Implement Workload Specific Security

Question 1

What is Powershell Core?

Answer 1

An edition of Powershell designed to be cross platform to MacOS and Linux

Question 2

How is Powershell Core different from Powershell?

Answer 2

Powershell is built on top of .NET

• Only available to Windows
• Built into Windows
• Launched as Powershell.exe
• Supports .NET functions and abilities (C#, Add-Type, Static methods, etc.)

Powershell Core is built on .NET Core

• Cross platform on Windows, macOS, and Linux
• Launched via Pwsh.exe
• Can utilize many .NET features as long as they are exposed via .NET Core

Question 3

Which OSes support Powershell Core?

Answer 3

Windows 7/8.1/10
Server 2008 R2/2012 R2/2016
Windows Server Semi-Annual Channel
Unbuntu 14, 16, 17+
Debian 8.7+ and 9+
CentOS 7+
RHEL 7+
OpenSUSE 42.2
Fedora 25 and 26+
macOS 10.12+

Question 4

Can Powershell and Powershell Core be installed on the same system?

Answer 4

Yes. The two versions are exclusive of each other

Question 5

Can modules be written for Powershell work in Powershell Core?

Answer 5

Not necessarily. Modules are mostly compatible, but some may not work. Especially 3rd party.

Question 6

What are Configurations with Desired State Configuration?

Answer 6

Configurations are declarative Powershell scripts that define and configure instances of resources

When DSC runs a configuration, it simply makes it happen and ensures the system has the appropriate configuration.

DSC will continue to enforce the configuration and re-apply it if it changes.

Question 7

What are Resources with Desired State Configuration?

Answer 7

Resources are the code that is placed on a target and keep the target in a specified state

Question 8

What is the Local Configuration Manager (LCM)?

Answer 8

LCM is the engine used by DSC that facilitates the interaction between resources and configurations.

LCM polls the system using the control flow implemented by resources to ensure the state defined by the configuration is maintained.

Question 9

What are the goals of Desired State Configuration?

Answer 9

Decrease the complexity of scripting on Windows

Increase the speed of interaction

Question 10

What is the benefit of Powershell DSC over Powershell scripting?

Answer 10

Scripting will allow you to configure what you want to be done and how you want it done using a complicated flow.

Desired State Configuration allows you to configure the same thing as scripting without knowing the underlying scripting.

Question 11

What are containers?

Answer 11

Containers are isolated instances of Windows that allow system-level virtualization.

Question 12

What types of containers are supported with Windows Server 2016?

Answer 12

Hyper-V Containers

Windows Containers

Question 13

What is the difference between Hyper-V and Windows Containers?

Answer 13

Hyper-V containers have their own virtualized kernel that allows for greater isolation and performance as they don’t utilize the host kernel at all.

Question 14

In which version of Windows Server was Nano Server introduced?

Answer 14

Server 2016

Question 15

What are the advantages of of Nano Server over Server Core?

Answer 15

Nano is a smaller footprint than Server Core
Nano has no real local logon option
Nano supports only 64bit applications, tools, and agents
Nano consumes far less disk
Requires fewer updates and faster reboots

Question 16

What are some use cases for Nano Server?

Answer 16

Compute host for Hyper-V (including clustered Hyper-V)
Storage host for SoFS
Host for cloud applications that are containerized or run in a guest VM
Note: DNS and Web Server (IIS) (Infrastructure Roles) were removed after the initial release.

Question 17

Does Nano Server support centralized configuration management, with GPO for example?

Answer 17

Yes, Nano Server can be centrally managed using the Desired State Configuration.
Group Policy and SCCM, however, are not supported on Nano Server

Question 18

Can Nano Server support centralized configuration management, with GPO, for example?

Answer 18

Yes, Nano Server can be centrally managed using Desired State Configuration.
Group Policy and SCCM, however, are not supported on Nano Server.

Question 19

Can Nano Server be used to deploy an especially lightweight domain controller?

Answer 19

No. Nano does not support the AD DS role.

Question 20

Can Nano Server be configured to utilize NIC Teaming?

Answer 20

NIC teaming is built into the OS, Load Balancing and Failover, cannot be utilized. However, NIC teaming at the switch level with Switch-embedded teaming (SET) is supported.

Question 21

Can you utilize System Center Data Protection Manager to manage Nano Server backups?

Answer 21

No. Nano does not support SCDPM.

Question 22

What Windows Server activation mechanisms are available on Nano Server?

Answer 22

Nano can be activated using KMS with generic volume license key or using AD-based activation.

Question 23

What type of support model is utilized with Nano Server: Current Branch or LTSB?

Answer 23

Current Branch

Question 24

What are some restrictions/downsides of using Nano Server?

Answer 24

Nano Server is headless, there isn’t a local logon

Nano cannot become a Domain Controller

Group Policy is not supported for a Nano Server management. Use DSC instead

Nano cannot be used as a proxy server.

Traditional Windows-based NIC teaming is not supported. Use switch-embedded teaming instead.

SCCM and SCDPM are not supported.

Best Practices Analyzer is not available for Nano Server

Nano cannot utilize Automatic Virtual Machine Activation.

Nano only supports the Current Branch model of Windows Support.

Question 25

How often are major platform updates released for Current Branch support?

Answer 25

Approximately 2-3 times a year.

Question 26

What upgrade or migration paths are available for going from existing versions of Windows Server to Nano Server?

Answer 26

Nano Server cannot be migrated or updated to. It requires a fresh install.

Question 27

What is the process of installing Nano Server on a Physical Server?.

Answer 27

1. Copy Convert-WindowsImage.ps1 and New-NanoServerImage.ps1 from \NanoServer folder on the Server ISO to a system.
2. Launch Powershell and navigate to the directory with copied files and run .\New-NanoServerImage.ps1
3. Create the VHD that has a computer name and OEM drivers with the following command.
   New-NanoServerImage -MediaPath $Media -BasePath $Base -TargetPath $Target -ComptuerName $Computer -OEMDrivers $FeatureOptions
4. Copy VHD created by the script to the pysical server.
5. Confgiure Boot Loader
   - Copy boot loader: Bcdedit /copy $Current /d “Nano Server”
   - Copy GUID that appears into the ID of the new boot loader, include curley brackets
   - Run the following commands
   Bcdedit /set $Guid device vhd=[c:]\NanoServer\NanoServervhd
   Bcdedit /set $GUID osdevice vhd=[c:]\NanoServer\NanoServer.vhd
   Bcdedit /set $Guid path \windows\system32\boot\winload.exe

Question 28

What is the purpose of the Emergency Management Console in Nano Server?

Answer 28

It is intended to be used to recover Nano Server or repair network issues preventing remote management.

Question 29

What methods are available to manage Nano Server?

Answer 29

Powershell Remote Management
MMC Remote Management
Powershell

Question 30

What are some major support features removed from Nano Server to make it so small?

Answer 30

GUI Support
32bit Support (WOW64)
MSI Support
Various other Server components

Question 31

What tools should be used to manage Nano Server?

Answer 31

WMI

Powershell