Windows Server 2019 – Overview of new and updated features

How to turn off IE enhanced security on Windows Server 2019

The newest version of the Windows Server operating system is always an evolution of its predecessor. There are certainly pieces of technology contained inside that are brand new, but there are even more places where existing technologies have been updated to include new features and functionality. Let’s spend a few minutes providing an overview of some of the new capabilities that exist in Windows Server 2019.

The Windows 10 experience continued

Historically, a new release of any Microsoft operating system has meant learning a new user interface, but Server 2019 is the first exception to this rule. Windows 10’s release gave us the first look at the current graphical platform, which then rolled into Windows Server 2016, and that was the first time we had seen the current interface on a server platform. Now that Windows 10 updates are releasing but continuing on with essentially the same desktop interface, the same is true for Server 2019. Logging in and using Windows Server 2019 is, in a lot of ways, the same experience that you have had inside Windows Server 2016. Even so, some reading this book have never experienced logging into a server of any kind before, and so we will certainly be looking over that interface, and learning some tips and tricks for navigating around smoothly and efficiently within Server 2019.

Hyper-Converged Infrastructure

When you see the phrase Hyper-Converged Infrastructure (HCI), it is important to understand that we are not talking about a specific technology that exists within your server environment. Rather, HCI is a culmination of a number of different technologies that can work together and be managed together, all for the purposes of creating the mentality of a Software-Defined Datacenter (SDDC as it is sometimes referred to). Specifically, HCI is most often referred to as the combination of Hyper-V and Storage Spaces Direct (S2D) on the same cluster of servers. Clustering these services together enables some big speed and reliability benefits over hosting these roles separately, and on their own systems.

Another component that is part of, or related to, a software-defined data center is Software Defined Networking (SDN). Similar to how compute virtualization platforms (like Hyper-V) completely changed the landscape of what server computing looked like ten or so years ago, we are now finding ourselves capable of lifting the network layer away from physical hardware, and shifting the design and administration of our networks to be virtual, and managed by Windows Server platform.

A newly available tool that helps configure, manage, and maintain clusters as well as HCI clusters is the new Windows Admin Center (WAC). WAC can be a hub from which to interface with your Hyper-Converged Infrastructure.

Windows Admin Center

Finally releasing in an official capacity, WAC is one of the coolest things I’ve seen yet as part of the Server 2019 release. This is a free tool, available to anyone, that you can use to start centrally managing your server infrastructure. While not fully capable of replacing all of the traditional PowerShell, RDP, and MMC console administration tools, it enables you to do a lot of normal everyday tasks with your servers, all from a single interface.

If this capability sounds at all familiar to you, it may be because you tested something called Project Honolulu at some point over the past year. Yes, Windows Admin Center is Project Honolulu, now in full production capacity.

We will take a closer look at the Windows Admin Center in Chapter 2, Installing and Managing Windows Server 2019.

Windows Defender Advanced Threat Protection

If you haven’t done any reading on Advanced Threat Protection (ATP), you may see the words Windows Defender and assume I am simply talking about the antivirus/anti-malware capabilities that are now built into both Windows client operating systems, as well as Windows Servers starting with 2016. While it is true that Windows Server 2019 does come out of the box with built-in antivirus, the ATP service is much, much more.

We’ll discuss it in more depth in Chapter 7, Hardening and Security, but the short summary is that Windows Defender Advanced Threat Protection is a cloud-based service that you tap your machines into. The power of ATP is that many thousands, or perhaps even millions, of devices are submitting data and creating an enormous information store that can then be used with some AI and machine learning to generate comprehensive data about new threats, viruses, and intrusions, in real time. ATP customers then receive the benefits of protection as those new threats arise. It’s almost like crowd-sourced anti-threat capabilities, with Azure handling all of the backend processing.

Banned Passwords

Active Directory has stored all of our user account information, including passwords, for many years. The last few releases of Windows Server operating system have not included many updates or new features within AD, but Microsoft is now working with many customers inside their cloud-based Azure AD environment, and new features are always being worked on in the cloud. Banned Passwords is one of those things. Natively an Azure AD capability, it can now be synchronized back to your on-premise domain controller servers, giving you the ability to create a list of passwords that cannot be used in any fashion by your users. For example, the word password. By banning password as a password, you effectively ban any password that includes the word password. For example, P@ssword, Password123!, or anything else of similar bearing.

Soft restart

The ability to perform a soft restart was actually new with Server 2016, but it had to be manually added into Server 2016 and I don’t think anybody really ever started using it. In the past three years, I have never seen a single person initiate a soft restart, so I assume it is not well-known and I will include it here in our list of features. In an effort to speed up reboots, there is an optional reboot switch called soft restart, which is now included automatically inside Server 2019. So, what is a soft restart? It is a restart without hardware initialization.

In other words, it restarts the operating system without restarting the whole machine. It is invoked during a restart by adding a special switch to the shutdown command. Interestingly, in Server 2016 you could also invoke a soft restart with the Restart-Computer cmdlet in PowerShell, but that option seems to have fallen away in Server 2019. So, if you want to speed up your reboots, you’ll have to turn back to good old Command Prompt, as seen in the following:

  • Note the following using the shutdown command:
shutdown /r /soft /t 0

Here /r is for restart, /soft is for soft restart, and /t 0 is for zero seconds until reboot initiates.

Integration with Linux

Heresy! Under whose authority did I type the word Linux inside a book about Windows Server?! Historically, corporate computing environments have run Windows, or they have run Linux, or maybe they have run both but with a very clear separation between the two. Windows Server 2019 blurs that line of separation. We now have the ability to run Linux VMs within our Microsoft Hyper-V, and to even be able to interface with them properly. Did you know some Linux operating systems actually know how to interact with a mouse? Before now, you didn’t have much chance of that when trying to run a Linux-based VM on top of a Windows Server, but we now have some compatibility implemented in Hyper-V.

Linux-based containers can also be run on top of Server 2019, which is a big deal for anyone looking to implement scaling applications via containers.

You can even protect your Linux virtual machines by encrypting them, through the use of Shielded Virtual Machines!

Enhanced Shielded Virtual Machines

So many companies are running a majority of their servers as virtual machines today. One of the big problems with this is that there are some inherent security loopholes that exist in the virtualization host platforms of today. One of those holes is backdoor access to the hard disk files of your virtual machines. It is quite easy for anyone with administrative rights on the virtual host to be able to see, modify, or break any virtual machine that is running within that host. And, these modifications can be made in almost untraceable ways. Take a look inside Chapter 12, Virtualizing Your Data Center with Hyper-V, to learn how the new capability to create Shielded Virtual Machines closes up this security hole by implementing full disk encryption on those VHD files.

Server 2019 brings some specific benefits to the Shielded VM world: we can now protect both Windows-based and Linux-based virtual machines by shielding them, and we are no longer so reliant on communication with the Host Guardian Service when trying to boot protected VMs from our Guarded Host servers. We will discuss this further in Chapter 12, Virtualizing Your Data Center with Hyper-V.

Azure Network Adapter

Hybrid Cloud—isn’t it great when you can take two separate buzzwords, and combine them to make an even larger and more powerful buzzword? Hybrid Cloud is the thing of CIO’s dreams. I hope you know I am jesting on this; the idea of hybrid cloud is incredibly powerful and is the bridge which is making cloud utilization possible. We can have both on-premise servers, and servers hosted in Azure, and make it all one big happy network where you can access any resource from anywhere.

Now, there are already a myriad of technologies that allow you to tap your local network into your Azure network—namely site-to-site VPNs and Azure Express Route. However another option never hurts, especially for small companies that don’t want the complexity of building a site-to-site VPN, nor the cost of Express Route.

Enter the Azure Network Adapter. This new capability allows you to very quickly and easily add a virtual network adapter to a Windows Server (even one as far back as 2012 R2), and then connect that virtual NIC straight to your Azure network! Windows Admin Center is required for this transaction to take place; we will take a closer look in Chapter 5, Networking with Windows Server 2019.

Always On VPN

Users hate launching VPN connections. I know this because I hear that kind of feedback every day. Having to manually make a connection to their work network is wasting time that they could otherwise spend doing actual work. In Chapter 6, Enabling Your Mobile Workforce, we will discuss the different remote access technologies available inside Windows Server 2019. There are actually two different technologies that allow for a fully automatic connection back to the corporate network, where the users don’t have to take any manual action to enact those connections. One of those technologies is DirectAccess and has been around since Server 2008 R2. We will detail DirectAccess because it is still a viable and popular connectivity option, and we will also cover the newest version of automated remote connectivity—Always On VPN.

Comments are closed.