manage server 2012 like a pro… or, better, like an evil overlord! presented by mark minasi...

Manage Server 2012 Like a Pro… Or, Better, Like an Evil Overlord!Presented by Mark Minasihelp@minasi.com@mminasi on twitter

1copyright 2013 Mark Minasi; please do not redistribute, and thanks for respecting my copyrights!

Let's Be Clear About a Few Thingso First, computers and software are not

our friends.o (No matter how much fun you get from

Facebook, Twitter or Angry Birds.)o They must be… managed.o No, they must be … mastered. o Dominated. o Conquered… o … before they conquer us.

the thoughts behind this presentation

3

After Realizing This…o I realized that I … and you … must

reluctantly play the part an evil overlord, or by default we allow the servers be that overlord

o So I did some research, and found a list of the 100 things an evil overlord should do and not do (thank you, Peter Anspach at www.eviloverlord.com/lists/overlord.html)

o I have adapted some of those to guide us in managing Windows Server 2012

4

What? You Don't Believe Me?

o "My ventilation ducts will be too small to crawl through."

o "One of my advisors will be an average five-year-old child. Any flaws in my plan that he is able to spot will be corrected before implementation."

o (Had Microsoft used this second one, Windows 8 might not have occurred.)

consider a few examples

So…o Let's see how to roll out, configure

and manage Windows Server 2012o Much of your existing Server 2008

and R2 skills work, but they messed with Server Manager big-time, so that'll require a bit of retooling

o Here's a quick look at the tools you've got, which ones are worth your time and which to skip

The Perspective

o Microsoft:o "Remote access is the default"

o Microsoft:o "Server core is the default"

o Minasi's Addendum:o "Learn PowerShell or y'all won't have a job

much longer"o Evil Overlord Perspective:

o "With remote access, I can seize control of my enemies without them even knowing where I am!"

6

Setup Changeso Largely the same "Panther" setup

engine from Vista onwardso As with R2, 64-bit onlyo Also as with R2, there's a "GUI or Not?"

question

7Best of all, it's not a one-way choice, as we'll see

Installing Server without DVDs

o Avoid dealing with DVDso Instead

o Download the ISOo Get a 4+GB USB sticko Wipe it, partition it, make it bootable,

format it from WinPE/Windows 7 or latero Mount the ISOo Robocopy the files from the ISO to the

USB sticko Then boot from and do installs from the

USB stick8

9

Create the USB Sticko Diskparto List diskso See which one is the USB stick "disk"o Select disk disknumbero cleano create partition primaryo activeo assigno format fs=ntfs quick label="2012

Install"

10

Copy the Install Files to the USB Sticko Mount the ISO using a tool like Virtual

Clone Drive (free) or, if you're working from Win 8/Server 2012, you can just open it in Explorer (finally!)

o Assume that the USB stick is drive F: and the mounted ISO is drive D:

o Open a command prompt and typeo robocopy d:\ f:\ * /s /mt:10o Once done, you can then boot any

system from the USB stick and install Server 2012

o Do it with a USB 3.0 stick… it's waaay fast

11

Make Your Life Easier with WSIMo So much needs configuring on server

nowadays – and now that you need to punch in product IDs – simplify the process

o Download the Assessment and Deployment Kit (ADK) from Microsoft, install it, and use the Windows System Image Manager to create a file called autounattend.xml

o Put it on any removable storage device, do the install and you can pre-answer lots of questions/preconfigure things

o Look at Newsletter #60 for more

12

My Simple XML Automates…

o Setup languageo OS languageo Skip EULAo Enter "organization"

infoo Drive format and

setupo Product key insertiono Default SAN policyo Default DNS domaino IE enhanced security

settingso IE setup annoyances

o Don't automatically start Server Manager

o Time zoneo Firewall profile

settingo Windows update

settingo And I could have

done lots more… I just ran out of time

13

Bottom Line on Setup…Whether MDT, USB sticks and autounattend or whatever you like, some very simple, free tools can make Setup easier, so spend just a little time to learn and then use them.

Or, as the Evil Overlord rules say,

"I will be neither chivalrous nor sporting. If I have an unstoppable superweapon, I will use it as early and as often as possible instead of keeping it in reserve."

14

Remote Admin is the Defaulto Systems are configured for remote

admin (in the winrm sense) by default

o RDP and RPC are noto Group policy offers great remote

admin powerso PowerShell remote control is very,

very easy (compared to learning PowerShell)

o Most MMCs work fine remotely against Core!

o Let's look at the Server UIo It's a bit odd as Server UIs go, as it's

really built to be touch-first

15

The Four New GUIs

o Server offers you four levels of UI – Server Core and three levels of "GUI intensity"

o Can be dialed up to match the "Metro" interface on Win 8 tablets

o UI elements are more 2D than before and the colors are lower-contrast

o The start menu now has a completely separate screen called the "Start Screen"

in brief… more details ahead

16

Four Interfaces

o You can put any of four interfaces on Server 2012o Server Core: mostly command line, no

Start Screen, no Server Manager, no MMCs, no IE

o Minimal Server Interface: runs Server Manager (servermanager.exe, no Start Screen, MMCs, no IE)

o Server GUI: all Windows Desktop applications, no Windows RT applications, IE installed

o Desktop Experience: Windows RT apps, the Windows Store, Aero Glass, Media Player

Metro, server core and two in-between

17

18

Overlord Ideas in Action

Another important Evil Overlord tip is

"I will be secure in my superiority. Therefore, I will feel no need to prove it by leaving clues in the form of riddles to my weaknesses."While I'm not sure, I think this explains the kinda thin documentation for Server 2012 and its management tools.

19

Navigating Server Manager

o Manage kicks off roles & features wizard

o The flag calls you to info, warnings, errors –click it to see status of Manage tasks

o Circle with arrows refreshes the display… which is often important

o Tools drops down a list of management tools (DNS manager, DHCP, AD Admin Center, etc)

o "All Servers" points to Server Manager's new multi-server nature

the big stuff

20

Getting to Other Apps/Tools

o What was once your Start Programs menu is now a completely different screen that swaps on and off your monitor called the "Start Screen"

o To access it, eithero Press the Windows key (you may have to

adjust your RDP client settings for this to work), or

o Hover your mouse in the LLH corner of the screen (15x15 pixel area), then click the rectangular blue-ish "tile" that appears in the 15x15 pixel space

o Touch that area on a multitouch monitor

um, there's no "start" button

21

22

Start Screen Overviewo Icons become "tiles"o On Win 8, these tiles and this Start

Screen can do a lot of things, but those things are deactivated on Server by default

o You can still organize tiles into groups and then name the groups

o To find any program, type its name right on the desktop

o More on this in Newsletter #100

23

Meet the "Charms," All 3+2 Of 'Emo You get to some settings via something

called the "settings charm"o There are two others by default, the

"search" charm and the "start screen" charm

o And two more if you're in full Metro mode

o Get to them byo Pressing Windows+Co Hovering the mouse in the URH or LRH

corner of the screeno Touching those locations with your finger

on a multitouch screen

(remember, there are lots of kinds of "charms," including a curse)

24

25

The Dashboard: Events

o You can either click "Local Server" or "All Servers" on the left-hand-side of Server Manager and then you'll see Events, Services, Best Practices Analyzer, Performance and Roles and Features

o Some of those things can be filtered by right-clicking them, like the Best Practices Analyzer

o The clue is often the "EVENTS" with the down-chevron next to it

26

27

Getting a Command Prompto You'll probably need it elevatedo Methods:

o Windows+r, cmd (not elevated)o Start screen / type "cmd," see the

"Command Prompt" tile, right click it, at the bottom of the screen see ""Run as administrator", respond to UAC

o The PowerShell icon will usually work fine, although some commands may not parse right

28

29

Shutting Down/Restartingo Command line:

o shutdown –s –t 0o shutdown –r –t 0o shutdown –l (logoff)

o PowerShell:o stop-computero restart-computero restart-server (with Windows workflow

foundation)o In the Settings charm, you probably

already noticed a power icon

30

Useful Keystrokes ([w]=Windows key)o [w]: to Start Screeno [w]+D: Desktopo [w]+E: File Explorero [w]+R: “Run” dialogo [w]+C: charmso [w]+F: search for

fileso [w]+I: Settings

o [w]+L: lock computer

o [w]+P: screenso [w]+X: useful linkso [w]+Y: System pageo [w]+Tab, alt-tab

work roughly as before

o alt-f4 even closes Metros

• Find an app in Metro: just type on the screen

• See battery power: bring up the charms• Get the keyboard: Search in Metro,

taskbar on Desktop (may have to include as a toolbar)

31

Remote Admin Toolso From Win 7, you can use the 7/R2

remote server admin toolso From Win 8, download the RSAT for

Win 8o Unfortunately that RSAT will not run

on Windows 7, but the Win 7/R2 tools will let you do some administration

32

Overlord Ideas in Action

"I will dress in bright and cheery colors, and so throw my enemies into confusion."

Translated, this means 'I only created that pretty-and-annoying tablet interface on Server 2012 to make you want to learn PowerShell."

33

Starting PowerShell

o Press the Windows key to get to the "Start Menu"

o Right-click the "Windows PowerShell" tile

o Below it in the Options Bar, click "Run as administrator"

o Or just start up any command prompt and type "powershell"

o More PowerShell soono Server Core (and even Windows PE)

includes it as well

admit it, you know you're going to love it…

34

PowerShell 101o Commands ("cmdlets") look like

"verb-noun," like get-process or new-aduser

o PoSH uses very few verbs: new, get, set, remove, add, write, etc

o No central PoSH power at Microsoft; instead, program groups decide to implement PoSH, and then choose their nouns, like "aduser" for AD users, "vm" for virtual machines, etc

o The nouns are always singular, never plural

o PowerShell is 99.99% case insensitiveo Cmdlets too much to type? Tab-

completion.

35

The Four Big PoSH Verbso new always means "create something

new;" no cmdlet starts with "create-," it's always new – new-vm creates a VM

o get is like "show" or "list;" get-vm would show all virtual machines on a Hyper-V server

o set lets you change some characteristic; set-vm would let you rename it, change how much RAM it has, etc

o remove means "delete;" remove-vm would delete a virtual machine

36

Getting PowerShell Helpo Very simple… just use "help," as ino help new-vmo Add –full for complete help, -examples

for exampleso You can use wildcards or just stringso help *-vm*o help *-ad*o help vmfailovero Or you'll get articles on topics, as ino help remote

37

A PoSH Example: Picking a GUI

o install-windowsfeature featureorrole or uninstall-windowsfeature featureorrole

o Or you can poke around the Roles Wizard, but the Wizard isn't terribly clear either; in Features, it's User Interfaces and Infrastructure, with three sub-features

o It's not like there's a radio button for Server Core, Minimal Server GUI, Full Server GUI etc

o You need the feature-or-role name to get a given GUI; here they are

the tool: install-windowsfeature

38

Setting the GUI's LevelTo get this UI: Which includes in install-

windowsfeaturein Wizard

Server Core Cmd prompt, PowerShell, some GUI tools, no Internet Explorer

none… use uninstall-windowsfeature server-gui-mgmt-infra

Uncheck "User Interfaces and Infrastructure"

Minimal Server Manager, MMCs, no IE

server-gui-mgmt-infra

Graphical Management Tools and Infrastructure

Full GUI Server with GUI, IE, runs any 2008 R2 apps but no Media Player, WinRT apps

server-gui-shell Server Graphical Shell

Full Metro Full Windows 8 user interface, Store, Media Player

desktop-experience

Desktop Experience

39

Four Interfaces

o Server-GUI-mgmt-infra: Minimal Server GUI

o Server-GUI-Shell: Server with GUIo Desktop-Experience: full Windows 8

GUIo Only have one enabled at a time,

or you get the "GUI-est" optiono For example, Server-GUI-mgmt-infra

and Server-GUI-Shell gives you Server-GUI-Shell

o Each require a reboot

install-windowsfeature feature names

40

Exampleso To get Server GUI, o install-windowsfeature server-gui-shell

-restarto To move from that to Server Core,o uninstall-windowsfeature server-gui-

shell -restart

41

More on install-windowsfeature

o Use the get-windowsfeature command to see all roles and features and which ones are installed

o The "*" wild card workso To see just things that match some

string like "dhcp", doo get-windowsfeature *dhcp*

finding feature/role names: tip

42

More on install-windowsfeature

o -IncludeAllSubFeature: useful for roleso -WhatIf: lets you know what the above

will do!o -Restart: restart the server if

necessaryo -IncludeManagementTools: some

roles/features need management tools – AD Admin Center, DHCP Manager, etc – and this doesn't install them by default (usually)

other options (with abbreviations)

43

Install-WindowsFeature Power Toolso Install everything with "iscsi" in its

name:o get-windowsfeature *iscsi* | install-

windowsfeatureo Add tools and subroles:o get-windowsfeature *iscsi*|install-

windowsfeature -includea -includemo Do it on three machines:o invoke-command –computername

dc1,dc2,member1 –scriptblock {get-windowsfeature *iscsi* | install-windowsfeature}

44

Reference: Expand on the Exampleo Put the names of the servers into a

file named, say, PCs.txt, theno invoke-command –computername (cat

pcs.txt) –scriptblock {get-windowsfeature *iscsi* | install-windowsfeature}

45

PowerShell 102o Up to 2300 PowerShell cmdlets in the

box, depending on what you've installed

o PowerShell Integrated Scripting Editor (ISE) is also a great way to explore PoSH cmdlets

o For the impatient (me and most of you), the new show-command cmdlet really accelerates PowerShell use – here's an example

o It was my first shot – knowing nothing – at creating a virtual machine with PoSH

46

I'll bet that new-vm command's got some really long help, and I don't feel like reading…

47

I screwed up -- any "bytes" fields can include GB etc

48

49

PowerShell 103

o Parameters – the things preceded by a dash – can be shortened as far is as possible without causing confusion, so in this command

o rename-vm –name "oldname" –newname "new"

o a look at help shows us that there are only two parameters starting with "n" – name and newname – and so the command can be

o rename-vm –na "oldname" –ne "new"

shortening PowerShell commands

50

PowerShell 103

o Commands often have "aliases," shorter versions; find them with the get-alias command, which has an alias "gal:"

o gal –def commandnameo gal –def "import-module"o Or make your own with sal, "set-alias"o sal newalias existingcommando sal rvm remove-vm

shortening PowerShell commands

51

PowerShell Help Quirko Microsoft decided to ship PowerShell

help files independently of the OS… so PoSH has none out of the box

o Fixes:o update-help pulls down help fileso save-help \\sv1\helpfiles downloads the fileso update-help –sourcepath \\sv1\helpfiles gets the

help files from a nearby locationo This only works once a day; add –force to

ignore the once a day rule

52

A Few Tips on Server Setupo First, remember WSIM and GPO

settingso PowerShell: rename-computero rename-computer –newname DC1 –

restarto Or to join a domain, add-computer –

computername name –domainname dname [-newname newname] [-oupath dn]

o add-computer –computername DC1 -domainname bigfirm.com –newname NYDC

o … joins and renames in one shoto You may have to delete an existing

acct first

53

Finally, a Few More Evil Overlord Tipso "I will never build only one of anything

important. All important systems will have redundant control panels and power supplies."

o "My main computers will have their own special operating system that will be completely incompatible with standard Microsoft and Apple OSes."

o "I will never build a sentient computer smarter than I am."

o "Once my power is secure, I will destroy all those pesky time-travel devices."

54

Thanks!o My two-day Windows Server class and

my one-day PowerShell class comes to San Francisco July 15-17 2013; info at www.minasi.com

o Newsletters there alsoo Contact me at mark@minasi.com