Linux Training in Coimbatore & Best Linux Server Administration Training Institute

Sunday, 30 December 2018

Installing Nano Server

Overview of installing Nano Server

As mentioned previously, Nano Server cannot be directly installed from the installation media during setup. The files required for setting up Nano Server are located in the \NanoServer folder located on the Windows Server 2016 Installation media. Nano Server is installed using one of three methods:

Deploying a VHD image that will be hosted as a virtual machine on a Hyper-V host.

Deploying a VHD as a bootable drive on a physical computer.

Deploying a Nano Server WIM file on a physical computer. The steps are similar for each option:

Copy the NanoServerImageGenerator folder from the NanoServer folder on the Windows Server 2016 installation media to a folder on your local machine.

Start Windows PowerShell as an administrator and change the directory to the NanoServerImageGenerator folder on your local drive.

Import the NanoServerImageGenerator module by using the following Windows PowerShell Import-Module cmdlet:

Import-Module .\NanoServerImageGenerator -Verbose

Create the VHD or WIM by using the New-NanoServerImage cmdlet with the following syntax:

New-NanoServerImage -Edition <edition> -DeploymentType <deployment type> -MediaPath <media path> -BasePath <base path> -TargetPath <target path> -ComputerName <computer name> -Packages <packages> -<other package switches>

where:

Edition – is the Windows Server 2016 edition the Nano Server will be based on; either Standard or Datacenter.

Deployment type – The type of deployment; Host for WIM or bootable VHD, Guest for VHDs hosted in Hyper-V. •
Media path – The path to the root of the Windows Server 2016 installation media.

Base path – This optional switch is used when creating a WIM file. When creating a WIM file, the

Nano Server binaries will be copied to this folder so that the New-NanoServerWim* cmdlet can*
be used to create a new image without specifying the -MediaPath* switch.*	*MCT*
	*USE*
o Target path – The path and file name, including extension, of the Nano Server Image. The file
type created depends on the file extension specified: .vhd for a Generation 1 virtual machine,
.vhdx for a Generation virtual machine, and .wim for a WIM file.
o Computer name – The name of the target Nano Server computer.
o Packages – The -Packages* switch is used to install certain roles and features, listed in the*
previous topic on Nano Server. Multiple packages can be combined in a comma-separated list.	*.ONLY*
	*.ONLY*
o Other package switches – Some Packages are installed using their own switches. See the previous
topic for a complete list. If you want to deploy a Nano Server to a physical machine, be sure to
use the -OEMDrivers* switch to install the basic set of device drivers that are included in the*
Standard edition installation.
The Windows PowerShell script prompts you for an administrator account and password when it is
run.

Deploying the Nano Server VHD in Hyper-V
Once you create the VHD for the Nano Server, the steps for deploying the Nano Server in Hyper-V is
similar to deploying any virtual machine:	STUDENT
1. Create a new virtual machine, by using the VHD, in Hyper-V Manager.
management tools to manage the server.
2. Boot and then connect to the virtual machine from Hyper-V Manager.
3. Log on to the Nano Server Recovery Console using the administrator account and password.
4. Obtain the IP address for the virtual machine and connect to the Nano Server by using the remote
Deploying the Nano Server VHD on a physical computer	USE
You can also run the Nano Server on a physical computer by using the VHD that you created. As noted	USE

previously, you must ensure that the OEM drivers for the most common hardware are installed by using the -OEMDrivers switch during VHD creation. The steps for deploying the VHD to the physical computer are as follows:

Copy the VHD to the local computer.

Configure the VHD to boot by using the following steps:

Mount the VHD.

Run the bcdboot command targeting the VHD. For example, if the VHD is mounted to the E:\ drive:

	bcdboot e:\windows

c. Unmount the VHD.		PROHIBITED
4. Boot the computer into the Nano Server VHD.		PROHIBITED

Deploying a Nano Server WIM

Creating a Nano Server WIM is as simple as specifying .wim as the file extension when providing the -

TargetPath value. Once the WIM file is created you can deploy it by using WinPE:

Ensure the .wim file is accessible from WinPE.

Boot into WinPE on the local server.

Use Diskpart.exe to prepare the local hard drive.

Apply the Nano Server image by using Dism.exe.

Remove the WinPE media if applicable, and reboot the system by using the following command:

Wpeutil.exe reboot

After you reboot the Nano Server from whichever deployment method you used:

Obtain the IP address of the Nano Server computer and use the remote management tools or Windows PowerShell to connect and manage the server.

Deploying a Nano Server WIM

Creating a Nano Server WIM is as simple as specifying .wim as the file extension when providing the -

TargetPath value. Once the WIM file is created you can deploy it by using WinPE:

Ensure the .wim file is accessible from WinPE.

Boot into WinPE on the local server.

Use Diskpart.exe to prepare the local hard drive.

Apply the Nano Server image by using Dism.exe.

Remove the WinPE media if applicable, and reboot the system by using the following command:

Wpeutil.exe reboot

After you reboot the Nano Server from whichever deployment method you used:

Obtain the IP address of the Nano Server computer and use the remote management tools or Windows PowerShell to connect and manage the server.

Managing and configuring Nano Server

You can change the basic network configuration by using the Tab key to navigate to Networking and

PROHIBITED

then pressing Enter. You can then select the appropriate network adapter from the list by using the cursor keys to navigate to the correct adapter and then pressing Enter.

The current network settings are displayed. You can press either F11 to configure IPv4 settings or F12 for IPv6 settings. If you choose to configure IPv4, use the F4 key to switch the settings. For example, to enable or disable DHCP, press F4. To enter a manual IPv4 configuration, disable DHCP and then use the number keys to type a suitable IP address, subnet mask, and default gateway. Press Enter twice to update the configuration. Press Esc repeatedly to return to the main menu.

Configuring the firewall

You might need to configure firewall settings to enable remote management. From the main Nano Server Recovery Console, press the Tab key to navigate to Firewall, and then press Enter. A list of firewall rules is displayed. Use the cursor keys to navigate up and down the list and press Enter for a rule you want to configure.

For example, to enable remote event log management, locate the remote event log management (RPC)
rule and press Enter. Press F4 to Enable/Disable. Press ESC and select the next rule, and then repeat the
procedure. When you have configured all rules, press ESC to return to the main menu.	USE
Ongoing management	USE
Ongoing management

Once you have configured the networking settings and enabled the appropriate remote management firewall ports for inbound communications, you can manage the Nano Server remotely by using either Server Manager, Windows PowerShell, or any other management tool by using the Connect to option to select the Nano Server. Typical management tasks include:

• Adding the computer to a domain

• Adding roles and features to the server

the domain and using that data blob when joining the domain. The basic steps for this follow. ONLY

Adding the Nano Server to a domain online

You perform an online domain join by harvesting a domain data blob from a computer already joined to

1. Harvest the domain data blob from a computer running Windows Server 2016 that is already joined

to the domain by using the following command:

Djoin.exe /provision /domain <domain name> /machine <Nano Server machine name> /savefile <path and name of blob file>

2. Enable File and Printer Sharing on the Nano Server.

a. Using Windows PowerShell Remoting, connect to the Nano Server with the following commands from a Windows PowerShell session running as administrator:

		Set-Item WSMan:\localhost\client\TrustedHosts “<Nano Server IP address>”
		$ipaddress = “<Nano Server IP address>”	STUDENT
		Enter-PSSession -ComputerName $ipaddress -Credential $ipaddress\Administrator


	b. Provide the Administrator password and set the firewall rule to enable file and printer sharing:

		Netsh advfirewall firewall set rule group=”File and Printer Sharing” new
		enable=yes

3. Copy the data blob file to the Nano Server by using the following commands:			USE
			USE
	Net use z: \\<Nano Server IP address>\c$
	Md z:\temp
	copy <name of blob file> z:\temp

4. Using the Windows PowerShell Remoting session, join the domain by using the following command:

Djoin.exe /requestodj /loadfile c:\temp\<name of blob file> /windowspath c:\windows /localos

5. Use the following commands to restart the Nano Server computer and exit the Windows PowerShell Remoting session:

shutdown /r /t	5
Exit-PSSession		PROHIBITED

Adding roles and features to Nano Server online
To install new roles and features to Nano Server online without editing or rebuilding the VHD, you will
need to find and install those roles and features from the online repository by using the
PackageManagement PowerShell module and the NanoServerPackage provider.
You install the provider by using the following PackageManagement cmdlets:		STUDENT

Install-PackageProvider NanoServerPackage
Install-PackageProvider NanoServerPackage
Import-PackageProvider NanoServerPackage

Once the NanoServerPackage provider is installed you can find and install Nano Server packages by using
either Nano Server specific cmdlets or the generic PackageManagement variations of those cmdlets. The
Nano Server package cmdlets are:
•	Find-NanoServerPackage
•	Save-NanoServerPackage
•	Install-NanoServerPackage

You can use the Install-NanoServerPackage cmdlet to install packages to both online images and offline images.

You can also install roles and features by using Deployment Image

Installing and configuring Nano Server

What is Nano Server?

Nano Server is a new installation option for Windows Server 2016 that is similar to Windows Server in Server Core mode. However, although it has a significantly smaller hardware footprint, it has no local sign-in capability and supports only 64-bit apps, tools, and agents. Setup is significantly faster, and after installation, the operating system requires far fewer updates.

Note: Nano Server is not available for selection through the Windows Server 2016 setup wizard. Instead, you must create a virtual hard

drive by using Windows PowerShell. You can then use this virtual hard drive on a virtual machine to support a virtualized Nano Server in Hyper-V, or you can configure your server computer to start from a .vhd file for a physical Nano Server deployment option.

Use scenarios
Nano Server is ideal for use in the following scenarios:
 Hyper-V host for virtual machines, either in clusters or not (compute host) USE
 As a storage host for a scale-out file server, either in clusters or not
 As a DNS server
 As a web server running Microsoft Internet Information Services (IIS)
 As a host for applications that are developed by using cloud application patterns and run in a
container or virtual machine guest operating system .ONLY
Server roles available in Nano Server

The following table shows the server roles and features that you can either install when you deploy Nano
Server or subsequently install by using Windows PowerShell on a previously deployed Nano Server.

Role or feature Option to install

Hyper-V role -Compute

Failover clustering -Clustering

Drivers for a variety of network adapters and -OEMDrivers
storage controllers (this is the same set of
drivers included in a Server Core installation of
Windows Server 2016)

File Server role and other storage components -Storage

Windows Defender Antimalware, including a -Defender
default signature file

DNS Server role -Packages Microsoft-NanoServer-DNS-Package

Desired State Configuration Packages Microsoft-NanoServer-DSC-Package

IIS -Packages Microsoft-NanoServer-IIS-Package

Host support for Windows Containers -Containers

System Center Virtual Machine Manager agent
-Packages Microsoft-Windows-Server-SCVMM-
Package
-Packages Microsoft-Windows-Server-SCVMM-

Compute-Package

Network Performance Diagnostics Service -Packages Microsoft-NanoServer-NPDS-
(NPDS) Package

Data Center Bridging -Packages Microsoft-NanoServer-DCB-Package

Boot and run from a RAM disk -Packages Microsoft-NanoServer-Guest-
Package

Deploy on a virtual machine -Packages Microsoft-NanoServer-Host-Package

Role or feature Option to install

Secure Startup -Packages Microsoft-NanoServer-
SecureStartup-Package
Shielded Virtual Machine -Packages Microsoft-NanoServer-ShieldedVM-
Package

While many roles are supported by Nano Server, several important roles and features are not supported, including AD DS, AD CS, and DHCP.

features and improvements introduced in Windows Server 2016

features and feature improvements were introduced in Windows Server 2016:

 Nano Server. Nano Server is a new installation option for Windows Server 2016. With no graphical or

command prompt interface, it has a significantly lower hardware requirement than Server Core. NanoUSE

Server is the ideal platform for Hyper-V, Hyper-V cluster, and scale-out file servers and cloud service .ONLY

apps.

 Windows Server containers and Hyper-V containers. Containers enable you to isolate your apps from

the operating system environment. This improves security and reliability. Windows containers are

isolated from one another but run on the host operating system. Hyper-V containers are further

isolated, because they run within a virtual machine.

 Docker. Docker is a technology for managing containers. Although Docker is usually associated with

Linux, Windows Server 2016 provides support for Docker for managing Windows containers andHyper-V containers.

 Rolling upgrades for Hyper-V and storage clusters. These upgrades enable you to add Windows

Server 2016 nodes to an existing Windows Server 2012 R2 failover cluster. The cluster continues to

operate at a Windows Server 2012 R2 functional level until all the nodes are upgraded.

 The ability to hot add and hot remove virtual memory and network adapters from virtual machines. In

Hyper-V in Windows Server 2016, you can now add or remove virtual memory and network adapters

while the virtual machines are running.

 Nested virtualization. In Hyper-V in Windows Server 2016, you can enable nested virtualization,

enabling you to run Hyper-V virtual machines within a virtual machine.

 Shielded virtual machines. Shielding your virtual machines enables you to help protect the data on

them from unauthorized access.

USE

 PowerShell Direct. This feature enables you to run Windows PowerShell commands against a guest

operating system in a virtual machine without handling security policies, host network settings, or

firewall settings.

 Windows Defender. Windows Defender is provided to help protect your server against malware.

Although the Windows Defender interface is not installed by default, the antimalware patterns are automatically kept up-to-date.

 Storage Spaces Direct. This feature enables you to build highly available storage with directly attached disks on each node in a cluster. The Server Message Block 3 (SMB3) protocol provides resiliency.

 Storage Replica. This feature enables you to synchronously or asynchronously replicate volumes at the block level.

 Microsoft Passport. This service replaces passwords with two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. This helps provide a more secure and convenient sign-in experience.

 Remote Desktop Services. You can now use an Azure SQL database to create a high availability environment for Remote Desktop Connection Broker.

 Active Directory Domain Services (AD DS). AD DS improvements include support for privileged access management (PAM), support for Azure AD Join, along with support for Microsoft Passport.

Note: Windows Server 2016 includes many other improvements to existing features. For a

full list of all the changes in Windows Server 2016, refer to: “What's New in Windows Server 2016

Technical Preview 5” at: http://aka.ms/S4u2tt

Nano Server

Nano Server

The requirements for Nano Server depend on the features and roles installed. Nano Server runs from a VHD, either from within Hyper-V, or you can boot directly from the VHD at startup. The smallest Nano Server VHD will be approximately 440 MB, before installing features such as IIS or commonly used drivers. A VHD with IIS and commonly used drivers will be just over 500 MB.

Other hardware requirements

In addition to the previously referenced requirements, there are a variety of other hardware requirements

to keep in mind, depending on your specific organizational needs and installation scenarios:

 Greater disk space is required for network installations or for computers with more than 16 GB of RAM.

 Storage and network adapters must be PCI Express compliant.

 A Trusted Platform Module (TPM) 2.0 chip is required for certain features such as BitLocker Drive Encryption.

Overview of installation options

When you install Windows Server 2016, you can USE

select one of three installation options:

 Windows Server 2016 (Desktop Experience).

This is a full server installation and includes a

complete graphical management interface.

This installation option supports all Windows .ONLY

Server roles.

 Windows Server 2016. This is the equivalent of

Server Core in earlier versions of Windows

Server and provides for a command-line

management interface. This installation option

has a reduced hardware footprint but does

not support all Windows Server roles.

 Nano Server. This is a new installation option for which Windows Server 2012 and earlier versions

 Hyper-V role

have no equivalent. Nano Server is administered remotely and optimized for hosting in private clouds and datacenters, and for running applications that are developed by using cloud application patterns.

Nano Server cannot be directly installed from the installation media during setup. Nano Server is installed as a VHD or as a Windows Imaging (WIM) file that is built using Windows PowerShell cmdlets. The VHD file can be booted from within Hyper-V or booted directly from a physical machine. The WIM file can be applied after booting into the Windows Preinstallation Environment (WinPE).

When creating the VHD for a Nano Server, you can select either the Standard or Datacenter edition of Nano Server and select various Packages that are used to add server roles and features to a VHD image. Some of these roles and features include:

 Failover Clustering USE

 IIS

 File Server role

 DNS Server role

 Host support for Windows Containers

Note: Installing Server Core and Nano Server is covered in detail in the next lesson.

prompted to install the appropriate administrative tools. The best practice is to manage servers remotely by using the Remote Server Administration Tools (RSAT) available for Windows

Managing servers remotely MCT

Performing the interactive management of

USE

Windows Server is not the best practice. With

Server Core and, to a greater extent, Nano Server,

your local management options are very limited.

After you have configured the network and

firewall settings of Server Core or Nano Server, you

must perform other management tasks remotely.

.ONLY

When you install a role or feature, you will be

10. RSAT includes the full set of administrative tools, including Server Manager, the Active Directory Administrative Center, and management consoles. You can later choose to disable the tools by using Turn Windows features on or off in Control Panel.

Note: For a full list of all the tools included in RSAT for Windows 10, refer to: “Remote Server Administration Tolls (RSAT) for Windows Client and Windows Server (dsform2wiki)” at: http://aka.ms/hz53ry

To download Remote Server Administration Tools, see http://aka.ms/wzpq0j

Server Manager

Server Manager is part of the Windows Server 2016 Desktop Experience, or you can run it from a Windows 10 workstation when installed as part of RSAT. Server Manager is the primary GUI tool to manage computers running Windows Server 2016. The Server Manager console can manage both local and remote servers. You can also manage servers as groups, allowing you to perform the same administrative tasks quickly across multiple servers. You can also use Server Manager to run the Best Practices Analyzer to determine if the roles are functioning properly on the servers in your network.

Windows PowerShell remoting and PowerShell Direct

You can use Windows PowerShell to run Windows PowerShell commands or scripts against correctly configured remote servers if the script is hosted on the local server. With Windows PowerShell remoting, where necessary, you can also load Windows PowerShell modules locally, such as those part of Server Manager, and run the cmdlets available in that module against appropriately configured remote servers. In Windows Server 2016, you also have the option of using PowerShell Direct to run PowerShell scripts or cmdlets on virtual machines from a Hyper-V host.

Note: More information about PowerShell Direct is provided in Module 5, “Installing and configuring Hyper-V and virtual machines.”

Remote Shell

Windows Remote Shell (WinRS) is a command-line tool that allows you to execute remote commands on a target server that supports Windows Remote Management (WinRM). WinRM is a collection of standards-based technologies that enables administrators to manage server hardware when signed in directly or over the network. Server Manager and Windows PowerShell remoting also rely on WinRM in Windows Server 2016.

Remote desktop

You can connect to a remote server computer that is running the Server Core installation or the full

installation by using Remote Desktop. On Server Core, you must enable Remote Desktop by using USE

Sconfig.cmd. You cannot use Remote Desktop to remotely manage Nano Server.

Group Policy

You can use Group Policy to manage Server Core and full installations of Windows Server 2016, just like

you can manage any other computer running Windows. However, you cannot use Group Policy to

manage Nano Server. Later topics in this module discuss options for using Windows PowerShell for .ONLY

applying Group Policy settings to Nano Server installations.

Firewall settings

Microsoft Management Console (MMC) and some other tools used for remote server management rely on the Distributed Component Object Model (DCOM) . Even Server Manager, when managing servers running Windows Server 2008 without the Windows Management Framework updates installed, depends on DCOM. DCOM, unlike WinRM, requires Windows Firewall on the computer running the remote management tools to be configured to allow exceptions to multiple rules. These exceptions include:

COM+ Network Access (DCOM-In)

Remote Event Log Management (NP-In)

Remote Event Log Management (RPC)

Remote Event Log Management (RPC-EPMAP)

Additional Reading: For more information about configuring firewall settings to support remote management, refer to the procedure: “To configure MMC or other tool remote management over DCOM” in the topic “Configure Remote Management in Server Manager” at: http://aka.ms/eyxjjf

Using Windows PowerShell 5.0 to manage servers

Windows PowerShell 5.0 is a scripting language and command-line interface that is designed to assist you in performing day-to-day administrative tasks. Windows PowerShell cmdlets execute at a Windows PowerShell command prompt or combine into Windows PowerShell scripts. With the introduction of Nano Server, a headless server environment, it is necessary to use Windows PowerShell to manage servers remotely. A headless server has no graphical user interface and there is no capability for local sign-in.

Importing modules

Some Windows PowerShell cmdlets are not available in the default Windows PowerShell library. When you enable some Windows features or want to administer particular environments, you must obtain additional Windows PowerShell functions. These additional functions are packaged in modules. For example, to manage Nano Server, Windows Server containers, and Azure AD with Windows PowerShell, you must import the required modules.

STUDENT USE PROHIBITED

Note: Windows PowerShell DSC is covered in detail in Module 12, “Managing, monitoring, and maintaining virtual machine installations.”

Windows PowerShell DSC is a set of Windows PowerShell extensions, cmdlets, and resources that support configuring and managing remote computers in a scalable and standardized manner by pushing or pulling declarative configurations.

Windows PowerShell Desired State Configuration (DSC)

You can then run the same cmdlets that you normally run in the same way as with any other remote Windows PowerShell situation.

Enter-PSSession -VMName VMName

To use PowerShell Direct, from your host, run the following Windows PowerShell cmdlet: