11 Tricks for Windows servers

Knowledge

4. Blocking DNS Queries

In Windows Server 2016 and 2019, DNS policies can be defined to block queries from clients. Configuration is made with PowerShell, and the settings are implemented on the individual DNS servers. (For information about the configuration cmdlets, see the Microsoft docs [1]). For example, if you want to block the resolution of the erp01.joos.int server on the 255.255.255.0/24 subnet, you first need to define the appropriate subnet then create a policy that blocks resolving an FQDN from that subnet:

Add-DnsServerClientSubnet -Name "UnsecureSubnet" -IPv4Subnet 255.255.255.0/24 -PassThru
Add-DnsServerQueryResolutionPolicy -Name "Block_ERP01" -Action IGNORE -ClientSubnet "EQ,DWPSubnet"-FQDN "EQ,erp01.joos.int" -PassThru

The policies are available in PowerShell; enter

Get-DnsServerQueryResolutionPolicy

to see the policies, or enter

Remove-DnsServerQueryResolutionPolicy -Name "Block_ERP01" -PassThru

to delete the policies.

5. Changing Windows Server Editions

Windows Server 2016 and 2019 let you change the edition on the fly, without reinstalling Windows. For example, if you installed Windows Server 2019 Standard, you can switch to the Datacenter edition. The command to upgrade from Standard to Datacenter is:

Dism /Online /Set-Edition:ServerDatacenter /AcceptEula /ProductKey: <xxxxx-xxxxx-xxxxx-xxxxx-xxxxx>

After the update, restart the server. You can also switch from the trial version of Windows Server 2019 to a full version. The following commands let you see whether you are running a trial version, tell you to which edition you can upgrade, and display your current edition:

slmgr.vbs /dlv
dism /online /Get-TargetEditions
dism/ online /Get-CurrentEdition

To update the trial version, use the same command as for the upgrade from Standard to Datacenter; that is, you can switch from the Windows Server 2019 Datacenter trial version to the licensed version. The server has to be restarted at least twice, so you can unlock new features like Storage Replica or Storage Spaces Direct. Of course, you will need a valid product key for the change.

6. Starting Safe Mode in Automatic Repair

Interrupting the Windows startup process two or three times starts Windows Automatic Repair. If the server is not working properly, you can start the Windows server in different modes. To switch to Safe Mode, first go to the Repair menu and select See advanced repair options , then Troubleshoot | Advanced options | Windows startup settings . When you click Restart , a system menu appears in which you can Enable Safe Mode .

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Setting up and managing IPv6 on Windows Server 2016
    Windows Server 2016 automatically prefers IPv6 addresses, if available, but the manual configuration steps differ from IPv4 and necessitate new tools. Here's how to approach IPv6 in your daily admin work.
  • SMB 3.1.1 in Windows Server 2016
    We look at the new performance and security features of SMB 3.1.1 with Windows Server 2016 and Windows 10.
  • Remotely managing web access servers
    The Windows PowerShell web-based console lets you run PowerShell commands and scripts in your browser.
  • The best cmdlets for PowerShell
    Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.
  • Top PowerShell Cmdlets

    Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.

comments powered by Disqus