1.

Windows Server 2019 Features

Windows Admin center:

 Windows admin center is a locally deployed, browser-based app for managing servers, clusters,
hyper-converged infrastructure, and windows 10 pcs.

 it comes at no additional cost beyond windows and is ready to use in production

SYSTEM INSIGHTS:

 system insights are a new feature available in windows server 2019 that brings local predictive
analytics capabities natively to windows server.

 these predictive capabilities, each backed by a machine-learning model, locally analyze windows
and events, providing insight into the functioning of your servers and helping you reduce the
operational expenses associated with reactively managing issues in your windows server
deployment.

DESKTOP EXPERIENCE:

 During setup of the operating system you can choose between server core installation or server
witth desktop experience installations.

SERVER CORE APP COMPATIBILITY FEATURE ON DEMAND (FOD):

 The server core app compatibility feature on demand (FOD) significantly improves the app
compatibility of the windows server core installation option by including a subset of binaries and
components from windows server with the desktop experience, without adding the server desktop
experience graphical environment itself.

 This is done to increase the functionality and compatibility of server core while keeping it as lean
as possible.

HTTP/2 FOR A FASTER AND SAFER WEB:

 Improved coalescing of connections to deliver an uninterrupted and properly encrypted browsing

experience.

 Upgraded HTTP/2's sever-side cipher suite negotiation for automatic mitigation of connection
failures and easy of deployment.

 Changed our default TCP congestion provider to cubic to give you more throughput.

STORAGE MIGRATION SERVICE:

 Storage migration service is a new technology that makes it easier to migrate servers to a newer
version of windows server.
  It provides a graphical tool that inventories data on servers, transfers the data and configuration to
newer servers, and then optionally moves the identities of the old servers to the new servers so
that apps and users don't have to change anything.

WINDOWS DEFENDER ADVANCED THREAT PROTECTION (ATP):

 ATP's deep platform sensors and response actions expose memory and kernel level attacks and
respond by suppressing malicious files and terminating malicious processes.

WINDOWS DEFENDER ATP EXPLOIT GUARD:

 Windows Defender ATP Exploit Guard is a new set of host-intrusion prevention capabilities.

 The four components (Attack Surface Reduction (ASR), Network protection, controlled folder
access, exploit protection) of windows defender exploit guard are designed to lock down the
device against a wide variety of attack vectors and block behaviors commonly used in malware
attacks, while enabling you to balance security risk and productivity requirements.

ATTACK SURFACE REDUCTION(ASR):

 Attack Surface Reduction (ASR) is set controls that enterprises can enable to prevent malware
from getting on the machine by blocking suspicious malicious files (for example, office files),
Scripts, lateral movement, ransomware behavior, and email-based threats

NETWORK PRODECTION:

Network protection protects the end point against web-based threats by blocking any outbound through
windows defender SmartScreen.

CONTROLLED FOLDER ACCESS:

CFA protects sensitive data from ransomware by blocking untrusted processes from accessing your
protected folders.

EXPLOIT PROTECTION:

Exploit protection is a set of mitigations for vulnerability exploits that can be easily configured to protect
your system and applications.

LINUX SHIELDED VMS:

 Shielded VM have been s popular features but in windows server 2016 they only support VMs
where windows are the guest OS.

 Shielded VMs protect virtual machines from users of the host server, even these with local
administrator privileges.

 Shielded VMs prevent rogue admins or hackers accessing VMs, virtual hard disk files, and
present migrations VMs and running shutdown and restart commands.
  Now Linux can be used as a guest operating system in Shielded virtual machines.

LINUX CONTAINERS ON WINDOWS:

 It is now possible to run windows and Linux-based containers on the same container host, using
the same docker daemon.

 This enables you to have a heterogenous container host environment while providing flexibility to
application developers.

ENCRYPTED NETWORKS:

 Encrypted networks virtual network encryption allows encryption of virtual network traffic
between virtual machines that communicates with each other within subnets.

 It also utilizes datagram transport layer security (DTLS) on the virtual subnet to encrypt packets.

 DTLS protects against eavesdropping, tampering, and forgery by anyone with access to the
physical network.

2. INSTALLING WINDOWS SERVER 2019:

3.Install add domain and ADS introduction: 
SERVER CLIENT: it is a computer service the service or services the content {files, web, email} 
 
 In the client server network model, a server is a computer/ program that awaits
fulfills request from client programs in the same or other computers based on the availability. 
 A computer may function as a client when request for services from other computer/programs and
also function as a server when responds for request from other computer/program. 

WORKGROUP: {work specific groups} {group of computers with indipended privileges}

 A workgroup is a collection of computers on a LAN that share common group name.

 In a workgroup all computer works independently, where one computer cannot control or manage
another computer
 Workgroups provide easy sharing of files, printers and other networks resources. Being a peer-to-
peer network design. Each workgroup computer may both share and access resources if
configured to do so.
DOMAIN: {group ah manages pannalam, administrator pannalam, control pannalam} {its logical
collection of objects}
 Domain is a logical collection of objects in a network with centralized administrator, control and
authentication.
 In a domain all objects are centrally controlled maintained and managed by one or more master
computer called domain controllers.
DOMAIN CONTROLLER: {Domain ah manage pandra computer}
 Domain controller is a computer in a domain which controls the domain.

 Domain controller will be running with the domain management services, the domain
management service will be maintaining the domain database.
 In windows environment the domain management service is active directory service (ADS).

 Any computer that is installed with Ads is a domain controller.

ACTIVE DIRECTORY SERVICE (ADS):
 Active Directory service (ADS) is a windows domain management service. 
 ADS maintain the domain objects and configuration of domain objects in its database called AD
database. 
 Based on the configurations defined by the administrator, ADS able to manage the domain
objects.
 
 4. DOMAIN AND USER ADMINISTRATOR:
(1). PROMOTE MEMBER SERVER AS DOMAIN CONTROLLER:
R1equirements to install AD DS:
 Windows server OS

 NIC-Driver installed, link up, Static ip with preferred DNS server ip configured.

 Any one of the partitions formatted with NTFS.

[Check network driver is installed or not. If not installed means installed this.]
[Active Directory services DNS kuda intergrated aagi than work aagum, AD configure pandrom na DNS
irukanum. Intergrated aagi work aagura nala same machine la ve work aagum[DNS & AD].
Active Directory Domain Services Installation:
(AD- ah backup adupom, normal ah run aagitu irukara server la backup edukalam, but andha backup ah
restore pannanum na run aagitu irukara server la restore panna mudiyathu, yena oru domain controller run
aagitu irukum pothu AD servicesum run aagitu irukum, AD services run aagitu irukum pothu AD
database file ah use aagitu irukum, current use la irukara file ah overwrite or replace panna mudiyathu. So
restore panna mudiyathu. Suppose restore pannanum na DSRM mode la than restore panna mudiyum. F8
key press panna indha mode varum. DSRM la enna password tharomo adha vachu than login panna
mudiyum.)
(*Active Directory database & SYSVOL Domain oda public file)
(2). CREATE DOMAIN USERS:

(3). CREATE GROUPS:

(4). CREATE ORGANIZATIONAL UNIT:

(5). ADD WINDOWS 10 COMPUTER MEMBER OF DOMAIN:

(6). LOGIN AS DOMAIN USER IN WINDOWS 10 MEMBER COMPUTER:

(7). RESTRICT USER LOGON TO A PARTICULAR MEMBER COMPUTER:

(8). RESTRICT USER LOGON TIME:

(9). CONFIGURE ACCOUNT EXPIRY DATE:

(10). C0NFIGURE HOME FOLDER FOR USER:
[user oda data va file server than vachu irupanga. User file server la data va store pandranga na adhu
endha file server, enna share folder create panni irukanga idha iditify panni search panna difficulty ah
irukum, idha avoid panndrathuku Mapping pannuvom.]

(11). CONFIGURE LOGON SCRIPT FOR USER:

[Automate pandrathukukaga script pannuvom, like temp file delete pandrathukuko, processor execute or
kill pandrathuko indha mathiri use pannuvom.]

(12). UNDERSTAND USER PROFILES:

A user profile defines personalized and customized user environments, such as individual display settings,
documents, application data etc.
The system administrator can define the user profile setting
Types of user profiles:
- Local user profiles
- Roaming user profiles
- Mandatory user profiles
Local user profiles: [local system]
 A local user profile is created at the first time user log on to a computer, the profile data is stored
on the computers local harddisk.
 Any changes made to your local user profile are specific to the computer on which the changes
are made and stored on the same local system.
Roaming user profiles: [network system – user can change]
 A roaming user profile is created by the system administrator

 The profile data are stored on a share location of the file server.

 The profile data is downloaded from the file server to the local system every time the user log on
to the client computer on the network.
 Any changes made to the user profile will be saved on the file server at the time of logoff.
Mandatory user profile: [before on roaming – network system and user can’t change]
 A mandatory user profile, which is a roaming profile that can be used to specify particular setting
for individuals or an entire group of users.
 Any changes made to your user profile data/settings will not be saved to the server.

 Only system administrator can make changes to mandatory user profiles.

[Temporary changes irukum logout pannale normal ah than irukum.]

(13). CONFIGURE ROAMING PROFILE:

[logoff user renu (client) & login, check file server & see E:profiledate\renu -you can see this]
[go to user machine and check the user profile status- its showing roaming profile.]
[change any thig like desktop wallpaper, create files or folder something in desktop- in client(renu)]
[change pannathu fileserver1 save aagi irukum]

(14). CONFIGURE MANDATORY PROFILE:

[User la(client la) renu profile kulla à user la NTUSER.DAT ah NTUSER.MAN ah rename pannanum,
itha file server side la irunthu than rename pannanum(Administrator) user oda profile folder administrator
ku access illa so access tharanum, user- Administrator ku permission tharanum]