I’ve got it up and running in the lab. Now I see this article;
A few years ago, Microsoft switched from per-processor to per-core licensing in SQL Server, and it’s about to do the same with Windows Server 2016. You may not be thrilled with the results.
“Microsoft’s auditors likely will have a field day with these new requirements for Windows Server, in the same way that they have used the ever-more-complex licensing rules for SQL Server to increase the company’s audit-based revenue in recent years,” warned Christopher Barnett, an associate attorney with Scott & Scott LLP.
Here are two quick videos showing the install and first boot of Server 2016 Technical Release 4
Server 2016 Technical Review 4
This first video we install and boot to Core. Core is the default of the two options; Core or GUI. So, if you select all the defaults, you will have Core.
In this second video we install and boot to the GUI install.
Desired State Configuration is a big part of most 2012 R2 certification tests; get an understanding from these 5 videos.
I have tried to arrange these in order; if you watch them in order, you should have a good basic understanding of DSC. It’s a very useful capability. The first two are approximately 1 hour each. DSC can do PUSH or PULL. Push would normally be ad hoc, test, or small needs. Most normal production use would be PULL.
Time = 1:09
Description; Targeted somewhat to developers; or with a dev mindset. Give a good overview of the design, deployment and possible uses. Lots of groundwork explanation. .MOF (Managed Object Format) file creation and use. This is a classroom recording, so there is some live Q & A.
VIDEO 2 – DSC is the ENDGAME for PowerShell
Time = 1:04
Published on May 19, 2014
Description; Windows PowerShell 4.0 introduces Desired State Configuration (DSC), and it’s time to put it to use. With DSC, you declaratively tell computers what you want them to look like, and how you want them to be configured, and let DSC make it happen and KEEP that configuration enforced. In this session, you not only see how DSC works, but you will be introduced to custom resource development, letting you start teaching; DSC how to configure internal applications, databases, and other infrastructure elements.
VIDEO 3 – More hands on and examples
Time = 1:17
Published on Nov 9, 2014
Description; Are you paying attention to DevOps? Adoption of DevOps practices can greatly improve your company’s deployment efficiency. PowerShell Desired State Configuration (DSC) helps teams take the management of their Windows-based infrastructure into the DevOps space by capturing their infrastructure as code. The declarative PowerShell model enables autonomous, idempotent, and transparent configuration and deployment of Windows infrastructure and components. Capturing infrastructure as code is not only a means to manage what they have, at scale and speed, it is also a way to decouple the complexity of their existing environment in order to facilitate a migration to the cloud. Come see how DSC works and how you can use it to make configuration of internal applications, databases, and other infrastructure elements more efficient.
VIDEO 4 – Use Powershell DSC to install SQL Server
Time = :14
Published on Dec 18, 2014
Description; I briefly show how powershell DSC can be used to configure and deploy a brand new SQL Server installation.
Flashcard Sets for ITIL and PowerShell for 70-410, 411, 412, 417
I have created two flashcard sets at http://www.flashcardmachine.com/, one for ITIL Foundations terms (remember, no acronym memorization is needed for Foundations test).
ITIL – 52 flashcards on the key terms and definitions.
70-410, 411, 412 and 417 PowerShell commands.
You can review these online, or you can download an APP to study them on your phone. The app is
Flashcard Machine flashcards for ITIL and 70-410
called Flashcard Machine, and it’s FREE. To find my two flashcard sets search for these terms on FlashCardMachine.com;
SO, what are all the options with core? What is “minimal GUI”? How do you move from one to the other?
I wanted to post to outline these options as this understanding will probably be included on several questions in the 70-412 or 70-417 tests.
There are THREE options for the interface on Server 2012.
From the most basic, to the most features, they look like this;
Server Core – always installed and enabled; the baseline feature for all Windows Servers. This includes the fundamental capabilities that cannot be removed and are core to the OS.
What you get; ONLY command prompt (Powershell)
Minimal Server Interface; Server Graphical Management Tools & Infrastructure – functionality for Minimal Server Interface;
What you get; Server Manager and command prompt, and MMC
Server Graphical Shell – equivalent to Server with a GUI
What you get; this is the full GUI interface that most Administrators work with
Starting with Server Graphical Shell (normal full blown GUI)
We remove the Graphical Shell, which takes us to MINIMAL SERVER INTERFACE. Then we return to the Server Graphical Shell.
Link to video going from Server Graphical Shell to Minimal Server Interface, and back. Also looking at the tools in Minimal Server Interface, and how you restart your tools if you close them all and are looking at a black, blank desktop in Minimal Server Interface.
We remove Graphical Shell and minimal interface and go directly to CORE, then we return to Graphical Shell
This command gets you from CORE to Minimal Server Interface; Install-WindowsFeature Server-Gui-Mgmt-Infra
Add this command as well, and you go back to full Server Graphical Shell; Install-WindowsFeatureServer-Gui-Shell
So, to go from Core back to Server Graphical Shell in one step, this is your command; Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell
Link to video going from Server Graphical Shell to Core, and back. Also looking at the tools in Core, and how you restart your tools if you close them all and are looking at a black, blank desktop in Core.
Over the past few months I have posted a series of Study Guides targeted at 70-412, which would also be useful for 70-417. I want to put a hyperlinked Table of Contents here to show what order would be best to review them. These are study guides from the FREE Pluralsight training.
VEEAM is offering a FREE ebook on the Microsoft 70-409 certification; Server Virtualization with Windows Server Hyper-V and System Center. This book is by @orinthomas (http://orinthomas.com/) who is a great IT author and trainer, I’ve used a lot of his material. You could study this book, online resources, and use the Second Shot to pick up this cert. Here is the link to the download page on VEEAM; http://go.veeam.com/microsoft-certification-exam
Prepare yourself for the Microsoft MCSA 70-412 exam. This course explores how to implement an advanced DHCP solution, implement an advanced DNS solution, and deploy and manage IP Address Management.
These notes are my personal notes from the FREE training on Pluralsight. You can get your FREE signup through technet/MSDN or Dreamspark. The title of this course is exactly the title of this post. These notes are from this specific course only. I use these as a refresher Study Guide. POWERSHELL topics andcmdlets are in purple. I have a few notes with the “DEMO” each time the training included a DEMO just so you can see how many demos there were which were really helpful. Thanks to Greg Shields @ConcentratdGreg, the trainer, contact info at the end.
“Storage” – think more than just file server.
Configure and Optimize Storage
Configure Storage Spaces
local disks
create a Storage Pool
all storage shows up (unused and available) in the PRIMORDIAL POOL
new storage pool wizard
during wizard can allocate “automatic” but can choose “manual” or “hot spare”
leave it as automatic, can set RAID
Then create a disk out of the storage pool. Then can create volumes on those disks as well.
storage tiers checkbox is grayed out as tiering is not set up.
can set simple/mirror/parity (RAID) in this wizard
next button lets you choose thin or fixed provisioning.
after creation, then create a volume on the new disk
can enable data deduplication in next field (have to turn on the ROLE)
general purpose or VDI de-dupe
can choose exclusions, schedule, etc. Throughput optimization.
Configure Tiered Storage
Start with creating a new storage pool. Has the different type disks (SSD and spinning)
(hack to create each with VMware workstation)
Get-PhysicalDisk
Get-PhysicalDisk | ft friendlyname,size,mediatype
can set them in PS to be and appear as SSD or mechanical
Set-PhysicalDisk -mediatype HDD
So essentially you are setting them to have some SSD and some HDD so you can set up tiering.
Now you have a different option in the wizard (Faster tier, Standard tier)
the tiering is handled by the windows subsystem, no mgmt
can set specific files to SSD by PS; Set-FileStorageTier
provides a method for any of the above disks accessible over network
Target = where storage is, Initiator is who needs the storage,
Configure; easier to create the initiator first (the remote network server)
tools/start iSCSI initiator get alert box to start service each time
iSCSI console
quick connect option might not be the best for enterprise use
you have to click the ADVANCED button to choose adapter and initiator IP (critical when using a separate storage network)
at this point, we haven’t create the storage target on the fileserver yet
new iSCSI virtual disk wizard
create new iSCSI disk name, size, dynamically expanding, etc.
next screen asks for target name, and the previously created one shows up. (which is why we created it first)
can enable CHAP authentication
“CONNECT”, then go to ADVANCED to verify IP, network, etc. If you don’t specify the right network, you could end up sending storage traffic over your production network.
the remote server shows the disk just like it was a local disk, needing brought online, format, etc.
by DEFAULT all machines have read access, and root access is disallowed.
PS NfsShare, Get-NfsShare, etc.
Configure file access auditing
50 new sub-categories, but same way to set up as previously
Group Policy or local security policy
9 different original policies. Audit Object Access. Typically this is how we used to turn this on
“Advanced Audit Policy Configuration”
SACL; auditing view on file/folder properties, now you can also add CONDITIONS.
Configure BranchCache
transparent; cache documents in remote locations. I.E., branch offices. Bandwidth was historical a reason. Used to need Enterprise Windows versions, limiting it’s use. Now any version of Windows 8 works. Turn it on and don’t think about. File server, web server, or BITS data.
First access of document initiates the copy to the branch.
Distributed Mode (stores on desktop machine) or server based Hosted Mode.
file is split into chucks that are hashed then only changed chunks are updated.
One piece only does files, different piece does Web and BITS. These are in different places in FEATURES
Turn it on via GPO, choose hash type, configure client side “turn on branch cache”, set hosted cache server name, set cache expiration, etc.
You can pre-populate bia PS Publish-BCFileContent, Export-BCCachePackage
Implement Dynamic Access Control (DAC) DAC is supposedly heavily represented on 70-412 and 70-417 tests. Here is a great example and scenario about how to use DAC in a real-world situation, from the Microsoft Storage Team; http://mints4.rssing.com/chan-3739609/all_p2.html
Addresses file permissions getting lost/changed during file moves. New security requirements also drive this advancement in security.
needs to have characteristics set in AD
Also settings on file servers.
Scenario; you can filter all documents for SSN, and then disallow anyone from viewing such document unless the user is in certain group, site, etc.
Can filter and scan files as they are updated (SSN added to file that did not previously have one)
Think big IF THEN statement; IF this user is in FINANCE group, AND user is in DENVER, then allow read/write/etc.
DAC scans documents regularly to keep up with changes.
Configure User and Device Claim Types
Install File Server Resource Manager ROLE (screenshot)
CLASSIFICATION tab in properties on your file server now.
Active Directory Administrative Center (different from ADUC) has DAC
Trying to get steps in order here;
create claim types in ADAC for USERS
Resource properties for files set up in ADAC / DAC console. Some examples built in are; Personal Use, Project, Intellectual Property, Immutable (?), Department, Compliancy, Personally Identifiable Information, etc. Then there are different values; NOT PII, Public, Low, Moderate, High, and you can create/edit values. These are set up then used later in AD to apply to files and folders
Resource property lists ( add resource property to global) This is just a container of resource properties. Grouping these makes it more manageable to attach to documents. To use this, use PS Update-FSRMClassificationproperyDefinition, which enables the property list. Now it shows up on folder/share/file “Properties” as a new TAB. Users aren’t going to use this manually very much so you have to use server options; screen templates, file screens, classification management. This is the first step to determine what type of content you’re looking for in files / folders. You can scope to specific types of files; user files/ backup files, application files, etc. Scope this down to only the ones interested in, or you can get into resource issues. After picking scope, then choose the TYPE of classifier; for this a “content classifier” which looks at file content. Then you set the content classifier to “high, low, etc.” to apply that to hits that it finds. then you build the classification parameters which are detailed search expressions. you can look up the patterns on the internet or wherever like this one for SSNs. Now schedule to determine when and how often it searches. Check-box ” enable fixed schedule” then choose the times/dates/recurrence. You CAN force it to “run now” to see if it works. It allows logging and post scan reports. When if finds a HIT, then it actually will show as an updated “properties” tab on the file. You also can configure email request assistance and notification for remediation.
Create new central access rule. This is in ADAC / DAC to set up how you want to apply the settings above to control access based on the detail above. Generally apply to “authenticated users” , they get access when certain defined conditions exist; user is in Kansas City, and belongs to HR, etc.
Create central access policy is how the rule above gets applied to file servers. Then use Group Policy to deploy. New GPO for DAC policy. This would apply to File Servers. Then go back to properties on the share/folder and there is a “Central Policy” tab that you have to choose the policy.
I guarantee this is a test question that MS uses. Keep in mind test questions are random so it might not be on EVERY test, but it’s on one I took.
Implement Policy Changes and Staging
Create and Configure Resource Properties and Lists
Configure File Classification
Perform Access Denied Remediation
Create and Configure Central Access Rules and Policies
This is written by Orin Thomas, the fantastic trainer and author that does some work on Pluralsight. Orin works as an author and has written more than a thirty IT textbooks. He is the convener of the Melbourne System Center, Security, and Infrastructure Group and a MicrosoftSecurity MVP. He also works as an author for PluralSight. Follow him on twitter @orinthomas.
Chapter 1: Virtual Machine Settings
The first thing you need to grasp when studying for the 74-409 exam is
the basics of virtual machine (VM) settings. You’ll need to understand how
dynamic memory and smart paging work when VMs are starting, restarting and
operating. You’ll need to understand the difference between generation 1 and
generation 2 VMs. You’ll need to know the conditions under which Enhanced
Session Mode and RemoteFX can be used. You’ll also need to understand
resource metering and VM guest integration services.