For all of us who manage users and computers in any organization, Windows Server is one of the operating systems that has most influenced all these control tasks thanks to its simplicity of managing roles, services and elements such as computers and users and through the Times, since Windows Server 2008 , we can see how more and better functions have been added that ultimately impact on a better administrative task..
Windows Server has key elements that allow infrastructure management to be as comprehensive as possible, we see this thanks to tools such as Server Manager where we have a central platform to work multiple parameters throughout the organization and currently work on Windows Server 2016 but recently, Microsoft has just announced that it has launched the edition of Windows Server 2019 which for all users and administrators will be available at the end of 2018.
If you doubt that in Windows Server 2019 we will find many more novelties, although at the moment it is in Preview phase and available only for Insiders users where you will have the opportunity to test the system and send to Microsoft the errors that we find in it to improve and work more thoroughly for the stable version..
Something important to note in Windows Server 2019, is that it will be the first version LTSC (Long Term Service Channel) and will be available in the traditional versions of core mode or GUI mode (Graphical Interface).
Now, TechnoWikis will make a detailed analysis of its novelties and how to install this version of Windows Server 2019..
What's new in Windows Server 2019
Windows Server 2019 as the next version in the long-term service channel (LTSC), is based on the latest stable version of Server, Windows Server 2016, and will be focused on four key areas that are:
- Hyperconvergence Infrastructure
Two developments highlighted by Microsoft in Windows Server 2019 are:
- Improvement of the operating system in place (In-place OS Upgrade) which improves all the global use of the system from Windows Server 2012 R2 to Windows Server 2016.
- Application compatibility: there is greater compatibility of applications which is an idea for companies that scale more the use of their servers.
Other news that we will see in Windows Server 2019 are:
Cluster extension with cluster sets
Cluster sets are a new technology of horizontal cloud scalability and in which in this version of Server 2019, the cluster node count in a single cloud of SDDC (software-defined data center) based on ordering orders is increased magnitude. Cluster set technology will allow for greater virtual machine fluidity between groups of different members within a cluster set and a unified storage namespace across the whole set to support machine flow virtual
Advanced protection against Windows Defender threats
As of this version of Windows Server, there are deep platform sensors and response actions, which offers a higher level of security to the memory and activities and capabilities of the attacker at the kernel level to take immediate actions on vulnerable machines in response to incidents that may arise such as remote collection of additional forensic data, installing malicious files and eliminating processes.
Windows Defender ATP Exploit Guard
Windows Defender ATP Exploit Guard has been developed as a new set of host intrusion prevention capabilities. It has four components in Windows Defender Exploit Guard which are designed to block the device against a wide variety of attack vectors and block behaviors that are used in malware attacks, and at the same time allow companies to balance and manage more centralized its security risks and the productivity requirements that may arise.
The four components are:
Attack Surface Reduction (ASR)
It is a set of controls developed to prevent malware from entering the machine by blocking suspicious malicious files, scripts, lateral movement, ransomware behavior and email-based threats.
Network protection
This feature protects the endpoint against web-based threats by blocking any exit process on the host-based or unsecured IP device using Windows Defender SmartScreen as the starting point.
Access to controlled folders
This function is seen from Windows 10 and its approach is to protect the critical data on the computer from any ransomware attack by blocking access of untrusted processes to protected folders.
Exploit Protection
It is a set of vulnerability mitigations that can be easily configured to protect the system and applications.
To implement a default set of Exploit Guard policies in Windows Server 2019, we can run the following cmdlets:
Set-MpPreference -EnableControlledFolderAccess Enabled Set-MpPreference -EnableNetworkProtection Enabled Add-MpPreference -AttackSurfaceReductionRules_Ids 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 -AttackSurfaceReductionRules_Actions Enabled Add-MpPreference -AttackSurfaceReductionRules_Ids 3B576869-A4EC-4529-8536-B80A7769E899 -AttackSurfaceReductionRules_Actions Enabled Add-MpPreference -AttackSurfaceReductionRules_Ids D4F940AB-401B-4EfC-AADC-AD5F3C50688A -AttackSurfaceReductionRules_Actions Enabled Add-MpPreference -AttackSurfaceReductionRules_Ids D3E037E1-3EB8-44C8-A917-57927947596D -AttackSurfaceReductionRules_Actions Enabled Add-MpPreference -AttackSurfaceReductionRules_Ids 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC -AttackSurfaceReductionRules_Actions Enabled Add-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 -AttackSurfaceReductionRules_Actions Enabled Add-MpPreference -AttackSurfaceReductionRules_Ids 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B -AttackSurfaceReductionRules_Actions Enabled Add-MpPreference -AttackSurfaceReductionRules_Ids D1E49AAC-8F56-4280-B9BA-993A6D77406C -AttackSurfaceReductionRules_Actions Disabled Add-MpPreference -AttackSurfaceReductionRules_Ids 01443614-cd74-433a-b99e-2ecdc07bfc25 -AttackSurfaceReductionRules_Actions Enabled
Failover Cluster eliminates the use of NTLM authentication
Windows Server 2019 failover clusters will no longer use NTLM authentication because they now exclusively use certificate and Kerberos-based authentication, with this, the user or deployment tools do not require changes to take advantage of this improvement in security. As an additional point, failover clusters are now allowed to be implemented in environments where NTLM has previously been disabled.
Armored virtual machines
Offline mode, alternative HGS, VMConnect and Linux shielded support: In Windows Server 2019 it will be possible to run shielded virtual machines on Hyper-V hosts that are exposed to intermittent connectivity in their guardian host (HGS) service. With Fallback HGS it is possible to configure a second set of URLs so that Hyper-V has access if it cannot reach the main HGS server.
There is an offline mode which is designed for high availability for armored virtual machines as it allows the continuation of the start of an armored virtual machine even if the primary and secondary HGS of the target host cannot be reached.
In Windows Server 2019 it will be possible to run Ubuntu, Red Hat Enterprise Linux and SUSE Linux Enterprise Server inside shielded virtual machines.
Network encrypted in SDN
Network traffic generated on a VM host is susceptible to being intercepted and / or manipulated by anyone who has access to the physical layer.
Encrypted Networks is a feature of Server 2019 through which simple-to-use DTLS-based encryption is obtained which uses the network controller to manage end-to-end encryption and protect data while it travels through cables and devices network between hosts. The network administrator only needs to configure it in the subnet, with this encryption, VM to VM traffic within the VM subnet is allowed to be automatically encrypted thus avoiding spying and manipulating traffic throughout the communication process .
Performance history for Storage Spaces Direct
As Storage Spaces Direct administrators, we will have much more complete access to the historical performance and capacity data of the cluster configured in Windows Server 2019.
Windows Defender Application Control
Windows Defender Application Control, or also known as code integrity policy (CI), was released in the Windows Server 2016 edition, and now in Windows Server 2019 improvements have been added which will allow all Windows files including applications Microsoft, like SQL Server can skip the IC optimizing its access and use.
1. How to download the ISO image of Windows Server 2019
As we mentioned at the beginning of the article, for this we must be part of the Windows Insider program, its process is simple, free and only requires our Hotmail or Outlook account, this can be done in the following link:
Windows Insider
The Windows Server 2019 ISO image is available for download through the Insider program at the following link:
Windows Server 2019
Once there, we will select the desired language of the ISO image.
Known Bugs
Some errors may occur during the execution of Windows Server 2019, among which we highlight:
- place OS upgrade): controladores de dominio: Durante un proceso de actualización del sistema operativo en el lugar, los controladores de dominio (DC) de Active Directory (AD) pueden no actualizarse correctamente, se recomienda hacer una copia de respaldo de cualquier DC de AD antes de realizar una actualización del sistema operativo en el lugar. On-site system upgrade 8 (in - place OS upgrade): domain controllers: During an on-site operating system update process, Active Directory (AD) domain controllers (DC) may not update correctly, it is recommended to do a backup copy of any AD DC before performing an on-site operating system update.
- Editing or creating policies for AppLocker can allow the MMC snap-in to crash when rules are generated for a packaged application.
- After updating the operating system, the AppX database may have corrupted entries, which causes a negative impact on the components that use those specific entries.
- Windows core tests may fail due to a timeout while trying to load the test libraries.
2. How to install Windows Server 2019
Step 1
Once we download the ISO image, we proceed to burn it to a bootable DVD or USB and we must configure the boot order of the device from the CD or USB drive in the BIOS or UEFI:
Step 2
Once we start the boot process we will see the following Windows Server 2019 window. There the system will be in the language we have downloaded and it will be possible to configure details such as your time, currency or keyboards.
Step 3
Click on Next and this window will be displayed. There we can note that the title does not yet indicate the version of Windows Server used, remember that in 2016 Windows Server 2016 is indicated.
Step 4
We can click on Repair equipment to carry out administration tasks, but in the case of a new installation, click on the Install now button and this will be displayed:
Step 5
Once this is finished, this window will be displayed where we will enter the product key offered by Microsoft or, if we do not have it, click on the line I do not have a product key:
Step 6
Once we enter the password or not, click Next and we must select the edition of Windows Server 2019 to install. There we have the option to install the core or GUI version of that edition.
Step 7
Once the desired edition is selected, click on Next and we must accept the terms of the Windows license:
Step 8
Again click on Next and now we must define the type of task to perform where we can:
- Update if we have an existing system
- Customize the installation where it will be possible to select the disk where the operating system will be installed or partition it as necessary.
Step 9
For this case we select Custom and we will see the following:
Step 10
We select our disk and if we want to create a partition, which is highly recommended, click on the New line and enter the size in MB of the desired partition:
Click on Apply and we will see the following message. Click OK to exit this.
Step 11
We will see the new partition created, where we will install Windows Server 2019, and automatically the system creates a new partition reserved for itself:
Click Next and the installation process of Windows Server 2019 will begin:
Step 12
Once the installation process is complete, the system must be restarted:
During this process the installation of Windows Server 2019 will be completed:
Step 13
We set the administrator password:
Click on Finish and we can see the traditional access to Windows Server:
Step 14
Once we access Windows Server 2019, the Server Administrator will be automatically started, which we all know to carry out management tasks on the server:
We can use the winver command to know the initial build of Server 2019 which is 17623.
Now, we will be able to thoroughly test this new edition of Windows Server 2019 and thus know before all others all its news.
