List the available post-installation

configuration tools
Completed100 XP
 5 minutes

Contoso is in the process of deploying Windows Server 2019 server computers

throughout their organization. As a Windows Server administrator, it's your task to
perform post-installation configuration on the newly deployed servers. You decide to
investigate the available post-configuration options.

What must you configure?

When you install Windows Server using the defaults from the local installation media, a
number of settings are configured automatically, as described in the following table.

WHAT MUST YOU

Setting Description
Computer name The computer name is automatically generated. You'll need to change the name to something m
unique, within your organization.
Workgroup The server is added to a workgroup called WORKGROUP. Typically, you'll want your server c
of your Active Directory Domain Services (AD DS) domain.
Network settings By default, both IPv4 and IPv6 are enabled and bound to the installed network interface cards (
IPv4, a Dynamic Host Configuration Protocol (DHCP) configuration is assigned. For IPv6, stat
autoconfiguration is enabled. Both these defaults are probably suitable.
Time zone The time zone defaults to the (UTC-08:00) Pacific Time (US & Canada) unless your installatio
on a different locale. You'll need to change the time zone, and the computer's time and date, to
appropriate for your location.
Locale and The initial values are specified during an interactive installation, or are implied by the installati
language You'll need to update these settings to those which are appropriate for the server's physical loca
settings
Roles and Very few roles or features are enabled by default in a standard installation. Typically, the Stora
features service, and a number of features are enabled. These features include: elements of .NET Frame
Defender Antivirus, and some elements of Windows PowerShell, including Windows PowerSh
PowerShell ISE.
Firewall settings The Windows Defender Firewall is enabled by default. Until you define them as otherwise, all
the Public network location profile - which is generally more restrictive that Private network co
Activation Typically, the server will not be activated.
After you have installed the server, you'll need to reconfigure some of these settings.

Overview of available post-installation configuration

tools
You can choose from a number of available tools. The tool you choose to use depends
on circumstances. For example, if you deployed Windows Server Core, because there is
no graphical user interface installed, you'll need to rely on remote tools, for the most
part, to reconfigure the server.

Server Manager

If the computer is installed with Windows Server with Desktop Experience, then you can
use Server Manager to configure the required settings. Sign in as local administrator,
and if necessary, open Server Manager. Select Local Server in the navigation pane, and
then you can change the required settings.

 Important

If you change the computer name or you add the computer to a domain, you'll need to
restart the server for the setting to take effect.

 Tip
To add a computer to a domain, the server will need to contact a domain controller. So,
you'll have to configure the DNS name resolution settings before you attempt the
domain-join.

Windows Admin Center

You can use Windows Admin Center to perform post-installation configuration for both
Windows Server with Desktop Experience and Server Core installations.

 Note

You'll only be able to connect to a server if you can resolve its name into an IP address,
and if the IP address is accessible. Typically, a newly deployed computer uses DHCP to
obtain an IP configuration, and so should be configured with an appropriate IP address
and DNS client settings.

Download and install Windows Admin Center. Then, open Microsoft Edge, and navigate
to the Windows Admin Center website.

 Note

To connect to a server, you'll need to know it's name and the local administrator
account credentials.
Add the server as a connection, and then select the server from the list of servers. Use
the navigation pane to select the appropriate tool with which to make configuration
changes. We'll discuss Windows Admin Center in more detail later in this module.

 Note

Windows Admin Center is not included in Windows Server. You must download and
install it.

Desired state configuration

You can use DSC to reconfigure your Windows Server. DSC is a management platform
that leverages Windows PowerShell, enabling you to manage your IT infrastructure. As
PowerShell Desired State Configuration is included with Windows Server, you don't
need to install anything before you can use it. However, you'll need to be comfortable
with Windows PowerShell, PowerShell scripts, and PowerShell remoting. We'll discuss
DSC in more detail later in this module.

Answer files

You can use answer files to complete the installation process. Typically, these are used
to help to automate the entire installation process, including post-installation settings.

You can create answer files by downloading the Windows Assessment and Deployment
Kit (Windows ADK). Then, using the Windows System Image Manager (Windows SIM)
you can create and configure the required answer file. The final step is to distribute the
answer file to your servers, often on removable media.

 Note

The answer file is an .xml text file.

We'll discuss how to implement server configuration with answer files in more detail
later in this module.

Configure Server Core using Sconfig

200 XP
 10 minutes
Most of the Windows Server computers being deployed at Contoso are Server Core. Server Core
has no GUI, so after the initial installation, you're presented with only a command prompt.

What is Sconfig?
Sconfig is a text-based tool that allows you to do the basic configuration of Server Core to
prepare it for use in your production environment.

 Note

Sconfig is included in both Windows Server Desktop Experience and Server Core.

You typically use Sconfig to perform the initial configuration directly after the installation
completes, but you can run it at any time to change the settings as required.

Sconfig provides several options, which are described in the following table.

Option Description
Domain/Workgroup Join the domain or workgroup of choice
Computer Name Set the computer name
Add Local Add users to the local Administrators group
Administrator
Option Description
Configure Remote Remote management is enabled by default. This setting allows you to enable or disable
Management and configure the server to respond to a ping.
Windows Update Configure the server to use automatic, download only or manual updates.
Settings
Download and Install Perform an immediate search for all updates or only recommended updates.
Updates
Network Settings Configure the IP address to be assigned automatically by a Dynamic Host Configuration
Server or you can assign a static IP address manually. This option also allows you to co
Name System (DNS) Server settings for the server.
Date and Time Brings up the GUI for changing the date, time, and time zone. It also has tabs to add clo
Internet time server to sync with.
Telemetry Settings Allows Windows to periodically collect and upload statistical information about the ser
Microsoft.
Windows Activation Provides three options—Display license info, Activate Windows, and Install product ke
Log Off User Signs out the current user
Restart Server Restarts the server
Shut Down Server Shuts down the server
Exit to Command Line Returns to the command prompt

Demonstration
The following video demonstrates how to implement complete post-installation configuration by
using Sconfig. The main steps in the process are:

1. Run the Sconfig.exe command.

2. Review the available options.
3. Reconfigure the date and time.
4. Review the network settings.

Quick review
1. 

An administrator at Contoso wants to connect to SEA-DC1 using Remote Desktop. The

administrator can successfully connect to SEA-DC1 using Server Manager and also
Windows Admin Center. However, when they open Remote Desktop Connection and
enter the computer name and user credentials, the connection fails. What does the
administrator need to do?

The administrator must use the computer SEA-DC1's IP address to connect .

On SEA-DC1, the administrator should use Sconfig and select option 7, and enable
Remote Desktop.
On SEA-DC1, the administrator should use Sconfig and select option 8, and reconfigure
Network Settings.
Check your answers

Use DSC to configure Windows Server

Completed100 XP
 7 minutes

One of the other server administrators at Contoso is experienced with Windows

PowerShell and suggested you investigate using PowerShell DSC to configure your
newly deployed Windows Server computers. You learn that with DSC, you can
implement declarative configuration management through a combination of PowerShell
scripts and operating system features. You decide to investigate further.

 Note

A declarative programming language separates intent (what you want to do) from
execution (how do you want to do it).

What is DSC?
DSC is a PowerShell-based management platform that you can use to manage your
servers and related IT infrastructure. DSC consists of three components, described in the
following table.

Component Description
Configurations Declarative PowerShell scripts that configure and define your resources. When the configuration
the configuration as defined. This ensures that the target resource, in this case, a server, is in the d
Local Configuration Manager (LCM) which applies and maintains these configurations.
Resources Contain the code that defines and applies the desired configuration state of the resource.
LCM Is the engine that DSC uses to apply the configurations. Periodically, the LCM verifies the state o
where necessary, calls to the code in resources to reapply the desired state.
 Note

You don't need to install anything to use DSC; PowerShell DSC is included in Windows.

Windows-based DSC relies extensively on the LCM component. This component serves
as the execution engine of the Windows PowerShell DSC scripts.

 Note

LCM is an integral part of all currently supported versions of Windows operating

systems.

LCM is responsible for:

 Coordinating the implementation of settings defined in DSC scripts

 Monitoring the ongoing status of those settings
 Updating the state of a computer to match a desired state

Every time the LCM runs, it completes the following steps:

1. Get: Retrieves the current state of the computer.

2. Test: Compares the current state of the computer against the desired state
by using a compiled DSC script ( a .mof file).
3. Set: Updates the computer's configuration to match the desired state
described in the .mof file.

You can deploy DSC configuration in either push mode or pull mode, as described in the
following table.

Mod Description
e
Push In this mode, you manually send, or push, the desired configurations toward one or more managed comput
component makes sure that the state on each managed computer matches what your configuration specifie
Pull In this mode, a pull server holds your configuration information. The LCM component on each managed c
pull server periodically (the default is 15 minutes intervals), to get the latest configuration details. The pull
the details about any configuration changes back to each managed computer.
 Tip

Although you can setup a Windows Server as a pull server, you can also use Azure
Automation Desired State Configuration.
Requirements for DSC with Windows
There are a number of requirements that your environment must meet in order to use
DSC with Windows. These are:

 Operating system. The managed computers must be running Windows 8.1

or later, or Windows Server 2012 R2 or later.
 Windows Remote Management. Windows Remote Management (WinRM)
must be enabled on managed computers.

With DSC, you can define the desired state of:

 An operating system
 An application

Working with scripts

You can use a script to define your DSC. After you have created and compiled your
configuration, you can assign it to computers, which then receive that configuration.

Create a script

The DSC implementation often starts with creating a configuration script (.ps1) that
describes that desired state. The following example is a simple example of a
configuration. In this case, the script checks for the presence of Internet Information
Service (IIS) and installs it if necessary.

PowerShellCopy
configuration IISInstall
{
# Import the required module.
Import-DscResource -ModuleName PsDesiredStateConfiguration
node "localhost"
{
WindowsFeature IIS
{
Ensure = "Present"
Name = "Web-Server"
}
}
}

After you create the script, save it. In this case, save it as IISInstall.ps1.
Compile the configuration

After you create a configuration script, you must compile it. Compilation generates one
or more .mof files that contain configurations applicable to target nodes. To compile a
script, in a PowerShell console, locate the folder where you saved your configuration
(script file) and run the following commands to compile the configuration into a MOF
file:

PowerShellCopy
.\IISInstall.ps1
IISIinstall

Apply the configuration

The next step is to apply the configuration. You do this by running the the Start-
DscConfiguration cmdlet.

 Important

To allow DSC to run, you must configure Windows for PowerShell remoting, even when
you're running a localhost configuration.

For example, in a PowerShell console, navigate to the folder where the configuration is
saved, and run the following PowerShell command:

PowerShellCopy
Start-DscConfiguration .\IISInstall
 Tip

You can verify the success of your configuration by running the Get-

DscConfigurationStatus cmdlet.

Perform post-installation configuration

with Windows Admin Center
Completed100 XP
 7 minutes

In the past, managing and administrating the IT environment at Contoso involved using
different tools across multiple consoles. Windows Admin Center combines those tools
into a single console that you can easily deploy and access through a web interface.
Overview
You can also use Windows Admin Center to perform post-installation configuration. The
process begins when you add the newly deployed server to the Windows Admin Center
console.

Authenticate to the target server

When you connect to a remote computer, you must authenticate to that computer. If
the computer you want to manage with Windows Admin Center is part of the same AD
DS forest, Kerberos authentication is used.

Where this isn't the case, you must configure the target computers as trusted hosts. For
example, you use a workgroup computer installed with Windows Admin Center to
administer your domain computers.

 Important

When you install Windows Admin Center on a workgroup computer, you are prompted
to allow Windows Admin Center to manage the local computer's TrustedHosts setting. If
you bypass this automated setting, you must configure TrustedHosts manually.

You can configure trusted hosts settings by using the following Windows PowerShell
command in an elevated Windows PowerShell window. You can specify the remote
hosts by IP, FQDN, or NetBIOS name.
PowerShellCopy
Set-Item WSMan:localhost\Client\TrustedHosts -Value 'SEA-DC1.Contoso.com'

Connect to the target server

To connect to a server in Windows Admin Center, you must first add it. To do this, use
the following procedure:

1. Open Microsoft Edge and navigate to the Windows Admin Center site.

2. Authenticate to the Windows Admin Center site, if needed.
3. On the All connections page, select Add.
4. On the Add resources blade, in the Windows Server section, select Add.
5. In the Server name box, enter the name of the target server and
select Add.
6. In the Credentials needed section, select Use another account for this
connection, and then enter the credentials to connect to the server.

 Tip

It's likely the user account name will be .\Administrator, using whatever
password you assigned during installation.

7. Select Add with credentials. Your server is added to the All connections

list.
8. Select the new server in the All connections list.

Perform post-installation configuration

After you've added and connected to your newly deployed server, you can use Windows
Admin Center to make the required configuration changes. Start by updating the
computer's name and domain membership.

1. From the Overview tab, select the Edit computer ID button in

the Overview pane.
2. On the Edit computer ID blade, enter the new computer name and then
select Domain.
3. Enter the domain name, and then select Next.
 4. On the Update computer name and domain blade, enter the credentials
of an account in the domain that has rights to add computers to the
domain.
5. Select the Restart immediately check box, and select Save. The computer
restarts.
 Tip

You might need to add the computer to Windows Admin Center using its new name.
You'll also need to specify new credentials appropriate to the computer's domain
membership.

After you have added the computer to the domain, you can perform additional
administrative tasks in your usual way using Server Manager, Windows PowerShell, or
RSAT. You can, of course, continue with Windows Admin Center.

For example, to use Windows Admin Center to add roles or features:

1. Select the Roles & features link in the navigation pane.

 2. In the Roles and features pane, select the required role. For example,
select DHCP Server, and then select Install.
3. On the Install Roles and Features blade, select Yes.

If you want to use Windows PowerShell remoting, in the navigation pane,

select PowerShell. After a moment, a remote session is established to the selected
server. You'll need to authenticate the connection. Then you can use the appropriate
PowerShell commands to complete post-installation configuration.

 Tip

Of course, you can use Windows PowerShell remoting without opening the Windows
Admin Center, first.

Configure a server with answer files

Completed100 XP
 7 minutes

You decide to automate the post-installation configuration for Windows Server servers
being deployed in Contoso. You can use Windows SIM to create answer files that
contain the settings you need to complete the configuration of Contoso's Windows
Server servers.

What are answer files?

Answer files are .xml text files that contain settings that enable you to customize and
automate the deployment process of Windows. Although you can use a text editor to
create and edit your .xml files, this can be challenging. So, it's usually easier to download
and install the Windows Assessment and Deployment Kit, and then use the Windows
SIM tool to create and edit your unattend answer files.

Answer files are organized into two sections, as described in the following table.

WHAT ARE A
Section Description
Component Contains all the component settings that your answer file applies during setup. This section is furthe
s configuration passes, each of which represents a different setup phase. These phases are: windowsP
generalize, specialize, auditSystem, auditUser, and oobeSystem.
Packages Defines the packages that are used to distribute updates and language packs. You use this section to
 WHAT ARE A
Section Description
selected Windows features.
 Tip

When you create your answer file, you can specify to which setup phase to add your
settings.

The following graphic displays the default console for an untitled answer file project in
Windows SIM.

 Important

Most settings that are relevant to post-installation configuration reside in

the specialize installation phase.
Create and distribute answer files
The first step in creating answer files is to download the Windows ADK and perform a
custom installation. When prompted, choose the Deployment Tools option (which
includes Deployment Image Servicing and Management (DISM) tools, Windows SIM,
and related components).

Then, use the following procedure:

1. Open Windows SIM. From the menu, select File and then select New

Answer File.
2. In the Windows System Image Manager dialog box, select Yes when
prompted to open a new Windows image now.
3. Browse and locate an image file.

 Tip

You can use the install.wim image file from the Windows Server product
DVD (located in the \sources folder). Alternatively, you can use a custom
image which you have previously created and generalized.

4. Next, if prompted in the Select an Image dialog box, choose the image you

want to install and select OK.
5. In the Windows System Image Manager dialog box, select Yes to create a
catalog file. This file is required.

 Note

It takes around five minutes to create the catalog file.

After the catalog file is created, you can begin to configure the answer file. The basic
process is as follows:

1. For each element you want to include in the answer file, in the Windows
Image pane, locate the element (either in Components or Packages), right-
click or activate the context menu for the element, and then select Add to
Answer File. This procedure adds the required setting(s) to the answer file
pane, from where you can configure that setting to the required value using
the Properties pane.
2. When all required items are added to the answer file, you should use
the Properties pane to configure the desired values.
 3. Next, you should verify the answer file. On the menu, select Tools, and then
select Validate Answer File. Any problems are displayed in the Messages
pane.
4. Then save the file. Select File, and then select Save Answer File.
5. Select an appropriate location, and then select Save.

 Tip

You can save the file with any name, and you can place it in a number of
locations. However, if you save the file as Autounattend.xml in the root of
a removable storage device, setup can find the file without further
configuration.

Typical settings to include

Although there are many settings you can configure in an answer file, only a subset of
these deal with post-installation configuration.

In the Components node, some of the more common settings are:

 Microsoft-Windows-TCPIP. Configures the TCP/IP networking settings.

  Microsoft-Windows-DNS-Client. Contains settings for name resolution
using DNS.
 Microsoft-Windows-UnattendedJoin. Enables you to add a computer to
an AD DS domain.
 Microsoft-Windows-Shell-Setup. Provides access to a number of settings,
including computer name.

In the Packages node, add the Product settings to the answer file.

The end result is a simple text file that contains the XML syntax required to customize
your Windows Server installation.

Knowledge check
Completed200 XP
 5 minutes

Check your knowledge

1. 

Which component in DSC is responsible for applying the desired configuration to the target
computer?
Configurations
LCM
That's correct. The LCM is the engine that DSC uses to apply the configurations.
Resources
2. 

An administrator at Contoso is using answer files to configure server settings during deployment.
In which section of the answer file should the administrator define the Windows Server roles and
features that should be deployed?

Components
Packages
That's correct. This section defines the packages that are used to distribute updates, service
packs, and language packs, and also Windows roles and features.
3. 

When using Windows Admin Center, when might an administrator choose to configure trusted
hosts?

When the Windows Admin Center workstation is not in the same AD DS forest as the resources
it manages.
That's correct. When you connect to a remote computer, you must authenticate to that computer.
Where Windows Admin Center isn't in the same AD DS forest as target hosts, you must
configure the target computers as trusted hosts.
When the Windows Admin Center workstation is in the same AD DS forest as the resources it
manages.
In all circumstances, the administrator must configure trusted hosts.

1 out of 3 questions is incorrect. Please correct question 1.

Summary
Completed100 XP
 3 minutes

Contoso IT staff are migrating Contoso on-premises servers to Windows Server 2019. As
a Windows Server administrator, you are responsible for managing and maintaining the
server infrastructure that will help Contoso achieve its business goals.

You deployed the first Windows Server 2019 server computer. Next, you identified
available post-installation configuration tools and completed the server configuration.
You've learned how to select the appropriate post-installation configuration tool and
use it to complete the configuration of your Windows Server computers.

Learn more
You can learn more by reviewing the following documents.

 Get started with Desired State Configuration (DSC) for Windows .

 Configure a Server Core installation of Windows Server 2016 or Windows
Server, version 1709, with Sconfig.cmd.
 Download and install the Windows ADK.
 Automate Windows Setup.
 Course WS-011T00-A: Windows Server 2019 Administration .