Date post: | 14-Jan-2016 |
Category: |
Documents |
Upload: | kyra-littleton |
View: | 217 times |
Download: | 0 times |
Manage Server 2012 Like a Pro… Or, Better, Like an Evil Overlord!Presented by Mark [email protected]@mminasi on twitter
1copyright 2013 Mark Minasi; please do not redistribute, and thanks for respecting my copyrights!
Let's Be Clear About a Few Thingso First, computers and software are not
our friends.o (No matter how much fun you get from
Facebook, Twitter or Angry Birds.)o They must be… managed.o No, they must be … mastered. o Dominated. o Conquered… o … before they conquer us.
the thoughts behind this presentation
3
After Realizing This…o I realized that I … and you … must
reluctantly play the part an evil overlord, or by default we allow the servers be that overlord
o So I did some research, and found a list of the 100 things an evil overlord should do and not do (thank you, Peter Anspach at www.eviloverlord.com/lists/overlord.html)
o I have adapted some of those to guide us in managing Windows Server 2012
4
What? You Don't Believe Me?
o "My ventilation ducts will be too small to crawl through."
o "One of my advisors will be an average five-year-old child. Any flaws in my plan that he is able to spot will be corrected before implementation."
o (Had Microsoft used this second one, Windows 8 might not have occurred.)
consider a few examples
So…o Let's see how to roll out, configure
and manage Windows Server 2012o Much of your existing Server 2008
and R2 skills work, but they messed with Server Manager big-time, so that'll require a bit of retooling
o Here's a quick look at the tools you've got, which ones are worth your time and which to skip
The Perspective
o Microsoft:o "Remote access is the default"
o Microsoft:o "Server core is the default"
o Minasi's Addendum:o "Learn PowerShell or y'all won't have a job
much longer"o Evil Overlord Perspective:
o "With remote access, I can seize control of my enemies without them even knowing where I am!"
6
Setup Changeso Largely the same "Panther" setup
engine from Vista onwardso As with R2, 64-bit onlyo Also as with R2, there's a "GUI or Not?"
question
7Best of all, it's not a one-way choice, as we'll see
Installing Server without DVDs
o Avoid dealing with DVDso Instead
o Download the ISOo Get a 4+GB USB sticko Wipe it, partition it, make it bootable,
format it from WinPE/Windows 7 or latero Mount the ISOo Robocopy the files from the ISO to the
USB sticko Then boot from and do installs from the
USB stick8
9
Create the USB Sticko Diskparto List diskso See which one is the USB stick "disk"o Select disk disknumbero cleano create partition primaryo activeo assigno format fs=ntfs quick label="2012
Install"
10
Copy the Install Files to the USB Sticko Mount the ISO using a tool like Virtual
Clone Drive (free) or, if you're working from Win 8/Server 2012, you can just open it in Explorer (finally!)
o Assume that the USB stick is drive F: and the mounted ISO is drive D:
o Open a command prompt and typeo robocopy d:\ f:\ * /s /mt:10o Once done, you can then boot any
system from the USB stick and install Server 2012
o Do it with a USB 3.0 stick… it's waaay fast
11
Make Your Life Easier with WSIMo So much needs configuring on server
nowadays – and now that you need to punch in product IDs – simplify the process
o Download the Assessment and Deployment Kit (ADK) from Microsoft, install it, and use the Windows System Image Manager to create a file called autounattend.xml
o Put it on any removable storage device, do the install and you can pre-answer lots of questions/preconfigure things
o Look at Newsletter #60 for more
12
My Simple XML Automates…
o Setup languageo OS languageo Skip EULAo Enter "organization"
infoo Drive format and
setupo Product key insertiono Default SAN policyo Default DNS domaino IE enhanced security
settingso IE setup annoyances
o Don't automatically start Server Manager
o Time zoneo Firewall profile
settingo Windows update
settingo And I could have
done lots more… I just ran out of time
13
Bottom Line on Setup…Whether MDT, USB sticks and autounattend or whatever you like, some very simple, free tools can make Setup easier, so spend just a little time to learn and then use them.
Or, as the Evil Overlord rules say,
"I will be neither chivalrous nor sporting. If I have an unstoppable superweapon, I will use it as early and as often as possible instead of keeping it in reserve."
14
Remote Admin is the Defaulto Systems are configured for remote
admin (in the winrm sense) by default
o RDP and RPC are noto Group policy offers great remote
admin powerso PowerShell remote control is very,
very easy (compared to learning PowerShell)
o Most MMCs work fine remotely against Core!
o Let's look at the Server UIo It's a bit odd as Server UIs go, as it's
really built to be touch-first
15
The Four New GUIs
o Server offers you four levels of UI – Server Core and three levels of "GUI intensity"
o Can be dialed up to match the "Metro" interface on Win 8 tablets
o UI elements are more 2D than before and the colors are lower-contrast
o The start menu now has a completely separate screen called the "Start Screen"
in brief… more details ahead
16
Four Interfaces
o You can put any of four interfaces on Server 2012o Server Core: mostly command line, no
Start Screen, no Server Manager, no MMCs, no IE
o Minimal Server Interface: runs Server Manager (servermanager.exe, no Start Screen, MMCs, no IE)
o Server GUI: all Windows Desktop applications, no Windows RT applications, IE installed
o Desktop Experience: Windows RT apps, the Windows Store, Aero Glass, Media Player
Metro, server core and two in-between
17
18
Overlord Ideas in Action
Another important Evil Overlord tip is
"I will be secure in my superiority. Therefore, I will feel no need to prove it by leaving clues in the form of riddles to my weaknesses."While I'm not sure, I think this explains the kinda thin documentation for Server 2012 and its management tools.
19
Navigating Server Manager
o Manage kicks off roles & features wizard
o The flag calls you to info, warnings, errors –click it to see status of Manage tasks
o Circle with arrows refreshes the display… which is often important
o Tools drops down a list of management tools (DNS manager, DHCP, AD Admin Center, etc)
o "All Servers" points to Server Manager's new multi-server nature
the big stuff
20
Getting to Other Apps/Tools
o What was once your Start Programs menu is now a completely different screen that swaps on and off your monitor called the "Start Screen"
o To access it, eithero Press the Windows key (you may have to
adjust your RDP client settings for this to work), or
o Hover your mouse in the LLH corner of the screen (15x15 pixel area), then click the rectangular blue-ish "tile" that appears in the 15x15 pixel space
o Touch that area on a multitouch monitor
um, there's no "start" button
21
22
Start Screen Overviewo Icons become "tiles"o On Win 8, these tiles and this Start
Screen can do a lot of things, but those things are deactivated on Server by default
o You can still organize tiles into groups and then name the groups
o To find any program, type its name right on the desktop
o More on this in Newsletter #100
23
Meet the "Charms," All 3+2 Of 'Emo You get to some settings via something
called the "settings charm"o There are two others by default, the
"search" charm and the "start screen" charm
o And two more if you're in full Metro mode
o Get to them byo Pressing Windows+Co Hovering the mouse in the URH or LRH
corner of the screeno Touching those locations with your finger
on a multitouch screen
(remember, there are lots of kinds of "charms," including a curse)
24
25
The Dashboard: Events
o You can either click "Local Server" or "All Servers" on the left-hand-side of Server Manager and then you'll see Events, Services, Best Practices Analyzer, Performance and Roles and Features
o Some of those things can be filtered by right-clicking them, like the Best Practices Analyzer
o The clue is often the "EVENTS" with the down-chevron next to it
26
27
Getting a Command Prompto You'll probably need it elevatedo Methods:
o Windows+r, cmd (not elevated)o Start screen / type "cmd," see the
"Command Prompt" tile, right click it, at the bottom of the screen see ""Run as administrator", respond to UAC
o The PowerShell icon will usually work fine, although some commands may not parse right
28
29
Shutting Down/Restartingo Command line:
o shutdown –s –t 0o shutdown –r –t 0o shutdown –l (logoff)
o PowerShell:o stop-computero restart-computero restart-server (with Windows workflow
foundation)o In the Settings charm, you probably
already noticed a power icon
30
Useful Keystrokes ([w]=Windows key)o [w]: to Start Screeno [w]+D: Desktopo [w]+E: File Explorero [w]+R: “Run” dialogo [w]+C: charmso [w]+F: search for
fileso [w]+I: Settings
o [w]+L: lock computer
o [w]+P: screenso [w]+X: useful linkso [w]+Y: System pageo [w]+Tab, alt-tab
work roughly as before
o alt-f4 even closes Metros
• Find an app in Metro: just type on the screen
• See battery power: bring up the charms• Get the keyboard: Search in Metro,
taskbar on Desktop (may have to include as a toolbar)
31
Remote Admin Toolso From Win 7, you can use the 7/R2
remote server admin toolso From Win 8, download the RSAT for
Win 8o Unfortunately that RSAT will not run
on Windows 7, but the Win 7/R2 tools will let you do some administration
32
Overlord Ideas in Action
"I will dress in bright and cheery colors, and so throw my enemies into confusion."
Translated, this means 'I only created that pretty-and-annoying tablet interface on Server 2012 to make you want to learn PowerShell."
33
Starting PowerShell
o Press the Windows key to get to the "Start Menu"
o Right-click the "Windows PowerShell" tile
o Below it in the Options Bar, click "Run as administrator"
o Or just start up any command prompt and type "powershell"
o More PowerShell soono Server Core (and even Windows PE)
includes it as well
admit it, you know you're going to love it…
34
PowerShell 101o Commands ("cmdlets") look like
"verb-noun," like get-process or new-aduser
o PoSH uses very few verbs: new, get, set, remove, add, write, etc
o No central PoSH power at Microsoft; instead, program groups decide to implement PoSH, and then choose their nouns, like "aduser" for AD users, "vm" for virtual machines, etc
o The nouns are always singular, never plural
o PowerShell is 99.99% case insensitiveo Cmdlets too much to type? Tab-
completion.
35
The Four Big PoSH Verbso new always means "create something
new;" no cmdlet starts with "create-," it's always new – new-vm creates a VM
o get is like "show" or "list;" get-vm would show all virtual machines on a Hyper-V server
o set lets you change some characteristic; set-vm would let you rename it, change how much RAM it has, etc
o remove means "delete;" remove-vm would delete a virtual machine
36
Getting PowerShell Helpo Very simple… just use "help," as ino help new-vmo Add –full for complete help, -examples
for exampleso You can use wildcards or just stringso help *-vm*o help *-ad*o help vmfailovero Or you'll get articles on topics, as ino help remote
37
A PoSH Example: Picking a GUI
o install-windowsfeature featureorrole or uninstall-windowsfeature featureorrole
o Or you can poke around the Roles Wizard, but the Wizard isn't terribly clear either; in Features, it's User Interfaces and Infrastructure, with three sub-features
o It's not like there's a radio button for Server Core, Minimal Server GUI, Full Server GUI etc
o You need the feature-or-role name to get a given GUI; here they are
the tool: install-windowsfeature
38
Setting the GUI's LevelTo get this UI: Which includes in install-
windowsfeaturein Wizard
Server Core Cmd prompt, PowerShell, some GUI tools, no Internet Explorer
none… use uninstall-windowsfeature server-gui-mgmt-infra
Uncheck "User Interfaces and Infrastructure"
Minimal Server Manager, MMCs, no IE
server-gui-mgmt-infra
Graphical Management Tools and Infrastructure
Full GUI Server with GUI, IE, runs any 2008 R2 apps but no Media Player, WinRT apps
server-gui-shell Server Graphical Shell
Full Metro Full Windows 8 user interface, Store, Media Player
desktop-experience
Desktop Experience
39
Four Interfaces
o Server-GUI-mgmt-infra: Minimal Server GUI
o Server-GUI-Shell: Server with GUIo Desktop-Experience: full Windows 8
GUIo Only have one enabled at a time,
or you get the "GUI-est" optiono For example, Server-GUI-mgmt-infra
and Server-GUI-Shell gives you Server-GUI-Shell
o Each require a reboot
install-windowsfeature feature names
40
Exampleso To get Server GUI, o install-windowsfeature server-gui-shell
-restarto To move from that to Server Core,o uninstall-windowsfeature server-gui-
shell -restart
41
More on install-windowsfeature
o Use the get-windowsfeature command to see all roles and features and which ones are installed
o The "*" wild card workso To see just things that match some
string like "dhcp", doo get-windowsfeature *dhcp*
finding feature/role names: tip
42
More on install-windowsfeature
o -IncludeAllSubFeature: useful for roleso -WhatIf: lets you know what the above
will do!o -Restart: restart the server if
necessaryo -IncludeManagementTools: some
roles/features need management tools – AD Admin Center, DHCP Manager, etc – and this doesn't install them by default (usually)
other options (with abbreviations)
43
Install-WindowsFeature Power Toolso Install everything with "iscsi" in its
name:o get-windowsfeature *iscsi* | install-
windowsfeatureo Add tools and subroles:o get-windowsfeature *iscsi*|install-
windowsfeature -includea -includemo Do it on three machines:o invoke-command –computername
dc1,dc2,member1 –scriptblock {get-windowsfeature *iscsi* | install-windowsfeature}
44
Reference: Expand on the Exampleo Put the names of the servers into a
file named, say, PCs.txt, theno invoke-command –computername (cat
pcs.txt) –scriptblock {get-windowsfeature *iscsi* | install-windowsfeature}
45
PowerShell 102o Up to 2300 PowerShell cmdlets in the
box, depending on what you've installed
o PowerShell Integrated Scripting Editor (ISE) is also a great way to explore PoSH cmdlets
o For the impatient (me and most of you), the new show-command cmdlet really accelerates PowerShell use – here's an example
o It was my first shot – knowing nothing – at creating a virtual machine with PoSH
46
I'll bet that new-vm command's got some really long help, and I don't feel like reading…
47
I screwed up -- any "bytes" fields can include GB etc
48
49
PowerShell 103
o Parameters – the things preceded by a dash – can be shortened as far is as possible without causing confusion, so in this command
o rename-vm –name "oldname" –newname "new"
o a look at help shows us that there are only two parameters starting with "n" – name and newname – and so the command can be
o rename-vm –na "oldname" –ne "new"
shortening PowerShell commands
50
PowerShell 103
o Commands often have "aliases," shorter versions; find them with the get-alias command, which has an alias "gal:"
o gal –def commandnameo gal –def "import-module"o Or make your own with sal, "set-alias"o sal newalias existingcommando sal rvm remove-vm
shortening PowerShell commands
51
PowerShell Help Quirko Microsoft decided to ship PowerShell
help files independently of the OS… so PoSH has none out of the box
o Fixes:o update-help pulls down help fileso save-help \\sv1\helpfiles downloads the fileso update-help –sourcepath \\sv1\helpfiles gets the
help files from a nearby locationo This only works once a day; add –force to
ignore the once a day rule
52
A Few Tips on Server Setupo First, remember WSIM and GPO
settingso PowerShell: rename-computero rename-computer –newname DC1 –
restarto Or to join a domain, add-computer –
computername name –domainname dname [-newname newname] [-oupath dn]
o add-computer –computername DC1 -domainname bigfirm.com –newname NYDC
o … joins and renames in one shoto You may have to delete an existing
acct first
53
Finally, a Few More Evil Overlord Tipso "I will never build only one of anything
important. All important systems will have redundant control panels and power supplies."
o "My main computers will have their own special operating system that will be completely incompatible with standard Microsoft and Apple OSes."
o "I will never build a sentient computer smarter than I am."
o "Once my power is secure, I will destroy all those pesky time-travel devices."
54
Thanks!o My two-day Windows Server class and
my one-day PowerShell class comes to San Francisco July 15-17 2013; info at www.minasi.com
o Newsletters there alsoo Contact me at [email protected]