Windows Server 2012

Chapter 1: Installing & Configuring Servers

- Install servers
- Configure servers
- Configure local storage

Editions:
- Datacenter: for large and powerful servers with up to 64 processors and include fault-tolerance features such as hot-
add processor support. This edition is available only through the Microsoft volume-licensing program and is bundled
with a server from original equipment manufacturers (OEMs). One physical / Unlimited Virtual
- Standard: Includes full features of but only 2 VM’s and one Physical. (You can create more than one if you purchase lic)
- Essentials: No server core, Hyper-V, Active Directory services. One Physical or One Virtual with 25 Clients.
- Foundation: For small businesses that require only basic server features, such as file and print services and application
support. Comes pre-installed with server hardware, includes no virtualization rights, and is limited to 15 users.

Physical operating system environment (POSE)

Virtual operating system environment (VOSE)

Retail: No datacenter & Foundation

Volume License: No Foundation
OEM: ALL Editions (Original Equipment Manufacturer)

Min Requirements: 64bit processor, 512MB ram, 32GB disk, Internet, 1024x768.
Max: 640Processors, 4TB ram, 64 failover cluster nodes.

Server Core: stripped-down version of the operating system. (+) Reduced disk space, patch frequency, attacks, less services
running.

Server Core roles available: Active Directory Certificate Services, Active Directory Domain Services, Active Directory Lightweight
Directory Services, Active Directory Rights Management Services, DHCP Server, DNS Server, File and Storage Services, Hyper-V,
Print and Document Services, Remote Access, Web Server (IIS), Windows Server Update Services
Not available: Active Directory Federation Services, Application Server (deprecated), Fax Server, Network Policy and Access
Services, Remote Desktop Gateway, Remote Desktop Session Host, Remote Desktop Web Access, Volume Activation Services,
Windows Deployment Services.

Minimal Server Interface: MMC, Device Manager, Powershell

For minimal you have to remove Server graphical shell.

WinSxS: Side by side component store. (~5GB). Includes all the files of the operating system components, so you can activate or
disable features.

Features on Demand: enable, disable, disabled with payload removed (the last also removes the files from the WinSxS that may
be security risk.
To implement this third state, you must use the Windows PowerShell:
“Uninstall-WindowsFeature Server-Gui-Shell –Remove” – Remove feature on demand with remove.
Once you delete the source files for a feature from the WinSxS folder, they are not irretrievable. If you attempt to enable that
feature again, the system will download it from Windows Update.

If you have a 64-bit computer running Windows Server 2008 or Windows Server 2008 R2, you can upgrade it to Windows Server
2012 R2 as long as you use an appropriate operating system edition. Windows Server 2012 R2 does not support the following:
■ Upgrades from Windows Server versions prior to Windows Server 2008
■ Upgrades from pre-RTM editions of Windows Server 2012 R2
■ Upgrades from Windows workstation operating systems
■ Cross-platform upgrades, such as 32-bit Windows Server 2008 to 64-bit Windows Server 2012 R2
■ Upgrades from any Itanium edition
■ Cross-language upgrades, such as from Windows Server 2008, U.S. English to Windows Server 2012 R2, French
Note: If an unsigned driver prevents the computer from starting, you can disable the driver signature requirement by pressing
F8 during the startup, selecting Advanced Boot Options, and then selecting Disable Driver Signature Enforcement.

Migrating Roles (Preferred Method)

By using the Windows Server Migration tools, you can migrate data between servers under any of the following conditions:
between versions, platforms, editions, physical & VM and server core to GUI.
“Install-WindowsFeature Migration”
Once you have install MSMT to both source and destination SRV you can proceed to migration. MS provides guides to migrate all
features.
“C:\windows\system32\ServerMigrationTools\smigdeploy /package”

"sconfig" - Setup Configurator

"netsh interface ipv4 show interfaces" - Show Interfaces (ipconfig)

“netsh interface ip set address "Local Area Connection" static 192.168.1.125 255.255.255.0 192.168.1.1” – Set Static IP
"netsh interface ip set dns "Local Area Connection" static 192.168.1.1 primary" - Staic DNS

"netsh interface ip set address "Local Area Connection" source=dhcp" - DHCP IP

"netsh interface ip set dns "Local Area Connection" source=dhcp" - DHCP DNS

"netsh interface set interface name="Local Area Connection" newname="Ethernet1" - Rename Adapter

"hostname"
"netdom renamecomputer %Computername% /NewName:<NewName>" - Rename Server
"netdom join <ComputerName> /domain:<DomainName> /userd:<UserName> /passwordd:*" - Domain Join
"net localgroup administrators /add <DomainName>\<UserName>" - Add Domain user to local admins
"shutdown /r /t /0" - Restart Server

"slmgr.vbs –ipk<productkey>" - Enter Key for activation

"slmgr.vbs -ato" - Activate Server (If activation is successful, no message will return in the command prompt.)

"cscript %windir%\system32\scregedit.wsf /ar 0" - Enable Remote Desktop

"cscript %windir%\system32\scregedit.wsf /ar /v " - Verify status

"query session /server:SEA-SC2" - Query remote desktop sessions in server

"logoff 2 /server:SEA-SC2" - Logoff session

"Enable-NetFirewallRule -DisplayGroup “Remote Desktop”" - Enable firewall rule

"Disable-NetFirewallRule -DisplayGroup “Remote Desktop”" - Disable firewall rule

“Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart” – Server Core to GUI

“Uninstall-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart” – Full to Core

Nic Teaming
- Increase performance
- Fault tolerance

Modes:
- Switch Independent Mode All the network adapters connected to different switches, providing alternative routes
through the network.
- Switch Dependent Mode All the network adapters connected to the same switch, providing a single interface with their
combined bandwidth.

In Switch Independent Mode, you can choose between two configurations. The active/ active configuration leaves all the
network adapters functional, providing increased throughput. If one adapter fails, all the traffic shunted to the remaining
adapters. In the active/standby configuration, one adapter left offline to function as a failover in the event the active adapter
fails. In active/active mode, an adapter failure causes a performance reduction; in active/standby mode, the performance
remains the same before and after an adapter failure. In Switch Dependent Mode, you can choose static teaming, a generic
mode that balances the traffic between the adapters in the team, or you can opt to use the Link Aggregation Control Protocol
defined in IEEE 802.3ax, assuming that your equipment supports it.

“Install-WindowsFeature –ConfigurationFilePath <ExportedConfig.xml>” - Install roles to another server with exported xml.

Deploy roles in VHD (offline) in add roles and features you select the disk.
Estimating Storage space needed on a server by the needs of application and users + growth.
Storage Spaces: concatenate storage space from individual physical disks and allocate that space to create virtual disks
“Just a Bunch of Disks” (JBOD) arrays.

Partitioning style:
- (MBR) partition style and the GUID (globally unique identifier) partition table
- (GPT) partition style. You must choose one of these partition styles for a drive; you cannot use both.

Note: Unless the computer’s architecture provides support for an Extensible Firmware Interface (EFI)–based boot partition, it is
not possible to boot from a GPT disk.

Disk types:
- Basic disk
- Dynamic disk (Called Volumes)

When you use Server Manager to initialize a disk in Windows Server 2012 R2, it uses the GPT partition style, whether it is a
physical or a virtual disk. There are no controls in Server Manager supporting MBR, although it displays the partition style in the
Disks tile.

Basic MBR disks > three Primary partitions 1 Extended. GPT Style volumes 128 primary with no extended

Volume Types
A dynamic disk can contain an unlimited number of volumes that function much like primary partitions on a basic disk, but you
cannot mark an existing dynamic disk as active.
- Simple: Can extend or shrink to multiple disks as long as it is not a system or boot volume.
- Spanned: Consist of space from 2 to 32 physical dynamic disks. Combine space from multiple disks into a single large
volume. Fill space of the first disk and then continue to the next.
- Striped: Consist of space from 2 to 32 physical dynamic disks. System write one stripe at a time to each disk. (Increase
performance). Cannot extend after creation.
- Mirrored: Two dynamic disks with identical space. Read-write on all disks simultaneously. If one disks fails, the other
provide access to data.
- RAID-5: Three dynamic disks. The system stripes data and parity information across all the disks so that if one physical
disk fails, the missing data can re-created by using the parity information on the other disks. Provide improved read
performance because of the disk striping, but write performance suffers due to the need for parity calculations.

File systems: NTFS, fat32, exFat, fat, Refs.

ReFS is a new file system first appearing in Windows Server 2012 R2 that offers practically unlimited file and directory sizes and
increased resiliency that eliminates the need for error- checking tools. No encryption, file compression & disk quota.

"Get-PhysicalDisk -CanPool $true" - List all physical disks

"New-StoragePool -FriendlyName "LUN-1TB"
-StorageSubSystemUniqueId (Get-StorageSubSystem -FriendlyName "*Space*").uniqueID
-PhysicalDisks (Get-PhysicalDisk -CanPool $true)" - Create storage pool

"New-VirtualDisk -FriendlyName "Datastore01"

-StoragePoolFriendlyName "LUN-1TB" -Size 200GB
-ProvisioningType Thin -ResiliencySettingName Mirror" - Create virtual Disk

"Get-VirtualDisk -FriendlyName "Datastore01" | Get-Disk" Locate disk created

"Initialize-Disk -Number 5" - Initialize disk
"New-Partition -DiskNumber 5 -UseMaximumSize -AssignDriveLetter" Create partition
"Format-Volume -DriveLetter D -FileSystem NTFS -NewFileSystemLabel "DataStore01"" Format disk

Chapter 2: Configuring Servers roles and features

Objectives
- Configure file and share access
- Configure print and document services
- Configure servers for remote management

Note: Network Discovery: For the users on the network to be able to browse the shares you create on the file server in File
Explorer, you must make sure the Network Discovery settings and the File Sharing settings are turn on in the Network and
Sharing Center control panel.
Supports two types of shares:
- Server Message Blocks (SMB) (Windows)
- Network File System (NFS) (Linux Unix Standard)

To create and manage SMB shares you have to install File server role. For NFS shares, you must install NFS role service.
From the File Share Profile list, select one of the following options:
- SMB Share–Quick Provides basic SMB sharing with full share and NTFS permissions
- SMB Share–Advanced Provides SMB sharing with full share and NTFS permissions and access to services provided by
File Server Resource Manager
- SMB Share–Applications Provides SMB sharing with settings suitable for Hyper-V and other applications
- NFS Share–Quick Provides basic NFS sharing with authentication and permissions
- NFS Share–Advanced Provides NFS sharing with authentication and permissions and access to services provided by File
Server Resource Manager

Share Settings:
- Enable Access-Based Enumeration (ABE) Prevents users from seeing files and folders they do not have permission to
access.
- Allow Caching of Share Enables offline users to access the contents of this share
- Enable BranchCache on the File Share Enables BranchCache servers to cache files accessed from this share.
- Encrypt Data Access Causes the server to encrypt remote file access to this share.

Permissions
- Share Permissions: Control access to folders over the network.
- NTFS Permissions: Control access to the files and folders stored on disk volumes formatted with NTFS, locally or over
the network.

Note: Basic permissions known as standard and advanced as special.

Permissions are stored in ACL in the form of ACE (Access control entries).

Allow – Deny
- Additive start with no permissions and then grant Allow permissions to individual security principals to give them the
access they need.
- Subtractive Start by granting all possible Allow permissions to individual security principals, giving them full control
over the system element, and then grant them Deny permissions for the access you do not want them to have.

Prevent subordinate elements from inheriting permissions from their parents:

- Turn off inheritance when you assign advanced permissions, you can configure an ACE not to pass its permissions down
to its subordinate elements. This effectively blocks the inheritance process.
 - Deny permissions When you assign a Deny permission to a system element, it overrides any Allow permissions that the
element might have inherited from its parent objects.

Volume Shadow Copies enables you to maintain previous versions of files on a server, so if users accidentally delete or
overwrite files, they can access a previous copy of those files. You can implement Volume Shadow Copies only for an entire
volume; you cannot select specific shares, folders, or files.

Quotas types:
- NTFS Quotas (exceed space denies save or warning user)
- File server Resources Manager Quotas (more flexible in the limits and the responses of the program. Can send email,
execute commands, generate reports)

Work Folders enables administrators to provide their users with synchronized access to their files on multiple workstations and
devices while storing them on a network file server. The principle is roughly the same as Microsoft’s SkyDrive service.

Network Printing
- Users examining the print queue see only their own jobs
- Administrators have no way of centrally managing the print queue because each client has its own print queue.

Network-Attached Printer Sharing

- All the client jobs are stored in a single print queue, so users and administrators can see a complete list of the jobs
waiting to be printed.
- Administrators can manage all the queued jobs from a remote location.
- Administrators can implement printer pools and other advanced printing features.
- Administrators can manage security, auditing, monitoring, and logging functions from a central location.

The component that enables Remote Desktop clients to print to their local print devices called Easy Print.

Users with the Allow Manage This Printer permission can go beyond manipulating queued documents; they can reconfigure the
printer itself. Managing a printer refers to altering the operational parameters that affect all users and controlling access to the
printer.

To create a printer pool, you must have at least two identical print devices, or at least two print devices that use the same
printer driver.

Print and Document Service Role

- Print Server Installs the Print Management console for Microsoft Management Console (MMC), which enables
administrators to deploy, monitor, and manage printers throughout the enterprise
- - Distributed Scan Server Enables the computer to receive documents from network-based scanners and forward them
to the appropriate users
- - Internet Printing Creates a website that enables users on the Internet to send print jobs to shared Windows printers
- LPD Service Enables UNIX clients running the line printer remote (LPR) program to send their print jobs to Windows
printers

Print Management console can installed without the role by adding the Print and Document Services Tools feature, found under
Remote Server Administration Tools, Role Administration Tools in the Add Roles and Features Wizard.

Deploy printers with GPO (Google Guide)

To manage a non-domain joined server using Server Manager, you must first complete the following tasks:
1. Supply administrative credentials for the non-domain joined server
2. Add the non-domain joined server to the system’s WS-Management TrustedHosts list to add non-domain joined servers
to Server Manager, you must use the DNS option or the Import option in the Add Servers Wizard.

WSMan:\localhost\Client\TrustedHosts
“Set-Item WSMan:\localhost\Client\TrustedHosts –value <servername> -force” – Add server to manage to the list

Windows Management Instrumentation

WinRM is enabled by default on Windows Server 2012 R2.
“Configure-SMRemoting.exe –Get|–Enable|-Disable” – Manage WinRM
If you attempt to launch MMC snap-ins targeting a remote server, such as the Computer Management console, you will receive
an error because of the default Windows Firewall settings in Windows Server 2012 R2.

To address this problem, you must enable the following inbound Windows Firewall rules on the remote server you want to
manage:
■ COM+ Network Access (DCOM-In)
■ Remote Event Log Management (NP-In)
■ Remote Event Log Management (RPC)
■ Remote Event Log Management (RPC-EPMAP)

To modify the firewall rules on the remote system, you can use any one of the following methods:
1. GPO
2. “Set-NetFirewallRule –name <rule name> –enabled True”

To obtain the Windows PowerShell names for the preconfigured rules in Windows Firewall, use the Get-NetFirewallRule
command. The resulting commands to enable the four rules listed earlier are as follows:
“Set-NetFirewallRule –name ComPlusNetworkAccess-DCOM-In –enabled True”
“Set-NetFirewallRule –name RemoteEventLogSvc-In-TCP –enabled True”
“Set-NetFirewallRule –name RemoteEventLogSvc-NP-In-TCP –enabled True”
“Set-NetFirewallRule –name RemoteEventLogSvc-RPCSS-In-TCP –enabled True”

To add WinRM support to servers running Windows Server 2008 or Windows Server 2008
R2, you must download and install the following updates:
.NET Framework 4.0 - Windows Management Framework 3.0
After you install the updates, the system automatically starts the Windows Remote
Management service, but you must still complete the following tasks on the remote server:
1. Enable the Windows Remote Management (HTTP-In) rules in Windows Firewall.
2. Create a WinRM listener by running the winrm quickconfig command at a command prompt with Administrative
privileges.
3. Enable the COM+ Network Access and Remote Event Log Management rules in Windows Firewall, as described in the
previous section.

Session to remote Server

“Enter-PSSession <remote server name> -credential <user name>”
“Get-WindowsFeature” - List roles and features
“Add-WindowsFeature <feature name>”
“Exit-PSSession”

Remote Server Administration Tools to manage windows servers from clients.

Chapter 3: Configure Hyper-V

- Create and configure virtual machine settings

- Create and configure virtual machine storage
- Create and configure virtual networks

- A Windows Server 2012 R2 Hyper-V host system can have up to 320 logical processors, supporting up to 2,048 virtual
CPUs and up to 4 terabytes (TB) of physical memory.
- One server can host as many as 1,024 active VMs and a single VM can have up to 64 virtual CPUs and up to 1 TB of
memory.
- Hyper-V can also support clusters with up to 64 nodes and 8,000 VMs.
- Microsoft provides a dedicated HYPER-V server product limited to the server Core interface.

Hardware Requirements:
- 64bit processor with VT enabled
- Hardware-enforced Data Execution Prevention (DEP), which Intel describes as eXecute Disable (XD) and AMD describes
as No eXecute (NX). This is a technology used in CPUs to segregate areas of memory. Specifically, you must enable the
Intel XD bit (execute disable bit) or the AMD NX bit (no execute bit).

“Install-WindowsFeature –Name Hyper-V –ComputerName <name> IncludeManagementTools –Restart” – Hyper-V role

Files:
- XML – configuration files of the VM
 - VHD – Disks (VHD up to 2TB and VHDx up to 64TB)
- VSV – saved-state
- AVHD – checkpoint files

“New-VM –Name “VM name” –MemoryStartupBytes <memory> –NewVHDSizeBytes <disk size>” – New VM creation
“New-VM –Name “ServerA” –MemoryStartupBytes 1GB NewVHDSizeBytes 60GB” – Example
“Get-Help New-VM –Name” – help for a VM

Generation 1 VMs are designed to emulate the hardware found in a typical computer.(xp, linux,7 …)
Generation 2 VMs use synthetic drivers and software-based devices instead; they provide advantages that include the following:
UEFI boot, scsi disks. (Windows 20012 and windows 8 and after)

Guest Integration Services package provides the following functions:

- Operating system shutdown
- Time sync
- Data Exchange: exchange info (fqdn)
- Heartbeat (keepalive)
- Backup: Backup with Volume shadows copy services
- Guest Services: copy paste files to and from the VM
- Dynamic Memory use in VM’s

Note: Windows 2012 and Windows 8 have Guest Integration preinstalled.

The enhanced session mode works by establishing a Remote Desktop Protocol connection between the host computer and the
VM, but it does not require a standard network path because it uses VMBus instead. VMBus is a high-speed conduit between
the various partitions running on a Hyper-V server. Enhanced session mode enabled by default in Windows 8.1, but in Windows
Server 2012 R2, you must enable it on the Enhanced Session Mode Policy page of the Hyper-V Settings dialog box.

Dynamic Memory
- Memory Buffer value set to 20 percent, a VM with applications and OS that consume 1 GB of memory will receive a
dynamic allocation of 1.2 GB.
- Memory Weight When the physical memory in the computer is insufficient to allocate the full-buffered amount
specified for each VM, the VMs with the highest Memory Weight settings receive priority.

“Set-VMMemory <VM name> -DynamicMemoryEnabled $true

-MinimumBytes <memory> -StartupBytes <memory>
-MaximumBytes <memory> -Priority <value> -Buffer <percentage>” – Configure memory

“Set-VMMemory ServerA -DynamicMemoryEnabled $true -MinimumBytes 64MB” – Example

- Smart Paging: If a VM has to restart and there is not enough memory available to allocate its startup RAM value, the
system uses hard disk space to make up the difference and begins paging memory contents to disk. Selecting the fastest
possible hard drive recommended.
- Resource Metering: Windows PowerShell–based feature in Windows Server 2012 R2 Hyper-V that enables
administrators to document VM usage by using a variety of criteria. (Billing Customers, Bandwidth)

“Enable-VMResourceMetering –VMName <name>” - Enable Metering

“Measure-VM –VMName <name>” – Statistical Report
“New-VHD –Path c:\filename.vhd|c:\filename.vhdx –Fixed|-Dynamic|-Differencing –SizeBytes <size> [-BlockSizeBytes <block
size>] [-LogicalSectorSizeBytes 512|4096] [-ParentPath <pathname>]” - Create new disk
Note: When using the cmdlet to create a disk image, the extension you specify for the filename determines the format (VHD or
VHDX); also, you can specify the block size and the logical sector size for the image, two things you cannot do in the GUI. For
example, the following command creates a 400-GB fixed VHDX image file with a logical sector size of 4 KB
“New-VHD –Path c:\diskfile.vhdx –Fixed –SizeBytes 400GB -LogicalSectorSizeBytes 4096” – Example

Pass-through disks is a type of virtual disk that points to a physical disk drive installed on the host computer. To add a physical
hard disk to a VM, the VM must have exclusive access to it. This means that you must first take the disk offline in the parent OS
by using the Disk Management snap-in or disk-part.

Modifying virtual disks: Compact, Convert, Expand, Shrink (Delete empty space), and Merge (Combine data with differencing
disks)
Checkpoint (snapshot) - a captured image of the state, data, and hardware configuration of a VM at a particular moment in
time. Only for lab environments. In production can reduce overall performance. Not for databases corruption might occur.

QoS - it is possible for one virtual disk to monopolize the input/output capacity of a physical disk, causing the other virtual disks
to slow down. Set IOPS for a disk.

SAN (fiber channel) can conceivably

communicate with any other device on the same
SAN, high-speed data transfers can occur in any
of the following ways:
- Server to storage Servers can access
storage devices over the SAN just as if
they connected directly to the
computer.
- Server to server Servers can use the
SAN to communicate directly with one
another at high speeds to avoid flooding
the LAN with traffic.
- Storage to storage Storage devices can
communicate among themselves
without server intervention, for
example, to perform backups from one
medium to another or to mirror drives on different arrays.

A Hyper-V Fibre Channel adapter is essentially a pass-through device that enables a VM to access a physical Fibre Channel
adapter installed in the computer, and through that, to access the external resources connected to the SAN.

Virtual SAN can created from Virtual SAN Manager in Hyper-V. The next step is to add a Fibre Channel adapter to a VM from the
Add Hardware page in the Settings dialog box. When you do this, the virtual SAN you created earlier is available on the Fibre
Channel Adapter page.

“New-VMSwitch <switch name> -NetAdapterName <adapter name> [-SwitchType Internal|Private]” – Create new Virtual SW
“New-VMSwitch “LAN Switch” –NetAdapterName “Ethernet”” – Example

The Virtual Network adapters retain their MAC addresses permanently or until the adapter is removed from the VM. You can
create up to 12 network adapters on a Windows Server 2012 R2 Hyper-V server: eight synthetic and four emulated.

A synthetic adapter is a purely virtual device that does not correspond to a real-world product. Synthetic devices in a VM
running on a child partition communicate with the parent partition by using a high-speed conduit called the VMBus. Much
higher performance level. Emulated Adapter (Legacy Network Adapters) load drivers before OS so you can PXE. Emulated
Adapter can used when VM does not support guest integration services.

Hardware Acceleration settings of Network Adapter:

- Enable Virtual Machine Queue s a technique that stores incoming packets intended for VMs in separate queues on the
physical network adapter and delivers them directly to the VMs, bypassing the processing normally performed by the
virtual switch on the parent partition.
- Enable IPSec Task Offloading
- Single-Root I/O Virtualization

Advanced Network settings:

- Static Mac Addr
- Enable Mac Addr Spoofing when enabled, the port in the virtual switch to which the virtual network adapter is
connected can send and receive packets that contain any MAC address. The virtual switch port can also learn of new
MAC addresses and add them to its forwarding table.
- Enable DHCP Guard Prevents the adapter from processing messages sent by rogue DHCP servers.
- Port Mirroring Mode for network monitor.
- NIC Teaming (only two)

To use NIC teaming in Hyper-V, you must complete three basic tasks, as follows:
1. Create the NIC team in the Windows Server 2012 R2 host operating system.
2. In Hyper-V Manager, create an external virtual switch using the NIC team.
3. Configure the network adapter in a virtual machine to connect to the virtual switch representing the NIC team.
Chapter 4: Deploying & configuring core network services

- Configure IPv4 and IPv6 addressing

- Deploy and configure Dynamic Host Configuration Protocol (DHCP) service
- Objective 4.3: Deploy and configure DNS service.