windows server 2012: up and running - cdn
TRANSCRIPT
oreilly.comSpreading the knowledge of innovators
Want to read more?
You can buy this book at oreilly.comin print and ebook format.
Buy 2 books, get the 3rd FREE!Use discount code: OPC10
All orders over $29.95 qualify for free shipping within the US.
It’s also available at your favorite book retailer,including the iBookstore, the Android Marketplace,
and Amazon.com.
ISBN: 978-1-449-32075-1
[LSI]
Windows Server 2012: Up and Runningby Samara Lynn
Copyright © 2013 Samara Lynn. All rights reserved.Printed in the United States of America.
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.
O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions arealso available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or [email protected].
Editor: Rachel RoumeliotisProduction Editor: Holly BauerCopyeditor: Rachel Monaghan
Proofreader: Rebecca FreedIndexer: Lucie HaskinsCover Designer: Randy ComerInterior Designer: David FutatoIllustrator: Rebecca Demarest
December 2012: First Edition
Revision History for the First Edition:
2012-11-09 First release
See http://oreilly.com/catalog/errata.csp?isbn=9781449320751 for release details.
Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’ReillyMedia, Inc. Windows Server 2012: Up and Running, the image of an Ariel gazelle, and related trade dress aretrademarks of O’Reilly Media, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed astrademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a trade‐mark claim, the designations have been printed in caps or initial caps.
While every precaution has been taken in the preparation of this book, the publisher and authors assumeno responsibility for errors or omissions, or for damages resulting from the use of the information containedherein.
Table of Contents
Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
1. Windows Server 2012: Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Introducing Windows Server 2012 1New Capabilities and Updated Features 2
Installation and Interface 2Management 3Windows PowerShell 3.0 4Storage 5Remote Access 5Networking 5Hyper-V 3.0 6IIS 8 8Security 9Clustering 9
Requirements 10Summary 10
2. Windows Server 2012 Requirements and Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Server 2012 Editions 11
Server 2012 Datacenter 12Server 2012 Standard 12Server 2012 Essentials 13Server 2012 Foundation 13
Server 2012 Requirements 13Hyper-V 3.0 Requirements 14
Installing Server 2012 14Server Core Install 16Server with a GUI Install 25
Switching Between Install Modes 28
iii
Converting Server Core to Server with a GUI 29Converting Server with a GUI to Server Core 33
Deploying Minimal Server Interface 34Customizing the Interface with Features on Demand 35Summary 37
3. Managing Server 2012. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Server 2012’s Interface 40
Navigating the Tiled Interface 42Accessing and Running Management Tools 45Customizing the Interface 46
Logging Off, Restarting, and Shutting Down 50Performing Searches 51Server Manager 52
Launching and Working with Server Manager 52Managing Server 2012 Remotely 61
Installing RSAT 62Summary 65
4. Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Deploying Active Directory Domain Services 68
Installing Active Directory 68Adding Machines to a Server 2012 Domain 74
Joining Windows 7 to a Server 2012–Level Domain 74Joining Windows 8 to a Server 2012–Level Domain 77Joining Server 2012 to a Server 2008 R2–Level Domain 79
Managing Active Directory 79Navigating ADAC 80AD Recycle Bin 84Performing Searches in ADAC 86Windows PowerShell History 88
Using PowerShell to Deploy Active Directory 89Summary 91
5. Managing Users and Data with Dynamic Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . 93The Building Blocks of DAC 94Requirements and Predeployment Pointers 95Deploying DAC 96
Preparing Claims 96Configuring Resource Property for Files 97Adding a Resource Property to the Global Resource Property List 99Creating a New Central Access Rule 99
iv | Table of Contents
Creating a Central Access Policy 101Publishing a Central Access Policy 101Configuring the File Server 102Adding the Central Access Policy to the Folder 102Validating the Configuration 102
Access Denied Remediation 105Deploying Access Denied Remediation 106
Auditing 107Automatic File Classification 109Encrypting Classified Data 111Summary 111
6. Storage Management and Clustering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113ReFS Versus NTFS 114Creating a Storage Space 115Clustering 117
Installing Failover Clustering 119Creating a Cluster 119Cluster-Aware Updating 126
Summary 128
7. Hyper-V. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Requirements 133Installing the Hyper-V Role 134Creating and Configuring Virtual Machines 137
Configuring Virtual Disks 137Creating Virtual Machines 139
Managing Virtual Machines and Virtual Disks 141Live-Migrating Virtual Machines 141Hyper-V Replica 144Cloning Virtual Domain Controllers 146Merging Snapshots 149
Performance and Virtual Network Management 150Resource Metering 150
Summary 153
8. Networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155IPAM 157
Installing IPAM 157Configuring IPAM 158Using IPAM 163
NIC Teaming 175
Table of Contents | v
Quality of Service 178QoS Policies 180
Hyper-V Extensible Network Switch 180Configuring Private VLANs 180
Summary 183
9. Remote Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Unified Remote Access 185
Requirements 187DirectAccess 187
Deploying DirectAccess 188Configuring DirectAccess 189
BranchCache 195Requirements 196Deploying BranchCache 196Configuring the Windows Firewall 199Deploying the BranchCache Role via Server Manager 200Deploying the BranchCache Role with PowerShell 200Prepping and Testing Client Connectivity 202
Virtual Desktop Infrastructure 202Remote Desktop Services (RDS) 205Remote Desktop Services Install 205Remote Desktop Services Management 210Associating Apps to a Collection and Publishing Remote Apps 212Adding Published Apps to the RD Web Folder 213Connecting Clients to Remote Apps 214Installing RemoteFX 216
Summary 216
10. Troubleshooting, Securing, and Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Server Manager 218
Adding a Server 218Creating Server Groups 220The Alert Flag 222Best Practices Analyzer 223
Windows PowerShell 3.0 224Security 229
BitLocker 229Other Security Enhancements 231
Summary 232
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
vi | Table of Contents
CHAPTER 1
Windows Server 2012: Overview
Introducing Windows Server 2012The purpose of this book is to introduce and familiarize system administrators, or any‐one who needs to get up and running with Windows Server 2012, with the platform’smajor new features and improvements and how to implement them. First, I’ll offer alittle background on the evolution of Microsoft’s newest server operating system.
Three years after the launch of Windows Server 2008 R2, Microsoft unveiled WindowsServer 2012, its latest server operating system. Server 2012 is the most significant serverrelease since the update from Windows Server NT 3.51 to NT 4.0, which introduced themodern graphical interface to Windows Server.
Server 2012 is just as significant because, arguably, for the first time in a Windows Serverrelease, it represents a server product based on the needs and wants of consumers ratherthan solely on the needs of the enterprise.
Server 2012 is designed for compatibility with and support for three major and currentcomputing trends, all driven primarily by consumer demand: cloud computing, virtu‐alization, and the continued “consumerization of IT,” which is the surging demand fromthe workforce to use personal technology devices—in particular, mobile devices—in thework environment.
Microsoft has engineered Server 2012 to meet these three market trends with severalupgrades and enhancements. Virtualization and cloud computing needs are met by newvirtualization technologies baked into Hyper-V 3.0. Some of the capabilities include theability to connect a datacenter to a public cloud, and features that allow system admin‐istrators to build hybrid and multitenant private clouds. Server hardware, storage, andnetworks can be virtualized, thereby reducing power costs, centralizing administration,and allowing for fast and efficient scalability as an infrastructure grows.
1
The consumerization of IT is a trend that has been of particular consternation to thefield. As personal technology devices become more sophisticated and ubiquitous, peopleincreasingly want to use their personal devices in the office. IT has to perform thedelicate balancing act between maintaining control over the business networks thatthese devices access and delivering a rich user experience.
Server 2012 lends itself to navigating this balancing act with enhancements to RemoteDesktop Services (RDS) and Virtual Desktop Infrastructure (VDI). Microsoft has madeWAN-side improvements in VDI so that the remote desktop experience is as robust asconnecting to apps and network resources within a LAN. Administration of RemoteDesktop Services and remote clients is now centralized in an updated Server Manager,a one-stop shop that compiles all the primary tools a system administrator needs tomanage a Windows infrastructure in a single interface.
Security improvements accommodate employees’ personal devices to prevent data leak‐age, to retain strong access controls, and to adhere to compliance regulations such asSarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act(HIPAA). Overall, these are improvements with Dynamic Access Control (DAC)—thecontrol over security and compliance in an organization in continuous and periodicintervals.
Server 2012 not only meets the changing technology needs of the workplace, but it alsorolls out new capabilities and beefed-up legacy features. There is an abundance of newfeatures and enhancements, some of them “under the hood” and not readily apparentto a user.
New Capabilities and Updated FeaturesHere’s a quick, at-a-glance overview of some of those new features and enhancements.
Installation and InterfaceInstallation options for Server 2012 carry over from Server 2008 R2. As with Server 2008R2, Server 2012 installs in two primary ways: Server Core or Server with a GUI (graph‐ical user interface).
Server Core installation is the default option and reduces the amount of system resourcesneeded to run a GUI install, optimizing server performance. A Server Core install reduces the amount of disk space needed as well as the servicing requirements and theserver’s potential attack surface.
Server with a GUI installation is the same as the Full Installation option in Server 2008R2. The full graphical interface of Server 2012 is loaded, including the new Windows8–like, modern UI–style interface and all the graphical tools needed to manage theserver.
2 | Chapter 1: Windows Server 2012: Overview
A new installation feature is the ability to switch between install options. For example,you may initially opt for the Server with a GUI install and use the graphical tools toconfigure the server. You can then switch to the Server Core installation and take ad‐vantage of its resource conservation and security.
This ability to switch between installation options creates an intermediary installation state called Minimal Server Interface. This interface is the result of starting with theServer with a GUI installation and then switching over to a Server Core install. WithMinimal Server Interface, the Microsoft Management Console (MMC), Server Man‐ager, and a subset of Control Panel are installed.
Whichever installation option you choose, you can remove any binary files for featuresand server roles you don’t need. This is made possible by the new Features on Demandcapability. Because you can cherry-pick features, you can still save disk space and reducethe server’s attack surface after performing a Server with a GUI installation.
The new interface loaded after a Server with a GUI install is based on the tiled interfaceof the Windows 8 client. You can use this interface to perform common administrativetasks such as searching for and opening common management tools, creating shortcutsto frequently used programs, and running programs with elevated permissions. Pro‐grams like Internet Explorer are now Windows 8–style apps and work in very much thesame way that mobile apps do; instead of being closed, apps are minimized in the back‐ground and become inactive.
ManagementServer Manager, introduced in the first release of Windows Server 2008, provides servermanagement based on server roles such as Active Directory Domain Services, DomainName System (DNS), and Dynamic Host Configuration Protocol (DHCP). In Server2012, Server Manager has a tile-based, modern interface. In addition to managing thelocal server, Server Manager now supports multiserver management.
Most administrative tasks can now be performed through the updated Server Managerutility. These tasks include deploying features and roles remotely to physical and virtualservers.
Server Manager now integrates other management tools such as RDS, IPAM (Internetprotocol address management), Hyper-V, and file and storage management. Adminis‐trators can use the enhanced Server Manager dashboard as a centralized launching pointfor most server management tools.
Active Directory (AD) is also fundamental in managing a Windows environment, andimprovements have been made in Active Directory Domain Services. dcpromo, the command used to promote domain controllers, is integrated within the Server Manager
New Capabilities and Updated Features | 3
dashboard. The Active Directory installation wizard, built on PowerShell, is easier thanever to use, due to prerequisite checks and remediation actions in the case of installationissues—all part of the install process. An AD install can also be launched remotely withRSAT (Remote Server Administration Tools) installed on the Windows 8 client.
Management, as well as security, is strengthened with Dynamic Access Control. You cantag files and apply policies based on file classification. For instance, files can be taggedas “Human Resources only,” and policies can be set to limit access only to the HumanResources groups. New support for expressions in access control lists (i.e., setting uppermissions using an expression such as “User is member of <this group> AND/OR<that group>”) gives granular access control management.
Central access policies and claims-based definitions also help manage security and ver‐ify user authentication across an organization. Access-denied remediation allows ad‐ministrators to troubleshoot “access denied” messages users may receive when accessingfiles and folders, and allow administrators to give on-the-fly access if needed. File andfolder classifications, such as classifying documents as “Internal only” or “Confidential”is done through the File System Resource Manager.
The familiar tool CHKDSK, used to check volumes for problems, has been enhanced.Microsoft claims that CHKDSK can check 300 million files in eight seconds while vol‐umes are still online and running.
Windows PowerShell 3.0Microsoft encourages system administrators to perform many server management tasksusing enhanced PowerShell scripting with Server 2012. In the past, using PowerShellrequired learning the cmdlets (pronounced “commandlets”) and syntax needed to man‐age a Windows environment. Many system administrators simply found using thegraphical management tools easier.
PowerShell 3.0 eases that learning curve in several ways. First, PowerShell 3.0 uses asimplified language syntax that is closer to natural language. Also, improved cmdletdiscovery plus automatic module loading makes finding and running cmdlets easierthan ever. The Windows PowerShell Integrated Scripting Environment (ISE) 3.0 helpsPowerShell beginners with scripting and gives advanced editing support.
Server 2012 includes over 140 new PowerShell cmdlets for managingnetworking features and Hyper-V.
4 | Chapter 1: Windows Server 2012: Overview