« Previous 1 2 3 4 Next »
11 Tricks for Windows servers
Knowledge
4. Blocking DNS Queries
In Windows Server 2016 and 2019, DNS policies can be defined to block queries from clients. Configuration is made with PowerShell, and the settings are implemented on the individual DNS servers. (For information about the configuration cmdlets, see the Microsoft docs [1]). For example, if you want to block the resolution of the erp01.joos.int server on the 255.255.255.0/24 subnet, you first need to define the appropriate subnet then create a policy that blocks resolving an FQDN from that subnet:
Add-DnsServerClientSubnet -Name "UnsecureSubnet" -IPv4Subnet 255.255.255.0/24 -PassThru Add-DnsServerQueryResolutionPolicy -Name "Block_ERP01" -Action IGNORE -ClientSubnet "EQ,DWPSubnet"-FQDN "EQ,erp01.joos.int" -PassThru
The policies are available in PowerShell; enter
Get-DnsServerQueryResolutionPolicy
to see the policies, or enter
Remove-DnsServerQueryResolutionPolicy -Name "Block_ERP01" -PassThru
to delete the policies.
5. Changing Windows Server Editions
Windows Server 2016 and 2019 let you change the edition on the fly, without reinstalling Windows. For example, if you installed Windows Server 2019 Standard, you can switch to the Datacenter edition. The command to upgrade from Standard to Datacenter is:
Dism /Online /Set-Edition:ServerDatacenter /AcceptEula /ProductKey: <xxxxx-xxxxx-xxxxx-xxxxx-xxxxx>
After the update, restart the server. You can also switch from the trial version of Windows Server 2019 to a full version. The following commands let you see whether you are running a trial version, tell you to which edition you can upgrade, and display your current edition:
slmgr.vbs /dlv dism /online /Get-TargetEditions dism/ online /Get-CurrentEdition
To update the trial version, use the same command as for the upgrade from Standard to Datacenter; that is, you can switch from the Windows Server 2019 Datacenter trial version to the licensed version. The server has to be restarted at least twice, so you can unlock new features like Storage Replica or Storage Spaces Direct. Of course, you will need a valid product key for the change.
6. Starting Safe Mode in Automatic Repair
Interrupting the Windows startup process two or three times starts Windows Automatic Repair. If the server is not working properly, you can start the Windows server in different modes. To switch to Safe Mode, first go to the Repair menu and select See advanced repair options , then Troubleshoot | Advanced options | Windows startup settings . When you click Restart , a system menu appears in which you can Enable Safe Mode .
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Setting up and managing IPv6 on Windows Server 2016
Windows Server 2016 automatically prefers IPv6 addresses, if available, but the manual configuration steps differ from IPv4 and necessitate new tools. Here's how to approach IPv6 in your daily admin work. -
SMB 3.1.1 in Windows Server 2016
We look at the new performance and security features of SMB 3.1.1 with Windows Server 2016 and Windows 10. -
Remotely managing web access servers
The Windows PowerShell web-based console lets you run PowerShell commands and scripts in your browser. -
The best cmdlets for PowerShell
Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators. -
Top PowerShell Cmdlets
Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.