Windows Server Administration

Contents

Server Basics

Server Manager

  • Role and Feature Installation
  • Server Monitoring
  • Configuration Management
  • Remote Server Administration
# PowerShell Server Management # Install Windows Features Install-WindowsFeature -Name DNS, DHCP, AD-Domain-Services # Get Server Information Get-ComputerInfo Get-Service Get-Process Get-EventLog -LogName System -Newest 50 # Remote Management Enter-PSSession -ComputerName Server01 Invoke-Command -ComputerName Server01 -ScriptBlock {Get-Service}

Active Directory

Domain Controller Setup

# Install AD DS Role Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools # Configure New Forest Install-ADDSForest ` -DomainName "contoso.com" ` -DomainNetbiosName "CONTOSO" ` -InstallDns ` -Force # Add Additional DC Install-ADDSDomainController ` -DomainName "contoso.com" ` -Credential (Get-Credential)

User and Group Management

# Create New User New-ADUser ` -Name "John Doe" ` -SamAccountName "jdoe" ` -UserPrincipalName "jdoe@contoso.com" ` -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) ` -Enabled $true # Create Group New-ADGroup ` -Name "IT Support" ` -GroupScope Global ` -GroupCategory Security # Add User to Group Add-ADGroupMember -Identity "IT Support" -Members "jdoe"

Group Policy Management

GPO Creation and Management

# Create New GPO New-GPO -Name "Security Policy" # Link GPO to OU New-GPLink ` -Name "Security Policy" ` -Target "OU=IT,DC=contoso,DC=com" # Set GPO Settings Set-GPRegistryValue ` -Name "Security Policy" ` -Key "HKLM\Software\Policies\Microsoft\Windows\System" ` -ValueName "DisableCMD" ` -Type DWord ` -Value 1

Policy Deployment

# Force Policy Update Invoke-GPUpdate -Force # Backup GPO Backup-GPO -Name "Security Policy" -Path "C:\GPOBackup" # Restore GPO Restore-GPO -Name "Security Policy" -Path "C:\GPOBackup" # Get GPO Report Get-GPOReport -Name "Security Policy" -ReportType HTML -Path "C:\Report.html"

File Services

File Server Setup

# Install File Server Role Install-WindowsFeature -Name FS-FileServer # Create Share New-SmbShare ` -Name "Documents" ` -Path "D:\Shares\Documents" ` -FullAccess "CONTOSO\Domain Admins" ` -ChangeAccess "CONTOSO\Domain Users" # Set NTFS Permissions $acl = Get-Acl "D:\Shares\Documents" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule( "CONTOSO\Domain Users", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow" ) $acl.AddAccessRule($rule) Set-Acl "D:\Shares\Documents" $acl

DFS Configuration

# Install DFS Install-WindowsFeature -Name FS-DFS-Namespace, FS-DFS-Replication # Create DFS Namespace New-DfsnRoot -TargetPath "\\Server01\Documents" -Type DomainV2 -Path "\\contoso.com\shares" # Add DFS Link New-DfsnFolderTarget ` -Path "\\contoso.com\shares\documents" ` -TargetPath "\\Server01\Documents"

Network Services

DHCP Server

# Install DHCP Server Install-WindowsFeature -Name DHCP -IncludeManagementTools # Add DHCP Scope Add-DhcpServerv4Scope ` -Name "Office Network" ` -StartRange 192.168.1.100 ` -EndRange 192.168.1.200 ` -SubnetMask 255.255.255.0 # Set DHCP Options Set-DhcpServerv4OptionValue ` -ScopeId 192.168.1.0 ` -Router 192.168.1.1 ` -DnsServer 192.168.1.10

DNS Server

# Install DNS Server Install-WindowsFeature -Name DNS -IncludeManagementTools # Add DNS Zone Add-DnsServerPrimaryZone ` -Name "contoso.com" ` -ZoneFile "contoso.com.dns" # Add DNS Record Add-DnsServerResourceRecordA ` -Name "server01" ` -ZoneName "contoso.com" ` -IPv4Address "192.168.1.10"

Security Administration

Windows Firewall

# Configure Firewall Rule New-NetFirewallRule ` -DisplayName "Allow RDP" ` -Direction Inbound ` -Protocol TCP ` -LocalPort 3389 ` -Action Allow # Enable Security Auditing auditpol /set /category:"System","Account Logon" /success:enable /failure:enable # Configure Security Policy secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secconfig.inf /areas SECURITYPOLICY

Certificate Services

# Install Certificate Services Install-WindowsFeature -Name AD-Certificate -IncludeManagementTools # Configure CA Install-AdcsCertificationAuthority ` -CAType EnterpriseRootCA ` -CACommonName "Contoso Root CA" ` -KeyLength 2048 ` -HashAlgorithmName SHA256 ` -ValidityPeriod Years ` -ValidityPeriodUnits 5

PowerShell Administration

Remote Management

# Enable Remote Management Enable-PSRemoting -Force # Remote Session Management $session = New-PSSession -ComputerName Server01 Invoke-Command -Session $session -ScriptBlock { Get-Service Get-Process Get-EventLog -LogName System -Newest 10 } Remove-PSSession $session

Automation Scripts

# System Health Check Script function Get-SystemHealth { $computerSystem = Get-CimInstance Win32_ComputerSystem $operatingSystem = Get-CimInstance Win32_OperatingSystem $processor = Get-CimInstance Win32_Processor $diskSpace = Get-WmiObject Win32_LogicalDisk -Filter "DriveType=3" $report = @{ "Hostname" = $computerSystem.Name "OS Version" = $operatingSystem.Version "CPU Usage" = (Get-Counter '\Processor(_Total)\% Processor Time').CounterSamples.CookedValue "Memory Usage" = [math]::Round(($operatingSystem.TotalVisibleMemorySize - $operatingSystem.FreePhysicalMemory) / $operatingSystem.TotalVisibleMemorySize * 100, 2) "Disk Space" = $diskSpace | Select-Object DeviceID, @{Name="FreeSpace(GB)";Expression={[math]::Round($_.FreeSpace/1GB,2)}} } return $report }

System Maintenance

Backup and Recovery

# Windows Server Backup Install-WindowsFeature -Name Windows-Server-Backup # Configure Backup $policy = New-WBPolicy Add-WBFileSpec -Policy $policy -Path "D:\Data" Add-WBBackupTarget -Policy $policy -Target "\\BackupServer\Backups" Start-WBBackup -Policy $policy # System State Backup Backup-WBSystemState -BackupTarget "\\BackupServer\Backups"

Performance Monitoring

# Create Data Collector Set New-PerfCounterDataCollectorSet ` -Name "System Performance" ` -Template SystemDataCollector_001 # Start Collection Start-PerfCounterDataCollectorSet -Name "System Performance" # Get Performance Data Get-Counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 1 -MaxSamples 10