Install Windows Servers in host and compute environments

10/6/2017

In Skill 1.1 from Exam Ref 70-743 Upgrading Your Skills to MCSA: Windows Server 2016, review installation requirements for the base installation of Windows Server and how Windows Server 2016 differs from previous versions.

In this chapter we discuss the requirements for installing, upgrading, and migrating servers to Windows Server 2016. We’ll also cover Nano Server, the new version of Windows Server. Finally, we will discuss how to create, manage, and maintain images that can be used for Windows Server deployments.

Windows Server 2016 introduces several new features compared to Windows Server 2012. These features include:

Nano Server Offers a new installation type that does not provide a graphical or command prompt experience and must be managed remotely.
Containers Isolates applications from the operating system. Each container is isolated, but runs on the base operating system. You can further isolate a container by running it as a virtual machine with Hyper-V.
Docker Provides a method of managing containers, and is supported for Windows Server 2016 and Hyper-V.
Rolling upgrades Enables you to add Windows Server 2016 nodes to an existing Windows Server 2012 R2 failover cluster and continue to operate the cluster until all nodes have been upgraded.
Hyper-V memory enhancements Enables you to dynamically add or remove virtual memory and networking adapters from running virtual machines (VM).
Nested virtualization Provides a method of running a nested Hyper-V installation within a VM.
Shielded virtual machines Shields using a virtual machine that provides protection for the data that is stored on the VM.

Important: Have you read page xxiii?

It contains valuable information regarding the skills you need to pass the exam.
PowerShell Direct Enables you to run PowerShell on a VM without additional security policies, network, or firewall settings.
Windows Defender Enables by default that Windows Server 2016 installations and anti-malware patterns are automatically kept up-to-date.
Storage Spaces Direct Enables you to build a highly-available storage set with direct attached storage by using Server Message Block version 3.0 (SMB 3.0).
Storage Replica Enables you to replicate volumes at the block level for additional redundancy.
Microsoft Passport Enables you to use two-factor authentication by using an enrolled device with Windows Hello or a PIN.
Remote Desktop Services Allows an Azure Structured Query Language (SQL) database to be used, creating a highly available environment with the Remote Desktop Connection Broker.
Active Directory Domain Services (AD DS) Enables AD DS improvements to support privileged access management, Azure AD Join, and Microsoft Passport.

Skills in this chapter:

Install, upgrade, and migrate servers and workloads
Install and configure Nano Server
Create, manage, and maintain images for deployment

Skill 1.1: Install, upgrade, and migrate servers and workloads

Windows Server 2016 offers similar editions and installation options compared to Windows Server 2008 and 2012. In this section, we discuss the installation requirements for the base installation of Windows Server, and outline how Windows Server 2016 differs from previous versions. We discuss the differences in the installation process, server roles, and features.

This section covers how to:

Determine Windows Server 2016 installation requirements
Determine appropriate Windows Server 2016 editions per workload
Install Windows Server 2016
Install Windows Server 2016 features and roles
Install and configure Windows Server Core
Manage Windows Server Core installations using Windows PowerShell, command line, and remote management capabilities
Implement Windows PowerShell Desired State Configuration to install and maintain integrity of installed environments
Perform upgrades and migrations of servers and core workloads from Windows Server 2008 and Windows Server 2012 to Windows Server 2016
Determine the appropriate activation model for server installation, such as Automatic Virtual Machine Activation, Key Management Service, and Active Directory-based Activation

Determine Windows Server 2016 installation requirements

A set of minimum requirements have been published by Microsoft in order to define the bare essentials that are needed to install Windows Server 2016. These are simply minimums, meaning that you may encounter an error during or after installation if your computer doesn’t meet them. The minimum requirements are:

1.4 GHz 64-bit processor
512 MB RAM (Error Correcting Code, or ECC type)
32 GB disk space

Note that if installing Windows Server 2016 as a virtual machine, it might initially fail with only 512 MB of RAM. A workaround is to initially assign 800 MB, and then reduce it to 512 MB after installation. 32 GB of storage space is also a bare minimum, and should only be used for Server Core installations. A server with a Graphic User Interface (GUI) installation uses approximately 4 GB of additional space. Additionally, be aware that network installations and servers with more than 16 GB of RAM need additional disk space.

If you plan to use BitLocker Drive Encryption, then the physical server hardware must also have a Trusted Platform Module (TPM) chip that is version 2.0 or newer. The TPM chip must have an Endorsement Key certificate that is pre-provisioned or can be obtained by the device during the boot process.

While some previous versions of Windows Server have listed a recommended set of system requirements, Windows Server 2016 has no such list. The recommended hardware varies significantly between the different editions that can be deployed, as well as the server roles or applications that can be installed. Instead of relying on a recommended number of requirements, perform test deployments in the scenario that you need to obtain a good baseline for your environment.

Determine appropriate Windows Server 2016 editions per workload

Microsoft offers several versions of Windows Server 2016. Selecting the appropriate version for your environment depends on the size or functionality that you expect to receive from the server. Table 1-1 lists the Windows Server 2016 editions that are available.

TABLE 1-1 Comparing Windows Server 2016 Editions

Edition	Description	License model	Client access license
Windows Server 2016 Datacenter	Highly virtualized environments	Per core	Windows Server
Windows Server 2016 Standard	Physical or minimally virtualized environments	Per core	Windows Server
Windows Server 2016 Essentials	Small businesses	Per processor	N/A
Windows Server 2016 MultiPoint Premium Server	Academic volume licensing	Per processor	Windows Server and Remote Desktop Services
Windows Storage Server 2016	OEM channel	Per processor	N/A
Microsoft Hyper-V Server 2016	Free hypervisor	N/A	N/A

Another installation option of Windows Server is Nano Server, which is discussed later in this chapter in “Skill 1.2: Install and configure Nano Server.”

Install Windows Server 2016

Although there are a few different editions of Windows Server 2016, the installation process is fairly similar in each of them. Manually installing Windows Server is as simple as completing the GUI wizard and selecting the options. The most important aspect of the installation process is selecting the type of installation that you prefer:

Server Core (Default)
Server with Desktop Experience

In previous versions of Windows Server, you can use Server Manager or Windows PowerShell to adjust whether the server has a GUI. With Windows Server 2016, once the installation type has been selected, it cannot be changed. Figure 1-1 shows the available options when manually installing Windows Server 2016.

FIGURE 1-1 Windows Setup

Install Windows Server 2016 features and roles

Windows Server 2016 introduces two new server roles that can be installed:

Device Health Attestation Works with TPM chips and Mobile Device Management (MDM) to assess mobile device health. DHA enables organizations to raise the security of their mobile devices and monitor mobile device health.
MultiPoint Services Originally designed for classroom and lab environments, MultiPoint (previously called Windows MultiPoint Server 2012) enables multiple users to share one computer while still receiving individual desktops. Unlike Remote Desktop Services, MultiPoint does not create a separate Remote Desktop Broker or Gateway.

The following features have been removed as of Windows Server 2016:

Ink and Handwriting Services
User Interfaces and Infrastructure

Three new features have been added to Windows Server 2016:

Setup and Boot Event Collection Enables you to collect and log the setup and boot events from other computers on the network.
VM Shielding Tools for Fabric Management Provides shielding tools for the Fabric Management server on a network. For the upgrade exam, Fabric Management is not specifically called out in the skills measured.
Windows Defender Features Comes pre-installed and provides malware protection for the server.

Remember that in addition to using Server Manager, you can also install server roles and features by using the Install-WindowsFeature cmdlet. To obtain the list of available features that can be installed, use the Get-WindowsFeature cmdlet. For example, to see the available server roles and features that relate to Active Directory, run the following command:

Get-WindowsFeature -Name AD* | FT Name

Windows returns a list of server roles and features similar to the following:

Name

----

AD-CertificateADCS-Cert-Authority

ADCS-Enroll-Web-Pol

ADCS-Enroll-Web-Svc

ADCS-Web-Enrollment

ADCS-Device-Enrollment

ADCS-Online-Cert

AD-Domain-Services

ADFS-Federation

ADLDS

ADRMS

ADRMS-Server

ADRMS-Identity

Install and configure Windows Server Core

Performing a default installation by using the GUI to install Windows Server creates a Server Core installation. The default settings for installing Windows Server do not include the Desktop Experience features. Figure 1-2 shows the initial logon screen after performing a Server Core installation.

FIGURE 1-2 Server Core log on screen

As Figure 1-2 shows, there is no graphical element to the installation. Unlike some previous versions, you cannot switch from a Server Core installation to an installation with a GUI. The Desktop Experience installation option must be selected during installation to add these specific features.

After changing the password or logging in for the first time, you are simply presented with a blank command prompt. To make any configuration changes locally on the server, run the sconfig.cmd command from the command prompt. Figure 1-3 shows the available configuration options by running sconfig.

FIGURE 1-3 sconfig.cmd

Most any task that you can complete from Server Manager can also be completed by running sconfig. Note that sconfig is not restricted just to Server Core, it can also be used to configure a full server installation with the Desktop Experience.

Manage Windows Server Core installations using Windows PowerShell, command line, and remote management capabilities

Remote Management is enabled by default in a Server Core installation. There are a few different options for managing a Server Core installation remotely:

Server Manager
Windows PowerShell
Remote Server Administration Tools (RSAT)
Remote Desktop
Group Policy (Not supported on Nano Server)

Server Manager can be used from a Windows Server that has the Desktop Experience features installed. Simply add the Server Core installation to Server Manager to manage it remotely. To use Windows PowerShell, simply specify the server in the command as you typically would a server with a desktop. As of this writing, a specific version of RSAT for Windows Server 2016 has not been released. However, the RSAT tools for Windows 10 can remotely manage a Windows Server 2016 installation. Ensure that you make the appropriate firewall exceptions for remote management to operate as expected. The following built-in exceptions need to be enabled:

COM+ Network Access (DCOM-In)
Remote Event Log Management (NP-In)
Remote Event Log Management (RPC)
Remote Event Log Management (RPC-EPMAP)

Implement Windows PowerShell Desired State Configuration to install and maintain integrity of installed environments

Desired State Configuration (DSC) extends Windows PowerShell and enables you to deploy and configure a server based on a template or baseline. Using DSC you are able to automate the configuration of several settings, including:

Server roles and features
Registry settings
Files and directories
Processes and services
Groups and user accounts
Environment variables
PowerShell scripts

In addition to performing the initial configuration, you can also use DSC to identify servers that no longer conform to the desired state. DSC has built-in resources to enable you to determine the actual configuration of a server, and implement changes if necessary. There are three primary components of DSC:

Local Configuration Manager (LCM) The LCM runs on every server (or target node) being managed. The LCM configures the target node based on the DSC. The LCM also performs other actions for the target node, including the refresh method, determining how frequently to perform refreshes, and making partial configurations.
Resources Used to implement the changing states of a configuration change. Resources are part of the PowerShell modules, and can be written to mimic a file, process, server, or even a VM.
Configuration Defined as the scripts that comprise and configure the resources. When running the configuration, DSC and the resources perform the configuration and ensure that the target node is configured as defined.

When building a DSC Script, there are a few components of the syntax to be aware of. The Script is composed of:

GetScript This block of code should return the current state of the node being tested. The value must be a String that is returned as the result.
TestScript This block of code determines if the node that is being tested needs to be modified based on the returned configuration. If any configuration is found to be out of date, then it is remedied by the SetScript block.
SetScript This block of code modifies the node to the desired configuration.
Credential The credentials that are needed for the script, if any are required.
DependsOn This indicates that another resource must be running before the script can be run and configured.

The following is an example of the syntax for DSC:

Script [string] #ResourceName

{

    GetScript = [string]

    SetScript = [string]

    TestScript = [string]

    [ Credential = [PSCredential] ]

    [ DependsOn = [string[]] ]

}

Perform upgrades and migrations of servers and core workloads from Windows Server 2008 and Windows Server 2012 to Windows Server 2016

Performing an OS upgrade to Windows Server 2016 is not too different from upgrading previous versions of Windows Server. A new feature for upgrading failover clusters is the Cluster OS Rolling Upgrade, which is discussed in detail in Chapter 5. Table 1-2 shows the supported upgrade paths to Windows Server 2016.

TABLE 1-2 Supported upgrade paths

Original operating system and edition	Upgrade edition
Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise	Windows Server 2016 Standard or Windows Server 2016 Datacenter
Windows Server 2008 R2 Datacenter	Windows Server 2016 Datacenter
Windows Web Server 2008 R2	Windows Server 2016 Standard
Windows Server 2008 R2 Datacenter with SP1	Windows Server 2016 Datacenter
Windows Server 2008 R2 Enterprise with SP1	Windows Server 2016 Standard or Windows Server 2016 Datacenter
Windows Server 2008 R2 Standard with SP1	Windows Server 2016 Standard or Windows Server 2016 Datacenter
Windows Web Server 2008 R2 with SP1	Windows Server 2016 Standard
Windows Server 2012 Datacenter or Windows Server 2012 R2 Datacenter	Windows Server 2016 Datacenter
Windows Server 2012 Standard or Windows Server 2012 R2 Standard	Windows Server 2016 Standard or Windows Server 2016 Datacenter