers to the Server Manager interface, they are integrated into the Add Roles And Features Wizard, so you can deploy roles and features to any of your servers.
To install roles and features by using Server Manager, use the following procedure.
1. In Server Manager, from the Manage menu, select Add Roles And Features. The Add Roles And Features Wizard starts, displaying the Before You Begin page.
2. Click Next to open the Select Installation Type page, as shown in below Figure.
3. Leave the Role-Based Or Feature-Based Installation option selected and click Next. The Select Destination Server page opens, as shown in below Figure
4. Select the server on which you want to install the roles or features. If the server pool contains a large number of servers, you can use the Filter text box to display a subset of the pool based on a text string. When you have selected the server, click Next. The Select Server Roles page opens, as shown in below Figure
5. Select the role or roles you want to install on the selected server. If the roles you select have other roles or features as dependencies, an Add Features That Are Required dialog box opens.
6. Click Add Features to accept the dependencies and then click Next to open the Select Features page, as shown in below Figure
7. Select any features you want to install in the selected server and click Next. Dependencies might appear for your feature selections.
8. The wizard then displays pages specific to the roles or features you have chosen. Most roles have a Select Role Services page, on which you can select which elements of the role you want to install. Complete each of the role-specific or feature-specific pages and click Next. A Confirm Installation Selections page opens.
9. You can select from the following optional functions:
■ Restart The Destination Server Automatically If Desired Causes the server to restart automatically when the installation is completed, if the selected roles and features require it
■ Export Configuration Settings Creates an XML script documenting the procedures performed by the wizard, which you can use to install the same configuration on another server by using Windows PowerShell
■ Specify An Alternate Source Path Specifies the location of an image file containing the software needed to install the selected roles and features. Use this option when you have previously deleted the source files from the system using Features on Demand.
10. Click Install to open the Installation Progress page. Depending on the roles and features installed, the wizard might display hyperlinks to the tools needed to perform required post-installation tasks. When the installation is complete, click Close to complete the wizard.
Once you install roles on your servers, the roles appear as icons in Server Manager’s navigation pane. These icons actually represent role groups. Each role group contains all the instances of that role found on any of your added servers. You can therefore administer the role across all of the servers on which you have installed it.
Deploying roles to VHDs
In addition to installing roles and features to servers on the network, Server Manager also enables administrators to install them to VMs that are currently in an offline state. For example, you might have an offline web server VM stored on a backup host server, in case the computer hosting your main web server VMs should fail. Server Manager enables you to select a virtual hard disk (VHD) file and install or remove roles and features without having to deploy the VM.
To install roles or features to an offline VHD file, use the following procedure.
1. In Server Manager, from the Manage menu, select Add Roles and Features. The Add Roles And Features Wizard starts, displaying the Before You Begin page.
2. Click Next to open the Select Installation Type page.
3. Leave the Role-Based Or Feature-Based Installation option selected and click Next. The Select Destination Server page opens.
4. Select the Select A Virtual Hard Disk option. A Virtual Hard Disk text box appears at the bottom of the page.
5. In the Virtual Hard Disk text box, type or browse to the location of the VHD file you want to modify.
6. In the Server Pool box, select the server that the wizard should use to mount the VHD file, as shown in below Figure, and click Next. The Select Server Roles page opens.
7. Select the role or roles you want to install on the selected server, adding the required dependencies if necessary, and click Next. The Select Features page opens.
8. Select any features you want to install on the selected server and click Next. Dependencies might appear for your feature selections.
9. The wizard then displays pages specific to the roles or features you have chosen, enabling you to select role services and configure other settings. Complete each of the role-specific or feature-specific pages and click Next. A Confirmation page opens.
10. Click Install. The Installation Progress page opens. When the installation is complete, click Close to dismount the VHD and complete the wizard.
Most Windows Server roles and many of the features include services, which are programs that run continuously in the background, typically waiting for a client process to send a request to them. Server Manager provides access to services running on servers all over thenetwork.
When you first look at the Local Server home page in Server Manager, one of the tiles you find there is the Services tile, shown in Figure 1-20. This tile lists all the services installed on the server and specifies their operational status and their Start Type. When you right-click a service, the shortcut menu provides controls that enable you to start, stop, restart, pause, and resume the service.
The Services tile in the Server Manager display is similar to the traditional Services snap-in for MMC found in previous versions of Windows Server. However, although you can start and stop a service in Server Manager, you cannot modify its Start Type, which specifies whether the service should start automatically with the operating system. To do that you must use the Services MMC snap-in or the Set-Service cmdlet in Windows PowerShell.
Another difference of the Services tile in Windows Server 2012 R2 Server Manager is that this tile appears in many locations throughout Server Manager and in each place it displays a list of services for a different context. This is a good example of the organizational principle of the new Server Manager. The same tools, repeated in many places, provide a consistent management interface to different sets of components.
For example, when you select the All Servers icon in the navigation pane, you first see the Servers tile, as usual, containing all the servers you have added to the Server Manager console. When you select some or all of the servers and scroll down to the Services tile, you see the same display as before, but now it contains all the services for all the computers you selected. This enables you to monitor the services on all the servers at once.
In the same way, when you select one of the role group icons, you can select from the servers running that role and the Services tile will contain only the services associated with that role for the servers you selected.
To manipulate other server configuration settings, you must use the Services snap-in for MMC as mentioned earlier. However, you can launch that, and many other snap-ins, by using Server Manager.
After selecting a server from the Servers pane in any group home page, click the Tools menu to display a list of the utilities and MMC snap-ins, including the Services snap-in. To manage a remote server with an MMC snap-in, you must manually connect it.
Delegating server administration
As networks grow, so does the number of administrative tasks there are to perform on a regular basis, and so does the IT staff that is needed to perform them. Delegating administrative tasks to specific individuals is a natural part of enterprise server management, as is assigning those individuals the permissions they need—and only the permissions they need—to perform those tasks.
On smaller networks with small IT staffs, it is not uncommon for task delegation to be informal and for everyone in the IT department to have full access to the entire network. However, on larger networks with larger IT staffs, this becomes increasingly impractical. For example, you might want the newly hired junior IT staffers to be able to create new user accounts but not be able to redesign your Active Directory tree or change the CEO’s password.
Delegation is the practice by which administrators grant other users a subset of the privileges that they possess. As such, delegation is as much a matter of restricting permissions as it is of granting them. You want to provide individuals with the privileges they need while protecting sensitive information and delicate infrastructure.
Using Windows PowerShell Desired State Configuration (DSC)
Desired State Configuration (DSC) is the next phase in the development of Windows Power- Shell, a process that began over a decade ago and first appeared as a Windows component in Windows PowerShell 1.0 (released in 2006). Windows Server 2012 expanded the functionality of Windows PowerShell by using the command line infrastructure as an underlayment for all of the new graphical capabilities in the operating system. Windows PowerShell 3.0 added thousands of new cmdlets, making it possible to use the command line to accomplish any task you might otherwise perform in Server Manager.
In Windows PowerShell 4.0, DSC provides a new scripting model that enables administrators to create modules called configurations, which consist of nodes representing computers and resources that define elements that administrators want to define as part of the configuration for a particular node.
For example, a relatively simple script to deploy a Web server might appear as follows:
Ensure = “Present”
Name = “Web-Server”
Ensure = “Present”
Type = “Directory“
Recurse = $true
SourcePath = $WebsitePath
DestinationPath = “C:\inetpub\wwwroot”
Requires = “[WindowsFeature]InstallIIS”
In this script, the Node block identifies the computer to be configured and the WindowsFeature and File blocks are both built-in resources that you can use to define the configuration you want to deploy. The WindowsFeature block specifies that the configuration must install the Web-Server role, and the File block copies the content files for a website to the node from a location defined by the $WebsitePath variable. DSC includes many other built-in resources that you can use to define more complex configuration elements, such as system services, registry settings, environment variables, and user and group accounts. It is also possible for administrators to create their own custom resources.
Once you have created a configuration script, you can deploy it by executing the defined configuration name—in this case CompanyWeb—from a Windows PowerShell prompt.
In large enterprise deployments, administrators can create a centralized DSC server by installing the PowerShell Desired State Configuration Service, a Windows PowerShell feature that uses the Internet Information Services Web server to deploy configuration logic and data to nodes all over the network. After storing DSC configuration scripts on the server, administrators can configure nodes to check periodically for changes in their configurations or configure the server to push new configurations to nodes as needed.