Mastering Windows Server 2016


Jordan Krause
Anderson Patricio
Commissioning Editor
Kartikey Pandey
Acquisition Editor
Meeta Rajani
Technical Editor
Pankaj Kadam
Copy Editor
Laxmi Subramanian
Safis Editing
Rekha Nair
Production Coordinator
Shraddha Falebhai
Cover Work
Shraddha Falebhai

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 2.00 USD
 537 p
 File Size
 16,400 KB
 File Type
 PDF format
 2016 Packt Publishing 

About the Author
Jordan Krause is a Microsoft MVP in the Cloud and Datacenter Management - Enterprise
Security group. He has the unique opportunity to work daily with Microsoft networking
technologies as a senior engineer at IVO Networks. Jordan specializes in Microsoft
DirectAccess, and has authored one of the only books available worldwide on this subject.

Additional writings include books on Windows Server 2012 R2 and the new Windows Server
2016. He spends the majority of each workday planning, designing, and implementing
DirectAccess and VPN solutions for companies around the world.
Committed to continuous learning, Jordan holds Microsoft certifications as an MCP, MCTS,
MCSA, and MCITP Enterprise Administrator. He regularly writes tech notes and articles
reflecting his experiences with the Microsoft networking technologies, which can be found at

Jordan also strives to spend time helping the DirectAccess community, mostly by way of the
Microsoft TechNet forums. Always open to direct contact, he encourages anyone needing
assistance to head over to the forums and find him personally. Jordan lives and works in the
ever-changing climate that is Michigan.

About the Reviewer
Anderson Patricio is a Canadian Microsoft MVP, and is an IT consultant based in Toronto.
His areas of expertise are Microsoft Exchange, Skype for Business, Azure, System Center,
and Active Directory.

Anderson is an active member of the Exchange Community and he contributes to forums,
blogs, articles, and videos. In English, he contributes regularly at,, and In Portuguese, his website,, contains thousands of Microsoft Tutorials to help the local
community, alongside his speaking engagements at TechED in South America and MVA
Academy training courses. You can follow him on Twitter at
He has reviewed several books, such as Windows PowerShell in Action, Bruce Payette and
PowerShell in Practice, Richard Siddaway by Manning Publications, and Microsoft Exchange
2010 PowerShell Cookbook, Mike Pfeiffer by Packt Publishing.

Table of Contents
About the Author
About the Reviewer
eBooks, discount offers, and more
Why subscribe?
Instant updates on new Packt books
What this book covers
What you need for this book
Who this book is for
Reader feedback
Customer support
1. Getting Started with Windows Server 2016
What is the purpose of Windows Server?
It's getting "cloudy" out there
Private cloud
An overview of new features
The Windows 10 experience
Software-Defined Networking
PowerShell 5.0
Built-in malware protection
Soft restart
Nano Server
Web Application Proxy
Shielded virtual machines
Navigating the interface
The new Start menu
The hidden Admin menu
Using the Search function
Pin programs to the taskbar
The power of right-click
Using the new Settings screen
Two ways to do the same thing
Creating a new user through the Control Panel
Creating a new user through the Settings menu
Task Manager
Task View
2. Installing and Managing Windows Server 2016
Installing Windows Server 2016
Burning that ISO
Installing from USB
Running the installer
Installing roles and features
Installing a role using the wizard
Installing a feature using PowerShell
Centralized management and monitoring
Server Manager
Remote Server Administration Tools
Azure Server Management Tools
Does this mean RDP is dead?
Remote Desktop Connection Manager
Sysprep enables quick server rollouts
Installing Windows Server 2016 onto a new server
Configuring customizations and updates onto your new server
Running sysprep to prepare and shut down your master server
Creating your master image of the drive
Building new servers using copies of the master image
3. Core Infrastructure Services
What is a domain controller?
Using AD DS to organize your network
Active Directory Users and Computers
User accounts
Security Groups
Prestaging computer accounts
Active Directory Domains and Trusts
Active Directory Sites and Services
Active Directory Administrative Center
Dynamic Access Control
Read-only domain controllers
The power of Group Policy
The Default Domain Policy
Create and link a new GPO
Filtering GPOs to particular devices
DNS overview
Different kinds of DNS records
Host record (A or AAAA)
Alias record – CNAME
Mail Exchanger record
Name Server record
Ipconfig /flushdns
DHCP versus static addressing
The DHCP scope
DHCP reservations
Back up and restore
Schedule regular backups
Restoring from Windows
Restoring from the disc
MMC and MSC shortcuts
4. Certificates in Windows Server 2016
Common certificate types
User certificates
Computer certificates
SSL certificates
Single-name certificates
Subject Alternative Name certificates
Wildcard certificates
Planning your PKI
Enterprise versus standalone
Root versus subordinate
Can I install the CA role onto a domain controller?
Creating a new certificate template
Issuing your new certificates
Publishing the template
Requesting a cert from MMC
Requesting a cert from the Web interface
Creating an autoenrollment policy
Obtaining a public authority SSL certificate
Creating a Certificate Signing Request (CSR)
Submitting the certificate request
Downloading and installing your certificate
Exporting and importing certificates
Exporting from MMC
Exporting from IIS
Importing onto a second server
5. Networking with Windows Server 2016
Intro to IPv6
Networking toolbox
Packet tracing with Wireshark or Netmon
Building a routing table
Multihomed servers
Only one default gateway
Building a route
Adding a route with Command Prompt
Deleting a route
Adding a route with PowerShell
Software-Defined Networking
Hyper-V Network Virtualization
Private clouds
Hybrid clouds
How does it work?
System Center Virtual Machine Manager
Network Controller
Generic Routing Encapsulation
Microsoft Azure virtual network
Windows Server Gateway
6. Enabling Your Mobile Workforce
DirectAccess – automatic VPN!
The truth about DirectAccess and IPv6
Prerequisites for DirectAccess
Domain joined
Supported client operating systems
DirectAccess servers get one or two NICs?
Single NIC mode
Edge mode with two NICs
More than two NICs?
To NAT or not to NAT?
Installing on the true edge – on the Internet
Installing behind a NAT
Network Location Server
Certificates used with DirectAccess
SSL certificate on the NLS web server
SSL certificate on the DirectAccess server
Machine certificates on the DA server and all DA clients
Do not use the Getting Started Wizard!
Remote Access Management Console
Operations Status
Remote Client Status
DirectAccess versus VPN
Domain-joined versus non-domain-joined
Auto versus manual launch
Software versus built-in
Password and login issues with VPN
Web Application Proxy
Requirements for WAP
Server 2016 improvements to WAP
Preauthentication for HTTP Basic
HTTP to HTTPS redirection
Client IP addresses forwarded to applications
Publishing Remote Desktop Gateway
Improved administrative console
7. Hardening and Security
Windows Defender
Installing Windows Defender
Exploring the user interface
Disabling Windows Defender
Windows Firewall – no laughing matter
Two Windows Firewall administrative consoles
Windows Firewall settings
Windows Firewall with Advanced Security
Three different firewall profiles
Building a new Inbound Rule
How to build a rule for ICMP?
Managing WFAS with Group Policy
Encryption technologies
BitLocker and the Virtual TPM
Shielded VMs
Encrypting File System
Configuring IPsec
Server policy
Secure Server policy
Client policy
IPsec Security Policy snap-in
Using WFAS instead
Advanced Threat Analytics
Lightweight Gateway
General security best practices
Get rid of perpetual administrators
Use distinct accounts for administrative access
Use a different computer to accomplish administrative tasks
Never browse the Internet from servers
Role-Based Access Controls
Just Enough Administration
Device Guard
Credential Guard
8. Tiny Servers
Why Server Core?
No more switching back and forth
Interfacing with Server Core
Cmdlets to manage IP addresses
Setting the server hostname
Joining your domain
Server Manager
Remote Server Administration Tools
Accidentally closing Command Prompt
Roles available in Server Core
Nano Server versus Server Core
Sizing and maintenance numbers
Setting up your first Nano Server
Preparing the VHD file
Creating a virtual machine
Nano Server Image Builder
Administering Nano Server
Nano Server Recovery Console
Remote PowerShell
Windows Remote Management
Other management tools
9. Redundancy in Windows Server 2016
Network Load Balancing
Not the same as round-robin DNS
What roles can use NLB?
Virtual and dedicated IP addresses
NLB modes
Multicast IGMP
Configuring a load balanced website
Enabling NLB
Enabling MAC address spoofing on VMs
Configuring NLB
Configuring IIS and DNS
Test it out
Flushing the ARP cache
Failover clustering
Clustering Hyper-V hosts
Scale-Out File Server
Clustering tiers
Application layer clustering
Host layer clustering
A combination of both
How does failover work?
Setting up a failover cluster
Building the servers
Installing the feature
Running the Failover Cluster Manager
Running cluster validation
Running the Create Cluster wizard
Clustering improvements in Windows Server 2016
Multi-Site clustering
Cross-domain or workgroup clustering
Cluster Operating System Rolling Upgrade
Virtual Machine Resiliency
Storage Replica
Stretch Cluster
Cluster to Cluster
Server to Server
Storage Spaces Direct
10. Learning PowerShell 5.0
Why move to PowerShell?
PowerShell is the backbone
Server Core and Nano Server
Working within PowerShell
Launching PowerShell
Default Execution Policy
Using the Tab key
Useful cmdlets for daily tasks
Using Get-Help
Formatting the output
PowerShell Integrated Scripting Environment
PS1 file
Integrated Scripting Environment
Remotely managing a server
Preparing the remote server
WinRM service
Allowing machines from other domains or workgroups
Connecting to the remote server
Using –ComputerName
Using Enter-PSSession
Testing it with Server Core and Nano Server
Desired State Configuration
11. Application Containers and Docker
Understanding application containers
Sharing resources
The differences between hypervisors and containers
Windows Server Containers versus Hyper-V Containers
Windows Server Containers
Hyper-V Containers
Starting a container with PowerShell
Preparing your container host server
Starting a Windows Server Container
What is Docker?
Docker on Windows Server 2016
Docker Hub
Docker Trusted Registry
12. Virtualizing Your Datacenter with Hyper-V
Designing and implementing your Hyper-V Server
Installing the Hyper-V role
Using virtual switches
External virtual switch
Internal virtual switch
Private virtual switch
Creating a new virtual switch
Implementing a new virtual server
Starting and connecting to the VM
Installing the operating system
Managing a virtual server
Hyper-V Manager
Settings menus
Hyper-V Console, RDP, and PowerShell
Shielded VMs
Encrypting the VHDs
Hyper-V Server 2016

e-books shop

We are in the year 2016. In fact, we are almost towards the end of it! How amazing to look
back and reflect on all of the big changes that have happened in technology over the past 15
years. In some ways, it seems that Y2K has just happened and everyone has been scrambling
to make sure their DOS-based and green screen applications are prepared to handle four-digit
date ranges. It seems unthinkable to us now that these systems could have been created in a
way that was so short-sighted. Did we not think the world would make it to the year 2000?
Today, we build technology with such a different perspective and focus. Everything is
centralized, redundant, global, and cloud driven. Users expect 100% uptime, from wherever
they are, on whatever device that happens to be sitting in front of them. The world has truly changed.

And as the world has changed, so has the world of technology infrastructure. This year, we
are introduced to Microsoft's Windows Server 2016. Yes, we have officially rolled past the
half-way marker of this decade and are quickly on our way to 2020, which has always
sounded so futuristic. We are living in and beyond Doc and Marty's future, we are actually
testing hoverboards, and even some of the wardrobe predictions given to us through cinema
no longer seem so far-fetched.

From a user's perspective, a consumer of data, backend computing requirements are almost
becoming irrelevant. Things such as maintenance windows, scheduled downtime, system
upgrades, slowness due to a weak infrastructure – these items have to become invisible to the
workforce. We are building our networks in ways that allow knowledgeworkers and
developers to do their jobs without consideration for what is supporting their job functions.
What do we use to support that level of reliability and resiliency? Our datacenters haven't
disappeared. Just because we use the words "cloud" and "private cloud" so often doesn't make
it magic. What makes all of this centralized, "spin up what you need" mentality happen is still
physical servers running in physical datacenters.

What drives the processing power of these datacenters for most companies in the world?
Windows Server. In fact, I recently attended a Microsoft conference that had many talks and
sessions about Azure, Microsoft's cloud resource center. Azure is enormous, offering us all
kinds of technologies and leading the edge as far as cloud computing and security
technologies. I was surprised in these talks to hear Windows Server 2016 being referenced
time and time again. Why were Azure presenters talking about Server 2016? Because
Windows Server 2016—the same Server 2016 that you will be installing into your datacenters
—is what underpins all of Azure. It is truly ready to service even the heaviest workloads, in
the newest cloud-centric ways. Over the last handful of years, we have all become familiar
with Software-Defined Computing, using virtualization technology to turn our server
workloads into a software layer. Now we are hearing more and more about expanding on this
idea with new technologies such as Software-Defined Networking and Software-Defined
Storage, enhancing our ability to virtualize and share resources at a grand scale.

In order to make our workloads more flexible and cloud-ready, Microsoft has taken some
major steps in shrinking the server platforms themselves and creating brand new ways of
interfacing with those servers. We are talking about things like Server Core, Nano Server,
Containers, Hyper-V Containers, and the Server Management Tools. Windows Server 2016
brings us many new capabilities, and along with those capabilities come many new acronyms
and terminology.

Let's take some time together to explore the inner workings of the newest version of this
server operating system, which will drive and support so many of our business infrastructures
over the coming years. Windows Servers have dominated our datacenter's rackspaces for
more than two decades, will this newest iteration in the form of Windows Server 2016
continue that trend?

What you need for this book
Each technology that we discuss within the pages of this book is included in or relates directly
to Windows Server 2016. If you can get your hands on a piece of server hardware and the
Server 2016 installer files, you will be equipped to follow along and try these things out for
yourself. We will talk about and reference some enterprise-class technologies that require
stiffer infrastructure requirements, and so you may have to put the actual testing of those
items on hold until you are working in a more comprehensive test lab or environment, but the
concepts are all still included in this book.

We will also discuss some items that are not included in Server 2016 itself, but are used to
extend the capabilities and features of it. Some of these items are provided to us by Azure,
such as the Server Management Tools, and some are provided by third parties, such as in the
case of using Docker to interact with your containers. Ultimately, you do not need to use these
tools in order to manage your new Windows Server 2016 environment, but they do enable
some pretty cool things that I think you will want to look into.

Who this book is for
Anyone interested in Windows Server 2016 or in learning more in general about a Microsoftcentric
datacenter will benefit from this book. An important deciding factor when choosing
which content was appropriate for such a volume was making sure that anyone who had a
baseline in working with computers could pick this up and start making use of it within their
own networks. If you are already proficient in the Microsoft infrastructure technologies and
have worked with prior versions of Windows Server, there are some focused topics on the
parts and pieces that are brand new only in Server 2016. On the other hand, if you are
currently in a desktop support role or if you are coming fresh into the IT workforce, care was
taken in the pages of this book to ensure that you will receive a rounded understanding not
only of what is brand new in Server 2016, but what core capabilities it includes that are carryover
from the previous versions of the operating system, but are still critical knowledge to
have when working in a Microsoft-driven datacenter.
Loading... Protection Status