Implement Workload Specific Security Flashcards
Containers Dynamic Access Control FSRM Quotas
What is Powershell Core?
An edition of Powershell designed to be cross platform to MacOS and Linux
How is Powershell Core different from Powershell?
Powershell is built on top of .NET
- Only available to Windows
- Built into Windows
- Launched as Powershell.exe
- Supports .NET functions and abilities (C#, Add-Type, Static methods, etc.)
Powershell Core is built on .NET Core
- Cross platform on Windows, macOS, and Linux
- Launched via Pwsh.exe
- Can utilize many .NET features as long as they are exposed via .NET Core
Which OSes support Powershell Core?
Windows 7/8.1/10 Server 2008 R2/2012 R2/2016 Windows Server Semi-Annual Channel Unbuntu 14, 16, 17+ Debian 8.7+ and 9+ CentOS 7+ RHEL 7+ OpenSUSE 42.2 Fedora 25 and 26+ macOS 10.12+
Can Powershell and Powershell Core be installed on the same system?
Yes. The two versions are exclusive of each other
Can modules be written for Powershell work in Powershell Core?
Not necessarily. Modules are mostly compatible, but some may not work. Especially 3rd party.
What are Configurations with Desired State Configuration?
Configurations are declarative Powershell scripts that define and configure instances of resources
When DSC runs a configuration, it simply makes it happen and ensures the system has the appropriate configuration.
DSC will continue to enforce the configuration and re-apply it if it changes.
What are Resources with Desired State Configuration?
Resources are the code that is placed on a target and keep the target in a specified state
What is the Local Configuration Manager (LCM)?
LCM is the engine used by DSC that facilitates the interaction between resources and configurations.
LCM polls the system using the control flow implemented by resources to ensure the state defined by the configuration is maintained.
What are the goals of Desired State Configuration?
Decrease the complexity of scripting on Windows
Increase the speed of interaction
What is the benefit of Powershell DSC over Powershell scripting?
Scripting will allow you to configure what you want to be done and how you want it done using a complicated flow.
Desired State Configuration allows you to configure the same thing as scripting without knowing the underlying scripting.
What are containers?
Containers are isolated instances of Windows that allow system-level virtualization.
What types of containers are supported with Windows Server 2016?
Hyper-V Containers
Windows Containers
What is the difference between Hyper-V and Windows Containers?
Hyper-V containers have their own virtualized kernel that allows for greater isolation and performance as they don’t utilize the host kernel at all.
In which version of Windows Server was Nano Server introduced?
Server 2016
What are the advantages of of Nano Server over Server Core?
Nano is a smaller footprint than Server Core
Nano has no real local logon option
Nano supports only 64bit applications, tools, and agents
Nano consumes far less disk
Requires fewer updates and faster reboots
What are some use cases for Nano Server?
Compute host for Hyper-V (including clustered Hyper-V)
Storage host for SoFS
Host for cloud applications that are containerized or run in a guest VM
Note: DNS and Web Server (IIS) (Infrastructure Roles) were removed after the initial release.
Does Nano Server support centralized configuration management, with GPO for example?
Yes, Nano Server can be centrally managed using the Desired State Configuration.
Group Policy and SCCM, however, are not supported on Nano Server
Can Nano Server support centralized configuration management, with GPO, for example?
Yes, Nano Server can be centrally managed using Desired State Configuration.
Group Policy and SCCM, however, are not supported on Nano Server.
Can Nano Server be used to deploy an especially lightweight domain controller?
No. Nano does not support the AD DS role.
Can Nano Server be configured to utilize NIC Teaming?
NIC teaming is built into the OS, Load Balancing and Failover, cannot be utilized. However, NIC teaming at the switch level with Switch-embedded teaming (SET) is supported.
Can you utilize System Center Data Protection Manager to manage Nano Server backups?
No. Nano does not support SCDPM.
What Windows Server activation mechanisms are available on Nano Server?
Nano can be activated using KMS with generic volume license key or using AD-based activation.
What type of support model is utilized with Nano Server: Current Branch or LTSB?
Current Branch
What are some restrictions/downsides of using Nano Server?
Nano Server is headless, there isn’t a local logon
Nano cannot become a Domain Controller
Group Policy is not supported for a Nano Server management. Use DSC instead
Nano cannot be used as a proxy server.
Traditional Windows-based NIC teaming is not supported. Use switch-embedded teaming instead.
SCCM and SCDPM are not supported.
Best Practices Analyzer is not available for Nano Server
Nano cannot utilize Automatic Virtual Machine Activation.
Nano only supports the Current Branch model of Windows Support.
How often are major platform updates released for Current Branch support?
Approximately 2-3 times a year.
What upgrade or migration paths are available for going from existing versions of Windows Server to Nano Server?
Nano Server cannot be migrated or updated to. It requires a fresh install.
What is the process of installing Nano Server on a Physical Server?.
- Copy Convert-WindowsImage.ps1 and New-NanoServerImage.ps1 from \NanoServer folder on the Server ISO to a system.
- Launch Powershell and navigate to the directory with copied files and run .\New-NanoServerImage.ps1
- Create the VHD that has a computer name and OEM drivers with the following command.
New-NanoServerImage -MediaPath $Media -BasePath $Base -TargetPath $Target -ComptuerName $Computer -OEMDrivers $FeatureOptions - Copy VHD created by the script to the pysical server.
- Confgiure Boot Loader
- Copy boot loader: Bcdedit /copy $Current /d “Nano Server”
- Copy GUID that appears into the ID of the new boot loader, include curley brackets
- Run the following commands
Bcdedit /set $Guid device vhd=[c:]\NanoServer\NanoServervhd
Bcdedit /set $GUID osdevice vhd=[c:]\NanoServer\NanoServer.vhd
Bcdedit /set $Guid path \windows\system32\boot\winload.exe
What is the purpose of the Emergency Management Console in Nano Server?
It is intended to be used to recover Nano Server or repair network issues preventing remote management.
What methods are available to manage Nano Server?
Powershell Remote Management
MMC Remote Management
Powershell
What are some major support features removed from Nano Server to make it so small?
GUI Support
32bit Support (WOW64)
MSI Support
Various other Server components
What tools should be used to manage Nano Server?
WMI
Powershell
