Servers Cha 2- Configuring Windows Server 2019

Key

A folder that appears in the left pane of the Registry Editor and can contain subkeys and entries, for example, HKEY_CURRENT_USER.

Subkey—

A part of the Windows Registry that is below a key. A subkey can contain entries or other subkeys

entry

An item that appears in the details pane and is the lowest level in the Windows Registry. An entry consists of an entry name, its data type, and its value.

flushing

After data is written to disk, the memory used for that cached data is freed, via a process called flushing. On some server systems, administrators choose to turn off file caching and flushing because this enables them to more easily hot swap a disk drive or controller without using the Safety Remove Hardware notification area icon, which warns that a device is in u

Interrupt Request (IRQ) line

Hardware resources include the Interrupt Request (IRQ) line (which is a channel for communication with the processor) and other elements such as the Input/output (I/o) address and reserved memory range. A computer contains a limited number of IRQ lines. The video display, each disk drive, USB ports, and the sound card each use a dedicated IRQ to communicate with the processor. Each component also needs reserved memory addresses for I/O operations. Resource conflicts can sometimes occur when a network interface, a new storage controller, or some other hardware is added to the system that does not communicate properly with PnP, or is not fully PnP-compliant.

devices and Printers utility

If Windows Server 2019 does not automatically detect newly installed hardware, or if the device you are installing is not PnP, you can use the devices and Printers utility to manually launch PnP or to manually install the device without PnP

functions

If you would like to execute multiple cmdlets, you can instead use functions. For example, the following example creates a function called c that displays the message "About to clear screen", pauses for 2 seconds, and then clears the screen: PS C:\Users\Administrator>function c {Write-Host "About to clear screen"; Start-Sleep -s 2; Clear

self-signed certificate

Next, you are prompted to either generate an encryption certificate for use with HTTPS (called a self-signed certificate), or supply the thumbprint for an existing HTTPS certificate that is already installed on the computer and signed by a public Certification Authority, as shown in Figure 2-19. HTTPS traffic normally uses port 443, but you can optionally change this port to a different one if the server already has Web server software installed that provides HTTPS access on port 443. You can also force regular HTTP requests to be automatically redirected to HTTPS.

Plug and Play (PnP)

PnP allows your operating system to work with hardware devices to automatically detect and configure recently installed hardware to work with the operating system.

PowerShell providers

PowerShell plug-ins that provide functionality within Windows PowerShell (e.g., aliases, functions, variables) or allow PowerShell to interact with other parts of the system (e.g., registry, filesystem, environment variables, certificates).

Processor scheduling

Processor scheduling allows you to configure how processor resources are allocated to programs. You can access the processor scheduling option within Control Panel by navigating to System and Security, System from the Category view. Next, you must select Advanced system settings, click Settings under the Performance section, and highlight the Advanced tab shown in Figure 2-28. The default is set to Background services, which means that all programs running will receive equal amounts of processor time

Remote desktop Protocol (RdP).

Remote Desktop provides access to a graphical desktop using Remote desktop Protocol (RdP)

winRM

Remote management with Windows PowerShell requires that the winRM component is enabled (the default on Windows Server systems). If winRM is not enabled, you could run winrm -quickconfig from a Command Prompt window, or Set-Service winrm -StartupType automatic ; Enable-PSRemoting -Force from a Windows PowerShell session as Adminis

Certificate Store

Similarly, the Set-Location cmdlet can be used to tell Windows PowerShell to switch from using the filesystem to the Windows Registry or the Certificate Store for the current user account.

Using WMI within Windows PowerShell

Starting with Windows NT 4.0, Microsoft introduced an interface called Windows Management Instrumentation (WMI) that allowed programs and system software to query the hardware and software on the Windows computer. The programs and system software that can query WMI are called WMI consumers, and the components that are built into the operating system that respond to WMI queries are collectively called the WMI infrastructure.

HKeY_ClASSeS_RooT

The HKEY_CLASSES_ROOT key holds data to associate file extensions with programs. This is a more extensive list than the one viewed under HKEY_CURRENT_USER. Associations exist for executable files, text files, graphics files, clipboard files, audio files, and many more. These associations are used as defaults for all users who sign in to Windows Server 2019, whereas the associations in HKEY_CURRENT_USER and HKEY_ USERS are those that have been customized for a given user profil

alias provider

The alias provider can be used to view and manage aliases, and the function provider can be used to view and manage functions within Windows PowerShell. Because you can also manage aliases and functions using the cmdlets discussed earlier in this module, there is no need to use these providers directly. However, if you need additional flexibility when searching for or managing aliases and functions, changing to these providers can be useful

Component object Model (CoM).

This command creates a variable ($a) that contains a reference to a copy of the wscript.shell object within the Windows Component object Model (CoM). You can think of $a as a variable that contains a Windows shell object.

power plans

Three power plans are already created: Balanced, Power saver, and High performance. Each plan consists of a combination of power options including how soon to turn off the display, whether to require a password on wakeup, how soon to turn off the storage devices, sleep/hibernate settings, USB settings, PCI card settings, and processor settings. The Balanced setting offers equal emphasis to energy savings and performance. Power saver favors energy savings over performance, and High performance favors performance over energy savings. F

Registry editor

When using the Internet to research a potential fix for an application-, service-or Windows Server 2019-related problem, you will often find a solution that requires that you modify the Windows Registry. To do this, you can use the regedit command within the Start menu, Run dialog box, Command Prompt or PowerShell window to launch the Registry editor

driver signing

When you install a new hardware device, Windows Server 2019 checks to make sure that the driver for that device has been verified as secure. When a driver is verified, a unique Microsoft digital signature is incorporated into it in a process called driver signing. All device drivers that you add to Windows Server 2019 should be signed in order to obtain support from Microsoft.

aliases

Windows PowerShell can use UNIX/Linux-style command aliases, which are essentially shortcuts to commands. To view all aliases on your system, sorted alphabetically, you can run the following command: PS C:\Users\Administrator>Get-Alias | more Aliases make navigating and using Windows PowerShell easier. For example, when you run the dir command in PowerShell, you are actually running an alias to the Get-ChildItem cmdlet, which displays the objects (files and subdirectories) within your current directory on the filesystem by default. Similarly, when you run the cd command within PowerShell, you are actually running an alias to the Set-Location cmdlet within PowerShell, which changes the directory location on the filesystem by default

Configuring Performance Opti

Windows Server 2019 allows you to optimize your server for performance. The main areas that you can configure within the operating system to optimize performance include the following: • Processor scheduling and Data Execution Prevention • Virtual memory • File caching and flushing

WMI namespaces

represent/organize different types of WMI data in much the same way that a file cabinet organizes files. There are different namespaces for different purposes, and each namespace holds different WMI providers. The only namespace that is useful to IT administrators within Windows PowerShell is the CIMv2 namespace (Common Information Model version 2), which can query the hardware and software components on systems as well as modify software components as necessary.

object that has attributes

thing in Windows PowerShell can be treated as an object that has attributes (properties that describe the object) and methods (things that the object can do). This is a very powerful feature of Windows PowerShell that can be used to control nearly all aspects of the Windows operating system including processes, files, and network sockets.

exit status

After executing calc.exe, PowerShell will display the number 0 in the PowerShell window. This is called the exit status and a 0 (zero) exit status means that calc.exe was successfully executed (non-zero numbers denote error messages

data execution Prevention (deP).

Another performance (and security) option that is good to know about is data execution Prevention (deP). When programs are running on the server, DEP monitors how they use memory to ensure they are not causing memory problems. This is intended to foil malware, such as computer viruses, Trojan horses, and worms. Malware sometimes works by trying to invade the memory space allocated to system functions. If DEP notices a program trying to use system memory space, it stops the program and notifies the system administrator.

variables

Both aliases and functions are essentially variables, which are areas of storage within memory in your current Windows PowerShell session. When you exit Windows PowerShell, any aliases and functions that you have created are destroyed.

Best Practices Analyzer (BPA)

Best Practices Analyzer (shown in Figure 2-5) allows you to scan the associated servers and roles for configuration issues that do not follow Microsoft's recommendations. To perform a Best Practices Analyzer (BPA) scan, select Start BPA Scan from the Tasks menu. Following the scan, the results will be listed in the pane for you to view. Because this list is often large, you can use the Filter dialog box within this pane to display only certain results.

device Manager utility.

If you install a hardware device that does not have a generic driver provided by Windows Server 2019, or the generic driver provided does not work properly with the hardware device, you may need to open the device Manager utility. To open Device Manager, click the Hardware category within Control Panel and then click Device Manager in the Devices and Printers section. Device Manager shows all devices on the system, including many that are not shown in the Devices and Printers utility. To update the device driver for a device within Device Manager, you can right-click the device and choose Update driver, as shown in Figure 2-24. You will then be prompted to search the Internet for an updated device driver or supply the location of a device driver provided by the manufacturer.

PowerShell profile script

If you would like to make aliases and functions load into memory each time that you start a PowerShell session, place your alias and function commands within a PowerShell profile script for your Windows user account. PowerShell profile scripts are PowerShell ripts that store custom aliases, functions, and any other commands that you want to automatically execute every time you start Windows PowerShell.

HKeY_loCAl_MACHINe

Information on every hardware component in the server is provided under the HKEY_ LOCAL_MACHINE root key. This includes information about what drivers are loaded and their version levels, what IRQ (interrupt request) lines are used, setup configurations, the BIOS version, and more. Figure 2-35 shows HKEY_LOCAL_MACHINE expanded to display information about video settings.

WQl (WMI Query language)

Instead of specifying the WMI class alongside the Get-WmiObject cmdlet, you can instead create a WMI query statement and specify it using the -query option. WMI query statements use a SQL database language called WQl (WMI Query language). For example, the following command within Windows PowerShell will select all attributes/ methods (*) from the win32_share class as shown below:

HKeY_CuRReNT_uSeR

The HKEY_CURRENT_USER key contains profile information about the desktop configuration for the user account currently signed in to the system, as opposed to the HKEY_USERS key, which contains profile settings for all users who have signed in to the server. It contains data on color combinations, font sizes and type, the keyboard layout, the taskbar, clock configuration, and nearly any setup action you have made on the desktop.

HKeY_uSeR

The HKEY_USERS root key contains profile information for each user who has signed in to the computer. Each profile is listed under this root key. Within each user profile is information identical to that viewed within the HKEY_CURRENT_USER root key. The profile used when you are signed in is one of the profiles stored under HKEY_USERS. You can make the same changes just examined by finding the subkey for your profile and making the changes here instead of under the HKEY_CURRENT_USER root key.

certificate provider

The certificate provider can be used to view and manage encryption certificates issued to user accounts on the system as well as on the local computer. The registry provider can be used to view and modify the Windows Registry keys HKEY_LOCAL_ MACHINE and HKEY_CURRENT_USER.

filesystem provider

The filesystem provider is the default provider, which is why you see PS C:\Users\Administrator> as your prompt when you start PowerShell. You can use the filesystem provider to view and manage the files on your filesystem

HKeY_CuRReNT_CoNFIG

The last root key, HKEY_CURRENT_CONFIG, has information about the current hardware profile. It holds information about the monitor type, keyboard, mouse, and other hardware characteristics for the current profile. On most servers, there is only one default hardware profile set up. Two or more profiles could be used, but this is more common for a portable computer running Windows 10 that is used with and without a docking station. One profile would have the keyboard and monitor used when on the road, and another would have a larger keyboard and monitor used when the computer is docked.

piping

The pipe symbol ( | ) shown in the previous output sends the results of the Get-Command cmdlet to the MS-DOS more command within PowerShell. The more command then displays the output page-by-page, because the output is too large to fit on one page. Administrators use the pipe symbol extensively within Windows PowerShell as it is one of the most useful ways of sending information between cmdlets to build more complex commands or filter output to display only the output that they wish to see. This process is called piping

variable provider and environment provider

The variable provider and environment provider are used to view and manage variables. The variable provider works with user-defined variables that exist within your Windows PowerShell session only. Variables created by the variable provider are only valid during the time that your PowerShell window is open. When working with the variable provider, you can use the Get-Variable cmdlet to view existing user-defined variables, or the New-Variable and Set-Variable cmdlets to create them and assign them va

Virtual memory

Virtual memory is disk storage used to expand the capacity of the physical memory installed in the computer. When the currently running programs and processes exceed the physical memory, they treat disk space allocated for virtual memory just as if it were physical memory. The disadvantage of this is that memory activities performed through virtual memory are not as fast as those performed in physical memory (although disk access and data transfer speeds can be quite fast). Virtual memory works through a technique called paging, whereby blocks of information, called pages, are moved from physical memory into virtual memory on disk. On a typical computer, data is paged in blocks of 4 KB. For example, if the system is not presently using a 7 KB block of code, it divides the code block between two pages, each 4 KB in size (part of one page will not be completely full). Next, both pages are moved to virtual memory on disk until needed. When the processor calls for that code block, the pages are moved back into physical memory. Before virtual memory can be used, it must first be allocated for this purpose by tuning the operating system. The area of disk that is allocated for this purpose is called the paging file. Before virtual memory can be used, it must first be allocated for this purpose by tuning the operating system. The area of disk that is allocated for this purpose is called the paging file. A

gateway server mode

When you install the Windows Admin Center on a Windows Server 2016 or 2019 system to provide remote Web access for administrations, it is said to function in gateway server mode, as it provides the ability to manage other Windows Server systems on the network. Alternatively, when you install the Windows Admin Center on a Windows 10 PC, it functions similar to the RSAT by connecting to other servers within the Active Directory domain for administration

File Signature Verification tool (Sigverif)

Windows Server 2019 includes another tool, called the File Signature Verification tool (Sigverif), which verifies system and critical files to determine if they have a signature, including device drivers. This tool only scans files and does not overwrite inappropriate files, thereby allowing safe use of the tool while the server is active. After the scan is complete, the results are written to a log file, called sigverif.txt. If the tool finds a file without a signature that you believe needs to be replaced, you can replace the file using the System File Checker, by obtaining the appropriate file from Microsoft's website, or by reinstalling the associated device driver or program with an updated version

System File Checker

Windows Server 2019 offers the System File Checker to scan system files for integrity and replace damaged or overwritten files with the proper version. You can run the System File Checker manually from a Command Prompt window (MS-DOS shell) or Windows PowerShell window by executing the sfc/scannow command. The scan and repair process could take several minutes to complete and will indicate whether issues were found and repaired, as shown in Figure 2-26. Alternatively, you can use the sfc/scanfile:filename command to scan a single file that you believe is corrupted. You should use the System File Checker during periods of low server activity, such as after normal business hours

file caching

Windows operating systems, including Windows Server 2019, cache file data for reading the data from a disk or writing it to disk. This file caching is turned on by default and uses an area of memory already established for file caching and controlled by the Windows cache manager. Because file caching uses memory, it can speed up the time it takes to read from or write to a disk

PowerShell console file

You can also create a customized Windows PowerShell session by creating a PowerShell console file that has a .psc1 extension. You can then double-click this PowerShell console file to open Windows PowerShell. Any changes that you make within the PowerShell Window properties, such as color scheme and font size, are saved to the PowerShell console file and automatically loaded the next time that you double-click the PowerShell console file to open Windows PowerShell.

output redirection (>>) and command chaining

You can also use MS-DOS shell features such as output redirection (>>) and command chaining (;). For example, you could run the following to save the output of the ipconfig command to a file called C:\IPconfig.txt, and then clear the screen using the cls command: PS C:\Users\Administrator>ipconfig >> C:\IPconfig.txt ; cls

Remote Server Administration Tools (RSAT)

You can install the Remote Server Administration Tools (RSAT) on a Windows 10 PC that is joined to an Active Directory domain within the organization. This allows you to perform server administration remotely using Server Manager and a wide range of MMC tools from a Windows 10 PC within your IT office. To obtain the RSAT, visit https://www.microsoft.com/en-ca/ download/details.aspx?id=45520

sigverif

You can run the System File Checker manually from a Command Prompt or Windows PowerShell window by executing the sigverif command. This opens the File Signature Verification window shown in Figure 2-27. You can click the Advanced button to change the location and name of the log file, or Start to start the scan process

There are three levels of severity:

a server's network interface might have a valid IPv4 address temporarily leased by DHCP, but a static address is recommended for the particular role. • Warning—The role complies under current operating conditions, but this may change if the operating conditions change. For example, the Hyper-V role might become noncompliant if another virtual machine is added for which there is no available virtual disk space. • Error—The role does not meet best practices and problems can be expected.

Virtual desktop Infrastructure (VdI)

allows client computers to remotely connect to a central server to obtain their Windows desktop.

WMI classes

are individual types of data and are like the files in each drawer of a filing cabinet. It is these classes that we can use within Windows PowerShell to work with different pieces of hardware and software.

WMI providers

are like the drawers in a file cabinet. Each provider contains different WMI classes that can be used to obtain/modify different hardware and software information on your system.

Windows Registry

needs about the entire system, including hardware and software. This information is vital for the Windows operating system; thus, if the Windows Registry becomes corrupted, the system may fail to boot or function normally. Some examples of data contained in the Registry are as follows: • Information about all hardware components, including the CPU, disk drives, network interface cards, optical drives, and more • Information about Windows Server 2019 services that are installed, which services they depend on, and the order in which they are started • Data about user profiles • Data on the previous settings used to boot the computer • Configuration information about all software in use • Software licensing information • Server Manager and Control Panel parameter configurations

environment variables

used to tell the operating system where to find certain programs and program-related information. Environment variables can be broken down into two categories: system environment variables and user environment variables. System environment variables are defined by the operating system and apply to any user logged into the computer. Administrators can add new system environment variables or change the values of existing ones. User environment variables can be defined on a per-user basis and may be used to provide a wide variety of different information, such as specifying the path where application files are stored. System environment variables are always set first, followed by user environment variables, which override any conflicting system environment variables. Often, server software and developer frameworks require that you manually create a specific system or user environment variable for the software or framework to function correctly