Microsoft
Official
Course

WS-011T00
Windows Server 2019
Administration


WS-011T00

Windows Server 2019
Administration


II  Disclaimer

 
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in 
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
 
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these

patents, trademarks, copyrights, or other intellectual property.
 
The names of manufacturers, products, or URLs are provided for informational purposes only and   
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is
not responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained  
therein.
 
© 2019 Microsoft Corporation. All rights reserved.
 
Microsoft and the trademarks listed at 1are trademarks of the
Microsoft group of companies. All other trademarks are property of their respective owners.
 
 

1

/>

EULA  III

MICROSOFT LICENSE TERMS
MICROSOFT INSTRUCTOR-LED COURSEWARE
These license terms are an agreement between Microsoft Corporation (or based on where you live, one
of its affiliates) and you. Please read them. They apply to your use of the content accompanying this

agreement which includes the media on which you received it, if any. These license terms also apply to
Trainer Content and any updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1. DEFINITIONS.
1. “Authorized Learning Center” means a Microsoft Imagine Academy (MSIA) Program Member,
Microsoft Learning Competency Member, or such other entity as Microsoft may designate from
time to time.
2. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led Courseware conducted by a Trainer at or through an Authorized Learning Center.
3. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center
owns or controls that is located at an Authorized Learning Center’s training facilities that meets or
exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware.
4. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training
Session or Private Training Session, (ii) an employee of an MPN Member (defined below), or (iii) a
Microsoft full-time employee, a Microsoft Imagine Academy (MSIA) Program Member, or a
Microsoft Learn for Educators – Validated Educator.
5. “Licensed Content” means the content accompanying this agreement which may include the
Microsoft Instructor-Led Courseware or Trainer Content.
6. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training
session to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a Microsoft Certified Trainer under the Microsoft Certification Program.
7. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course
that educates IT professionals, developers, students at an academic institution, and other learners
on Microsoft technologies. A Microsoft Instructor-Led Courseware title may be branded as MOC,
Microsoft Dynamics, or Microsoft Business Group courseware.
8. “Microsoft Imagine Academy (MSIA) Program Member” means an active member of the Microsoft
Imagine Academy Program.
9. “Microsoft Learn for Educators – Validated Educator” means an educator who has been validated
through the Microsoft Learn for Educators program as an active educator at a college, university,
community college, polytechnic or K-12 institution.

10.“Microsoft Learning Competency Member” means an active member of the Microsoft Partner
Network program in good standing that currently holds the Learning Competency status.
11.“MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as
Microsoft Official Course that educates IT professionals, developers, students at an academic
institution, and other learners on Microsoft technologies.
12.“MPN Member” means an active Microsoft Partner Network program member in good standing.


IV  EULA

13.“Personal Device” means one (1) personal computer, device, workstation or other digital electronic
device that you personally own or control that meets or exceeds the hardware level specified for
the particular Microsoft Instructor-Led Courseware.
14.“Private Training Session” means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led
Courseware. These classes are not advertised or promoted to the general public and class attendance is restricted to individuals employed by or contracted by the corporate customer.
15.“Trainer” means (i) an academically accredited educator engaged by a Microsoft Imagine Academy
Program Member to teach an Authorized Training Session, (ii) an academically accredited educator
validated as a Microsoft Learn for Educators – Validated Educator, and/or (iii) a MCT.
16.“Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and
additional supplemental content designated solely for Trainers’ use to teach a training session
using the Microsoft Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint
presentations, trainer preparation guide, train the trainer materials, Microsoft One Note packs,
classroom setup guide and Pre-release course feedback form. To clarify, Trainer Content does not
include any software, virtual hard disks or virtual machines.
2. USE RIGHTS. The Licensed Content is licensed, not sold. The Licensed Content is licensed on a one
copy per user basis, such that you must acquire a license for each individual that accesses or uses the
Licensed Content.
●● 2.1 Below are five separate sets of use rights. Only one set of rights apply to you.
1. If you are a Microsoft Imagine Academy (MSIA) Program Member:

1. Each license acquired on behalf of yourself may only be used to review one (1) copy of the
Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3)
Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device
you do not own or control.
2. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one
(1) End User who is enrolled in the Authorized Training Session, and only immediately
prior to the commencement of the Authorized Training Session that is the subject matter
of the Microsoft Instructor-Led Courseware being provided, or
2. provide one (1) End User with the unique redemption code and instructions on how they
can access one (1) digital version of the Microsoft Instructor-Led Courseware, or
3. provide one (1) Trainer with the unique redemption code and instructions on how they
can access one (1) Trainer Content.
3. For each license you acquire, you must comply with the following:
1. you will only provide access to the Licensed Content to those individuals who have
acquired a valid license to the Licensed Content,
2. you will ensure each End User attending an Authorized Training Session has their own
valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the
Authorized Training Session,
3. you will ensure that each End User provided with the hard-copy version of the Microsoft
Instructor-Led Courseware will be presented with a copy of this agreement and each End


EULA  V

User will agree that their use of the Microsoft Instructor-Led Courseware will be subject
to the terms in this agreement prior to providing them with the Microsoft Instructor-Led
Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware,
4. you will ensure that each Trainer teaching an Authorized Training Session has their own
valid licensed copy of the Trainer Content that is the subject of the Authorized Training

Session,
5. you will only use qualified Trainers who have in-depth knowledge of and experience with
the Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware
being taught for all your Authorized Training Sessions,
6. you will only deliver a maximum of 15 hours of training per week for each Authorized
Training Session that uses a MOC title, and
7. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer
resources for the Microsoft Instructor-Led Courseware.
2. If you are a Microsoft Learning Competency Member:
1. Each license acquire may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices.
You may not install the Microsoft Instructor-Led Courseware on a device you do not own or
control.
2. For each license you acquire on behalf of an End User or MCT, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one
(1) End User attending the Authorized Training Session and only immediately prior to
the commencement of the Authorized Training Session that is the subject matter of the
Microsoft Instructor-Led Courseware provided, or
2. provide one (1) End User attending the Authorized Training Session with the unique
redemption code and instructions on how they can access one (1) digital version of the
Microsoft Instructor-Led Courseware, or
3. you will provide one (1) MCT with the unique redemption code and instructions on how
they can access one (1) Trainer Content.
3. For each license you acquire, you must comply with the following:
1. you will only provide access to the Licensed Content to those individuals who have
acquired a valid license to the Licensed Content,
2. you will ensure that each End User attending an Authorized Training Session has their
own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of
the Authorized Training Session,
3. you will ensure that each End User provided with a hard-copy version of the Microsoft
Instructor-Led Courseware will be presented with a copy of this agreement and each End

User will agree that their use of the Microsoft Instructor-Led Courseware will be subject
to the terms in this agreement prior to providing them with the Microsoft Instructor-Led
Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware,


VI  EULA

4. you will ensure that each MCT teaching an Authorized Training Session has their own
valid licensed copy of the Trainer Content that is the subject of the Authorized Training
Session,
5. you will only use qualified MCTs who also hold the applicable Microsoft Certification
credential that is the subject of the MOC title being taught for all your Authorized
Training Sessions using MOC,
6. you will only provide access to the Microsoft Instructor-Led Courseware to End Users,
and
7. you will only provide access to the Trainer Content to MCTs.
3. If you are a MPN Member:
1. Each license acquired on behalf of yourself may only be used to review one (1) copy of the
Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3)
Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device
you do not own or control.
2. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one
(1) End User attending the Private Training Session, and only immediately prior to the
commencement of the Private Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or
2. provide one (1) End User who is attending the Private Training Session with the unique
redemption code and instructions on how they can access one (1) digital version of the
Microsoft Instructor-Led Courseware, or
3. you will provide one (1) Trainer who is teaching the Private Training Session with the
unique redemption code and instructions on how they can access one (1) Trainer

Content.
3. For each license you acquire, you must comply with the following:
1. you will only provide access to the Licensed Content to those individuals who have
acquired a valid license to the Licensed Content,
2. you will ensure that each End User attending an Private Training Session has their own
valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the
Private Training Session,
3. you will ensure that each End User provided with a hard copy version of the Microsoft
Instructor-Led Courseware will be presented with a copy of this agreement and each End
User will agree that their use of the Microsoft Instructor-Led Courseware will be subject
to the terms in this agreement prior to providing them with the Microsoft Instructor-Led
Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware,
4. you will ensure that each Trainer teaching an Private Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Private Training Session,


EULA  VII

5. you will only use qualified Trainers who hold the applicable Microsoft Certification
credential that is the subject of the Microsoft Instructor-Led Courseware being taught
for all your Private Training Sessions,
6. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Private Training Sessions
using MOC,
7. you will only provide access to the Microsoft Instructor-Led Courseware to End Users,
and
8. you will only provide access to the Trainer Content to Trainers.
4. If you are an End User:
For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for
your personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you
may access the Microsoft Instructor-Led Courseware online using the unique redemption code

provided to you by the training provider and install and use one (1) copy of the Microsoft
Instructor-Led Courseware on up to three (3) Personal Devices. You may also print one (1) copy
of the Microsoft Instructor-Led Courseware. You may not install the Microsoft Instructor-Led
Courseware on a device you do not own or control.
5. If you are a Trainer.
1. For each license you acquire, you may install and use one (1) copy of the Trainer Content in
the form provided to you on one (1) Personal Device solely to prepare and deliver an
Authorized Training Session or Private Training Session, and install one (1) additional copy
on another Personal Device as a backup copy, which may be used only to reinstall the
Trainer Content. You may not install or use a copy of the Trainer Content on a device you do
not own or control. You may also print one (1) copy of the Trainer Content solely to prepare
for and deliver an Authorized Training Session or Private Training Session.
2. If you are an MCT, you may customize the written portions of the Trainer Content that are
logically associated with instruction of a training session in accordance with the most recent
version of the MCT agreement.
3. If you elect to exercise the foregoing rights, you agree to comply with the following: (i)
customizations may only be used for teaching Authorized Training Sessions and Private
Training Sessions, and (ii) all customizations will comply with this agreement. For clarity, any
use of “customize” refers only to changing the order of slides and content, and/or not using
all the slides or content, it does not mean changing or modifying any slide or content.
●● 2.2 Separation of Components. The Licensed Content is licensed as a single unit and you
may not separate their components and install them on different devices.
●● 2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights
above, you may not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft.
●● 2.4 Third Party Notices. The Licensed Content may include third party code that Microsoft, not the third party, licenses to you under this agreement. Notices, if any, for the third party
code are included for your information only.
●● 2.5 Additional Terms. Some Licensed Content may contain components with additional
terms, conditions, and licenses regarding its use. Any non-conflicting terms in those conditions
and licenses also apply to your use of that respective component and supplements the terms
described in this agreement.



VIII  EULA

3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject
matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to
the other provisions in this agreement, these terms also apply:
1. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release
version of the Microsoft technology. The technology may not work the way a final version of the
technology will and we may change the technology for the final version. We also may not release a
final version. Licensed Content based on the final version of the technology may not contain the
same information as the Licensed Content based on the Pre-release version. Microsoft is under no
obligation to provide you with any further content, including any Licensed Content based on the
final version of the technology.
2. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly
or through its third party designee, you give to Microsoft without charge, the right to use, share
and commercialize your feedback in any way and for any purpose. You also give to third parties,
without charge, any patent rights needed for their products, technologies and services to use or
interface with any specific parts of a Microsoft technology, Microsoft product, or service that
includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its technology, technologies, or products to third parties because we include your
feedback in them. These rights survive this agreement.
3. Pre-release Term. If you are an Microsoft Imagine Academy Program Member, Microsoft Learning Competency Member, MPN Member, Microsoft Learn for Educators – Validated Educator, or
Trainer, you will cease using all copies of the Licensed Content on the Pre-release technology upon
(i) the date which Microsoft informs you is the end date for using the Licensed Content on the
Pre-release technology, or (ii) sixty (60) days after the commercial release of the technology that is
the subject of the Licensed Content, whichever is earliest (“Pre-release term”). Upon expiration or
termination of the Pre-release term, you will irretrievably delete and destroy all copies of the
Licensed Content in your possession or under your control.
4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you

more rights despite this limitation, you may use the Licensed Content only as expressly permitted in
this agreement. In doing so, you must comply with any technical limitations in the Licensed Content
that only allows you to use it in certain ways. Except as expressly permitted in this agreement, you
may not:
●● access or allow any individual to access the Licensed Content if they have not acquired a valid
license for the Licensed Content,
●● alter, remove or obscure any copyright or other protective notices (including watermarks), branding or identifications contained in the Licensed Content,
●● modify or create a derivative work of any Licensed Content,
●● publicly display, or make the Licensed Content available for others to access or use,
●● copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,
●● work around any technical limitations in the Licensed Content, or
●● reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property


EULA  IX

laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property
rights in the Licensed Content.
6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to
the Licensed Content. These laws include restrictions on destinations, end users and end use. For
additional information, see www.microsoft.com/exporting.
7. SUPPORT SERVICES. Because the Licensed Content is provided “as is”, we are not obligated to
provide support services for it.
8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you
fail to comply with the terms and conditions of this agreement. Upon termination of this agreement

for any reason, you will immediately stop all use of and delete and destroy all copies of the Licensed
Content in your possession or under your control.
9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible
for the contents of any third party sites, any links contained in third party sites, or any changes or
updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to
you only as a convenience, and the inclusion of any link does not imply an endorsement by Microsoft
of the third party site.
10.ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.
11.APPLICABLE LAW.
1. United States. If you acquired the Licensed Content in the United States, Washington state law
governs the interpretation of this agreement and applies to claims for breach of it, regardless of
conflict of laws principles. The laws of the state where you live govern all other claims, including
claims under state consumer protection laws, unfair competition laws, and in tort.
2. Outside the United States. If you acquired the Licensed Content in any other country, the laws of
that country apply.
12.LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the
laws of your country. You may also have rights with respect to the party from whom you acquired the
Licensed Content. This agreement does not change your rights under the laws of your country if the
laws of your country do not permit it to do so.
13.DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE AFFILIATES GIVES NO
EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO
THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
14.LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO
US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST
PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.



X  EULA

This limitation applies to
●● anything related to the Licensed Content, services, content (including code) on third party Internet
sites or third-party programs; and
●● claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion
or limitation of incidental, consequential, or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en franỗais.
EXONẫRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute
utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre
garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection
dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les
garanties implicites de qualité marchande, d’adéquation à un usage particulier et dabsence de contrefaỗon sont exclues.
LIMITATION DES DOMMAGES-INTẫRấTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages
directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les
autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.
Cette limitation concerne:
●● tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers; et.
●● les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de
négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.
Elle s’applique également, même si Microsoft connaissait ou devrait conntre l’éventualité d’un tel
dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages
indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus

ne s’appliquera pas à votre égard.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits
prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois
de votre pays si celles-ci ne le permettent pas.
Revised April 2019


Contents
■■

Module 0 Course introduction  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
About this course  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 

1
1

■■

Module 1 Windows Server administration  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of Windows Server administration principles and tools  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introducing Windows Server 2019  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of Windows Server Core  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 01 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .








3
3
15
25
31

■■

Module 2 Identity services in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of AD DS  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deploying Windows Server domain controllers  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of Azure AD  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing Group Policy  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of AD CS  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 02 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .









37
37
56
70
81
93

103

■■

Module 3 Network infrastructure services in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deploying and managing DHCP  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deploying and managing DNS services  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deploying and managing IPAM  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 03 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .







107
107
120
138
149

■■

Module 4 File servers and storage management in Windows Server  . . . . . . . . . . . . . . . . . . . . .
Volumes and file systems in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing sharing in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing Storage Spaces in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing Data Deduplication  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing iSCSI  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Deploying DFS  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 04 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .










157
157
168
175
188
199
207
220

■■

Module 5 Hyper-V virtualization and containers in Windows Server  . . . . . . . . . . . . . . . . . . . . .
Hyper-V in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring VMs  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Securing virtualization in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Containers in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of Kubernetes  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .









227
227
236
253
260
270



Module 05 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 

273

■■

Module 6 High availability in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Planning for failover clustering implementation  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating and configuring failover clusters  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of stretch clusters  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
High availability and disaster recovery solutions with Hyper-V VMs  . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 06 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .









281
281
297
315
323
329

■■

Module 7 Disaster recovery in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hyper-V Replica  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Backup and restore infrastructure in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 07 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .






339
339
350
357


■■

Module 8 Windows Server security  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Credentials and privileged access protection in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hardening Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Just Enough Administration in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Securing and analyzing SMB traffic  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Windows Server Update Management  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 08 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .









361
361
374
382
390
394
401

■■

Module 9 RDS in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of RDS  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring a session-based desktop deployment  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of personal and pooled virtual desktops  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 09 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .







411
411
438
454
465

■■

Module 10 Remote Access and web services in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of RAS in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing VPNs  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing NPS  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing Always On VPN  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing Web Server in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 10 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .










471
471
480
492
506
514
527

■■

Module 11 Server and performance monitoring in Windows Server  . . . . . . . . . . . . . . . . . . . . . .
Overview of Windows Server monitoring tools  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Performance Monitor  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Monitoring event logs for troubleshooting  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 11 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .







537
537
547
557

561

■■

Module 12 Upgrade and migration in Windows Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AD DS migration  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Storage Migration Service  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Windows Server Migration Tools  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module 12 lab and review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .







565
565
570
576
580


Module 0 Course introduction

About this course
About this course

Welcome to the Windows Server 2019 Administration course, which is part of a set of three courses that
cover Windows Server administration and transitioning to cloud-only and hybrid models. This course

focuses on Windows Server 2019 administration, when servers are deployed on-premises. Course
WS-012T: Windows Server 2019 Hybrid and Azure IaaS covers the use of Microsoft Azure in managing
server workloads in hybrid environments and helping secure virtual machines that are running on
Windows Server 2019. Course WS-013T: Azure Stack HCI covers the running of virtual workloads on
Microsoft platforms at medium to large scale by using software-defined datacenters and hyperconverged
principles.
Level: Intermediate

Audience
This course is for IT professionals who have some experiencing working with Windows Server and want to
learn how to administer Windows Server 2019. The audience for this course also includes current Windows Server administrators who have worked with older Windows Server versions and who want to
update their skills in Windows Server 2019. Service-desk professionals who want to transition to server
maintenance or pass exams relating to Windows Server also will find this course useful.

Prerequisites
This course assumes you have skills and experience with the following technologies and concepts:
●● Active Directory Domain Services (AD DS) in Windows Server 2012 or Windows Server 2016.
●● Microsoft Hyper-V and basic server virtualization.
●● Windows client operating systems such as Windows 8, Windows 8.1, or Windows 10.
●● Windows PowerShell.


2  Module 0 Course introduction  

●● Windows Server 2012 or Windows Server 2016 configuration and maintenance.
●● Basic security best practices.
●● Core networking technologies such as IP addressing, name resolution, and Dynamic Host Configuration Protocol (DHCP).

Labs and demonstrations
You’ll perform labs and the demonstrations on a virtual lab environment from an authorized lab hoster.


Course syllabus

The course content includes a mix of content, demonstrations, hands-on labs, and reference links.
 

Module Name

0

Course introduction

1

Windows Server administration

2

Identity services in Windows Server

3

Network infrastructure services in Windows Server

4

File servers and storage management in Windows
Server

5


Hyper-V virtualization and containers in Windows
Server

6

High availability in Windows Server

7

Disaster recovery in Windows Server

8

Windows Server security

9

RDS in Windows Server

10

Remote access and web services in Windows
Server

11

Server and performance monitoring in Windows
Server


12

Upgrade and migration in Windows Server

Course resources

There are many resources that can help you learn about Windows Server. We recommend that you
bookmark the following websites:
●● Microsoft Learn:1 Free role-based learning paths and hands-on experiences for practice.
●● Windows Server documentation:2 Articles and how-to guides about using Windows Server.

1
2

/> />

Module 1 Windows Server administration

Overview of Windows Server administration
principles and tools
Lesson overview

In this lesson, you will learn about Windows Server administration best practices and the tools available
for managing Windows Servers. The practice of least privilege has always been the cornerstone of
security in the computing environment. Microsoft has supplied many tools and guidelines to allow
management of the environment while reducing the exposure of systems and data.
After completing this lesson, you will be able to:
●● Describe the concept of least privilege.
●● Describe delegated privileges.
●● Explain how to delegate privileges.

●● Describe privileged access workstations.
●● Describe jump servers.
●● Describe Windows Server Admin Center.
●● Describe Server Manager.
●● Describe how to use Remote Server Administration Tools (RSAT).
●● Describe how to use PowerShell to manage servers.
●● Explain how to manage servers remotely.

Overview of Windows Admin Center

Managing and administrating the IT environment involves using different tools across multiple consoles.
Windows Admin Center combines those tools into a single console that can easily be deployed and
accessed through a web interface.


4  Module 1 Windows Server administration  

Windows Admin Center is a modular web application comprised of the following four modules:
●● Server manager. Manages servers that run Windows Server 2008 R2 and newer (limited functionality
for 2008 R2). If you want to manage servers other than the local server, you must add those other
servers to the console.
●● Failover clusters
●● Hyper-converged clusters
●● Windows 10 clients
Windows Admin Center has two main components:
●● Gateway. The Gateway manages servers through remote PowerShell and Windows Management
Instrumentation (WMI) over Windows Remote Management (WINRM).
●● Web server. The Web server component observes HTTPS requests and serves the user interface to the
web browser on the management station. This is not a full install of Internet Information Services (IIS),
but a mini Web server for this specific purpose.

Note: Because Windows Admin Center is a web-based tool that uses HTTPS, it requires a X.509 certificate
to provide SSL encryption. The installation wizard gives you the option to either use a self-signed certificate or provide your own SSL certificate. This certificate expires 60 days after it is created.

Benefits of Windows Admin Center
The following table describes the benefits of Windows Admin Center:
Table 1: Benefits of Windows Admin Center
Benefit

Description

Familiar functionality

It uses the familiar admin tools from Microsoft
Management Consoles.

Easy to install and use

You can download and install it on Windows 10 or
Windows Server through a single Windows
Installer (MSI) and access it from a web browser.

Compliments existing solutions

It does not replace but compliments existing
solutions such as Remote Server Administration
Tools, System Center, and Azure Operation
Management Suite.

Manage from the internet


It can be securely published to the public internet
so you can connect to and manage servers from
anywhere.

Enhanced security

Role-based access control lets you fine-tune which
administrators have access to which management
features. Gateway authentication provides support
for local groups, Active Directory groups, and
Azure Active Directory groups.

Azure integration

You can easily get to the proper tool within
Windows Admin Center, then launch it to the
Azure portal for full management of Azure
services.


 Overview of Windows Server administration principles and tools  5

Benefit

Description

Extensibility

A Software Development Kit (SDK) will allow
Microsoft and other partners to develop new tools

and solutions for more products.

No external dependencies

Windows Admin Center doesn't require internet
access or Microsoft Azure. There is no requirement
for IIS or SQL server and there are no agents to
deploy. The only dependency is to the requirement of Windows Management Framework 5.1 on
managed servers.

Supported platforms and browsers
You can install Windows Admin Center on Windows 10 version 1709 or newer, or Windows Server 2016
or newer. Windows Admin Center is not supported on domain controllers and will return an error if you
try to install it. The Windows browser versions of Microsoft Edge on Windows 10 and Google Chrome are
tested and supported on Windows 10. Other modern web browsers have not been tested and are not
officially supported. Internet Explorer is not supported and will return an error if you attempt to launch
Windows Admin Center.

Demonstration: Use Windows Server Admin
Center

In this demonstration, you will learn how to install the Windows Server Admin Center and add a server for
remote administration and perform various administrative tasks.

Demonstration steps
Install Windows Server Admin Center
1. Open File Explorer and browse to C:\Labfiles\Mod01.
2. Double-click or select WindowsAdminCenter1910.2.msi, and then select Enter. Install Windows
Admin Center by accepting all the defaults.


Add servers for remote administration
1. Open Microsoft Edge and go to Https://Sea-Adm1.
2. In Windows Admin Center, add SEA-DC1.
3. To connect to SEA-DC1, select the link to SEA-DC1.Contoso.com.

Browse through the various admin sections
●● In Windows Server Admin Center browse through the following panes:
●● Overview
●● Certificates


6  Module 1 Windows Server administration  

●● Files
●● Events
●● Devices
●● Performance Monitor
●● Processes
●● Roles & Features
●● Scheduled Tasks
●● PowerShell

Server Manager

Server Manager is the built-in management console that most server administrators are familiar with.
You can use the current version to manage the local server and remotely manage up to 100 servers.
However, this number will depend on the amount of data that you request from managed servers and
the hardware and network resources available to the system running Server Manager. In the Server
Manager console, you must manually add remote servers that you want to manage. IT administrators
often use Server Manager to remotely manage server core installations.

The Server Manager console comes with the Remote Server Administration Tools for Windows 10.
However, you can only use it to manage remote servers. You can't use Server Manager to manage client
operating systems.
Server Manager initially opens to a dashboard which provides quick access to:
●● Adding roles and features.
●● Adding other servers to manage.
●● Creating a server group.
●● Connecting this server to cloud services.
The dashboard also has links to web-based articles about new features in Server Manager and links to
learn more about Microsoft solutions.
Server Manager has a section for properties of the local server. Here, you can perform types of initial
configuration that are similar to the types possible with the sconfig tool. These include:
●● Computer name and domain membership
●● Windows Firewall settings
●● Remote Desktop
●● Network settings
●● Windows Update settings
●● Time zone
●● Windows activation
This section also provides basic information about the hardware, such as:
●● O/S version
●● Processor information
●● Amount of RAM


 Overview of Windows Server administration principles and tools  7

●● Total disk space
There are also sections for:
●● Querying specific event logs for various event severity levels over a specific time period.

●● Monitoring the status of services and stopping and starting services.
●● Best practices analysis to determine if the roles are functioning properly on your servers.
●● A display of Performance Monitor that allows you to set alert thresholds on CPU and memory.
●● Listing the installed roles and features with the ability to add and remove them.
The navigation pane will have a link to other roles installed on the server, which will provide information
about specific roles such as events relating to that role. In some cases, you will observe a sub-menu that
allows you to configure aspects about the role, such as File and Storage Services and Remote Desktop
Services.

Remote Server Administration Tools

Remote Server Administration Tools (RSAT) are a group of management tools that enables IT administrators to remotely manage roles and features in Windows Server from a computer that is running Windows
10, Windows 8.1, and Windows 8.
When you install RSAT on Windows 8, Windows 8.1, or Windows 10, all the tools are enabled by default.
You can later choose to disable the tools by using Turn Windows features on or off in Control Panel.
RSAT for Windows 10 consists of the full complement of available management tools including the
following:
Table 1: Management tools in RSAT
Tool

Description

Active Directory Certificate Services (AD CS) Tools

AD CS Tools include Certification Authority,
Certificate Templates, Enterprise PKI, and Online
Responder Management snap-ins.

Active Directory Domain Services (AD DS) Tools
and Active Directory Lightweight Directory

Services (AD LDS) Tools

AD DS Tools and AD LDS Tools include Active
Directory Administrative Center, Active Directory
Domains and Trusts, Active Directory Sites and
Services, Active Directory Users and Computers,
ADSI Edit, Active Directory module for Windows
PowerShell, and tools such as DCPromo.exe, LDP.
exe, NetDom.exe, NTDSUtil.exe, RepAdmin.exe,
DCDiag.exe, DSACLs.exe, DSAdd.exe, DSDBUtil.exe,
DSMgmt.exe, DSMod.exe, DSMove.exe, DSQuery.
exe, DSRm.exe, GPFixup.exe, KSetup.exe, KtPass.
exe, NlTest.exe, NSLookup.exe, and W32tm.exe.

Best Practices Analyzer

Best Practices Analyzer cmdlets for Windows
PowerShell

BitLocker Drive Encryption Administration Utilities

Manage-bde, Windows PowerShell cmdlets for
BitLocker, and BitLocker Recovery Password Viewer
for Active Directory


8  Module 1 Windows Server administration  

Tool


Description

DHCP Server Tools

DHCP Server Tools include the DHCP Management
Console, the DHCP Server cmdlet module for
Windows PowerShell, and the Netsh command line
tool

DirectAccess, Routing and Remote Access

Routing and Remote Access management console,
Connection Manager Administration Kit console,
Remote Access provider for Windows PowerShell,
and Web Application Proxy

DNS Server Tools

DNS Server Tools include the DNS Manager
snap-in, the DNS module for Windows PowerShell,
and the Ddnscmd.exe command line tool.

Failover Clustering Tools

Failover Clustering Tools include Failover Cluster
Manager, Failover Clusters (Windows PowerShell
cmdlets), MSClus, Cluster.exe, Cluster-Aware
Updating management console, and Cluster-Aware Updating cmdlets for Windows PowerShell.

File Services Tools


File Services Tools include the following: Share and
Storage Management Tools, Distributed File
System Tools, File Server Resource Manager Tools,
Services for NFS Administration Tools, iSCSI
management cmdlets for Windows PowerShell;

Distributed File System Tools

Distributed File System Tools include the DFS Management snap-in, and the Dfsradmin.exe, Dfsrdiag.
exe, Dfscmd.exe, Dfsdiag.exe, and Dfsutil.exe
command line tools and PowerShell modules for
Distributed File System Name Space (DFSN) and
Distributed File System Replication (DFSR).

File Server Resource Manager Tools

These include the File Server Resource Manager
snap-in and the Dirquota.exe, Filescrn.exe, and
Storrept.exe command line tools.

Group Policy Management Tools

Group Policy Management Tools include Group
Policy Management Console, Group Policy Management Editor, and Group Policy Starter GPO
Editor.

Network Load Balancing Tools

Network Load Balancing Tools include the Network Load Balancing Manager, Network Load

Balancing Windows PowerShell cmdlets, and the
NLB.exe and WLBS.exe command line tools.

Remote Desktop Services Tools

Remote Desktop Services Tools include the
Remote Desktop snap-ins, RD Gateway Manager,
tsgateway.msc, RD Licensing Manager, licmgr.exe,
RD Licensing Diagnoser, and lsdiag.msc. Use
Server Manager to administer all other RDS role
services except RD Gateway and RD Licensing.

Server Manager

Server Manager includes the Server Manager
console.


 Overview of Windows Server administration principles and tools  9

Tool

Description

SMTP Server Tools

SMTP Server Tools include the Simple Mail Transfer
Protocol (SMTP) snap-in

Windows System Resource Manager Tools


Windows System Resource Manager Tools include
the Windows System Resource Manager snap-in
and the Wsrmc.exe command line tool.

Volume Activation

Manages volume activation through the vmw.exe
file.

Windows Server Update Services Tools

Windows Server Update Services Tools include the
Windows Server Update Services snap-in, WSUS.
msc, and PowerShell cmdlets

Windows PowerShell

Windows PowerShell is a command line shell and scripting language that allows task automation and
configuration management. Windows PowerShell cmdlets execute at a Windows PowerShell command
prompt or combine into Windows PowerShell scripts. PowerShell 5.1 is included natively in Windows
Server 2016 and Windows Server 2019.

Cmdlets
PowerShell uses cmdlets to perform tasks. A cmdlet is a small command that performs a specific function.
You can combine multiple cmdlets to perform multiple tasks either as command line entries or to run as a
script. Cmdlets employ a verb/noun naming pattern joined by a hyphen. This makes each cmdlet more
literal and easier to interpret and remember. For example, in the cmdlet Get-service, Get is the action
and service is the object the action will be performed on. This command will return a listing of all services
installed on the computer and their status.

You can further granularize most cmdlets by adding parameters to fine tune the results of the cmdlet. For
example, if you are interested in a specific service, you can append the -Name parameter with the name
of the service to return information about that specific service. For example, Get-service -Name Spooler
will return information about the status of the Print Spooler service.
Multiple cmdlets can be piped together by using the vertical line (|) character. This will help you string
together cmdlets to format, filter, sort, and refine the results. The output of the first cmdlet is piped as
input to the next cmdlet for further processing. For example, Get-service -Name Spooler|restart-service will retrieve the Spooler service object and then perform the command to restart the Print Spooler
service.
For repetitive tasks, you can save these cmdlets into a script and run them manually or schedule them to
run regularly. You can create a script easily by entering the commands into a text editor such as Notepad
and saving the file with a PS1 extension. You can manually run the script by entering the script name in
the PowerShell command shell or schedule with Task Scheduler.

Modules
Many products such as Microsoft SharePoint and Hyper-V have their own set of cmdlets specific to that
product and some even have their own command shell that automatically loads the cmdlets for that app,
such as Microsoft Exchange. These application-specific cmdlets are packaged together and installed as
modules so that all the proper commands for that application are available. Usually, these modules
become available to the PowerShell environment by installing the application. The PowerShell module for


10  Module 1 Windows Server administration  

that app is installed as part of the installation. Occasionally, you need to load these modules into the
command shell by using the Install-Module cmdlet.

PowerShell Integrated Scripting Environment (ISE)
PowerShell ISE is a GUI-based tool that allows you to run commands and create, change, debug, and test
scripts. The GUI is a tabbed interface, much like a browser, which allows you to work on multiple PowerShell projects, each in an isolated tab. The screen is split into three main sections. The top pane is a text
editor where you enter your commands and the bottom pane is a command shell that displays the results

so you can test the script while in development. A third pane occupies the right side of the screen and
displays a listing of all the available cmdlets. After you are satisfied with the script that you create, you
can use the save command from the menu to save the script.

PowerShell Direct
Many administrators choose to run some of their servers in virtualized environments. To enable a simpler
administration of Windows Server Hyper-V VMs, Windows 10 and Windows Server 2019 both support a
feature called PowerShell Direct.
PowerShell Direct enables you to run a Windows PowerShell cmdlet or script inside a VM from the host
operating system regardless of network, firewall, and remote management configurations.

Demonstration: Manage servers remotely

In this demonstration, you will learn how to perform Windows PowerShell remote management. You will
use PowerShell remote from the management server to check the status of the Internet Information
Services (IIS) Admin service, and then restart the IIS Admin service on SEA-DC1. Then you will get a listing
of all services and add it to a text file on the management computer.

Demonstration steps
1. Switch to WS-011T00A-SEA-ADM1-B and sign in as Administrator.
2. Launch PowerShell in an elevated admin session.
3. Run the cmdlet Enter-PSSession -ComputerName SEA-DC1.
4. Run the cmdlet Get-Service -Name IISAdmin. Observe the results.
5. Run the cmdlet Get-Service -Name IISAdmin|Restart-Service. Observe the results.
6. Run the cmdlet Get-Service|Out-File \\SEA-ADM1\C$\ServiceStatus.txt.
7. Use File Explorer to check if ServiceStatus.txt was created, and then open the file.
8. Close all open windows.

Overview of the least-privilege administration
concept


Most security breaches or data loss incidents are the result of human error, malicious activity, or a
combination of both. For example, a user is logged on with an account that has Enterprise Admin rights
and opens an email attachment that runs malicious code. That code will have full admin rights across the
enterprise because the user that ran it had full admin rights.


 Overview of Windows Server administration principles and tools  11

Least privilege is the concept of restricting access rights for users, service accounts, and computing
processes to only those resources absolutely required to perform their job roles. Although the concept is
easy to understand, it can be complex to implement, and in many cases, it's simply not adhered to. The
principle states that all users should sign in with a user account that has the minimum permissions
necessary to complete the current task and nothing more. Doing so supplies protection against malicious
code, among other attacks. This principle applies to computers and the users of those computers.
Additional reading: For more information, go to Implementing Least-Privilege Administrative
Models1.

Delegated privileges

Accounts that are members of high privilege groups such as Enterprise Admins and Domain Admins have
full access to all systems and data. As such, those accounts must be closely guarded, but there will be
users who need certain admin rights to perform their duties. For example, help desk staff must be able to
reset passwords and unlock accounts for ordinary users, while some IT staff will be responsible for
installing applications on clients or servers, or performing backups.
Delegated privilege supplies a way to grant limited authority to certain users or groups. Also, Active
Directory and member servers have built-in groups that have predetermined privileges assigned. For
example, Backup Operators and Account Operators have designated rights assigned to them.
Additional reading. For more information about Active Directory security groups, go to Active Directory Security Groups2.
If the built-in security groups do not meet your needs, you can delegate more granular privileges to users

or groups by using the Delegation of Control Wizard. The wizard allows you to assign permissions at
the site, domain, or organization unit level. The wizard has the following pre-defined tasks that you can
assign:
●● Create, delete, and manage user accounts
●● Reset user passwords and force password change at next sign in
●● Read all user information
●● Create, delete, and manage groups
●● Modify the membership of a group
●● Join a computer to the domain (only available at the domain level)
●● Manage Group Policy links
●● Generate Resultant Set of Policy (Planning)
●● Generate Resultant Set of Policy (Logging)
●● Create, delete, and manage inetOrgPerson accounts
●● Reset inetOrgPerson passwords and force password change at next logon
●● Read all inetOrgPerson information
You can also combine permissions to create and assign custom tasks.

1
2

/> />