1. Server Core安装与管理
Server Core是Windows Server 2022的最小安装选项,具有更高的安全性和可靠性。更多学习教程www.fgedu.net.cn
1. 启动Windows Server 2022安装媒体
2. 选择语言、时间和键盘设置
3. 点击”安装现在”
4. 输入产品密钥
5. 选择”Windows Server 2022 Standard (Desktop Experience)”或”Windows Server 2022 Datacenter (Desktop Experience)”
6. 选择”自定义:仅安装Windows(高级)”
7. 选择安装分区
8. 完成安装并设置管理员密码
# Server Core管理命令
# 查看服务器信息
C:\> systeminfo
# 查看IP配置
C:\> ipconfig /all
# 启用远程管理
C:\> winrm quickconfig
# 安装角色和功能
C:\> Install-WindowsFeature -Name Web-Server, Hyper-V -IncludeManagementTools
# 查看已安装的角色和功能
C:\> Get-WindowsFeature
# 配置服务器名称
C:\> Rename-Computer -NewName “SERVER01” -Restart
# 配置静态IP地址
C:\> New-NetIPAddress -InterfaceAlias “Ethernet” -IPAddress “192.168.1.100” -PrefixLength 24 -DefaultGateway “192.168.1.1”
C:\> Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses “8.8.8.8”, “8.8.4.4”
2. Hyper-V虚拟化管理
Hyper-V是Windows Server 2022内置的虚拟化平台,用于创建和管理虚拟机。学习交流加群风哥微信: itpux-com
C:\> Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart
# 创建虚拟机
C:\> New-VM -Name “VM01” -MemoryStartupBytes 4GB -Generation 2 -NewVHDPath “D:\VMs\VM01\VM01.vhdx” -NewVHDSizeBytes 100GB -SwitchName “Default Switch”
# 启动虚拟机
C:\> Start-VM -Name “VM01”
# 查看虚拟机状态
C:\> Get-VM
# 配置虚拟机硬件
C:\> Set-VM -Name “VM01” -ProcessorCount 2
C:\> Set-VM -Name “VM01” -MemoryStartupBytes 8GB
# 创建虚拟交换机
C:\> New-VMSwitch -Name “InternalSwitch” -SwitchType Internal
C:\> New-VMSwitch -Name “ExternalSwitch” -SwitchType External -NetAdapterName “Ethernet”
# 导出虚拟机
C:\> Export-VM -Name “VM01” -Path “D:\VMExports”
# 导入虚拟机
C:\> Import-VM -Path “D:\VMExports\VM01” -Copy
# 虚拟机实时迁移
C:\> Move-VM -Name “VM01” -DestinationHost “SERVER02” -IncludeStorage -DestinationStoragePath “D:\VMs”
3. Active Directory高级配置
Active Directory是Windows Server的核心目录服务,用于管理用户、计算机和资源。
C:\> Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
# 提升为域控制器
C:\> Install-ADDSForest -DomainName “fgedu.local” -SafeModeAdministratorPassword (ConvertTo-SecureString “P@ssw0rd” -AsPlainText -Force) -InstallDns
# 创建用户账户
C:\> New-ADUser -Name “John Doe” -SamAccountName “jdoe” -UserPrincipalName “jdoe@fgedu.local” -GivenName “John” -Surname “Doe” -Enabled $true -PasswordNeverExpires $true -AccountPassword (ConvertTo-SecureString “P@ssw0rd” -AsPlainText -Force)
# 创建组织单位
C:\> New-ADOrganizationalUnit -Name “Departments” -Path “DC=fgedu,DC=local”
C:\> New-ADOrganizationalUnit -Name “IT” -Path “OU=Departments,DC=fgedu,DC=local”
# 创建组
C:\> New-ADGroup -Name “IT Administrators” -SamAccountName “ITAdmins” -GroupCategory Security -GroupScope Global -Path “OU=IT,OU=Departments,DC=fgedu,DC=local”
# 添加用户到组
C:\> Add-ADGroupMember -Identity “ITAdmins” -Members “jdoe”
# 配置组策略
C:\> New-GPO -Name “IT Department Policy”
C:\> New-GPLink -Name “IT Department Policy” -Target “OU=IT,OU=Departments,DC=fgedu,DC=local”
# 配置域信任
C:\> New-ADTrust -Name “partner.local” -Direction Bidirectional -TargetDomainName “partner.local” -SourceDomainAdministratorCredentials (Get-Credential) -TargetDomainAdministratorCredentials (Get-Credential)
4. DNS和DHCP服务器管理
DNS和DHCP是网络基础设施的重要组成部分,需要正确配置和管理。学习交流加群风哥QQ113257174
C:\> Install-WindowsFeature -Name DNS -IncludeManagementTools
# 创建DNS区域
C:\> Add-DnsServerPrimaryZone -Name “fgedu.local” -ZoneFile “fgedu.local.dns”
# 添加DNS记录
C:\> Add-DnsServerResourceRecordA -ZoneName “fgedu.local” -Name “server01” -IPv4Address “192.168.1.100”
C:\> Add-DnsServerResourceRecordCNAME -ZoneName “fgedu.local” -Name “www” -HostNameAlias “server01.fgedu.local”
# 配置DNS转发器
C:\> Add-DnsServerForwarder -IPAddress “8.8.8.8”, “8.8.4.4”
# 安装DHCP服务器
C:\> Install-WindowsFeature -Name DHCP -IncludeManagementTools
# 授权DHCP服务器
C:\> Add-DhcpServerInDC -DnsName “server01.fgedu.local” -IPAddress “192.168.1.100”
# 创建DHCP作用域
C:\> Add-DhcpServerV4Scope -Name “Internal Network” -StartRange “192.168.1.101” -EndRange “192.168.1.200” -SubnetMask “255.255.255.0”
# 配置DHCP选项
C:\> Set-DhcpServerV4OptionValue -ScopeId “192.168.1.0” -DnsServer “192.168.1.100” -Router “192.168.1.1”
# 查看DHCP租约
C:\> Get-DhcpServerv4Lease -ScopeId “192.168.1.0”
5. 文件服务器高级配置
文件服务器是企业网络中存储和共享文件的重要服务器角色。更多学习教程公众号风哥教程itpux_com
C:\> Install-WindowsFeature -Name File-Services -IncludeManagementTools
# 创建共享文件夹
C:\> New-Item -Path “D:\Shares” -ItemType Directory
C:\> New-Item -Path “D:\Shares\Public” -ItemType Directory
C:\> New-Item -Path “D:\Shares\Department” -ItemType Directory
# 配置共享权限
C:\> New-SmbShare -Name “Public” -Path “D:\Shares\Public” -FullAccess “Everyone”
C:\> New-SmbShare -Name “Department” -Path “D:\Shares\Department” -ChangeAccess “Domain Users”
# 配置NTFS权限
C:\> Get-Acl “D:\Shares\Public” | Set-Acl “D:\Shares\Department”
C:\> icacls “D:\Shares\Department” /grant “Domain Users:(OI)(CI)M”
# 启用文件服务器资源管理器
C:\> Install-WindowsFeature -Name FS-Resource-Manager
# 配置配额
C:\> New-FsrmQuota -Path “D:\Shares\Department” -Size 10GB -Description “Department Share Quota”
# 配置文件屏蔽
C:\> New-FsrmFileScreenTemplate -Name “Block Executables” -IncludeGroup “Executable Files”
C:\> New-FsrmFileScreen -Path “D:\Shares\Public” -Template “Block Executables”
# 配置卷影副本
C:\> vssadmin add shadowstorage /for=D: /on=E: /maxsize=20%
C:\> vssadmin create shadow /for=D:
6. 远程桌面服务管理
远程桌面服务允许用户通过网络远程访问Windows桌面。
C:\> Install-WindowsFeature -Name RDS-RD-Server, RDS-Licensing, RDS-Web-Access -IncludeManagementTools
# 配置远程桌面会话主机
C:\> Set-RDSessionCollectionConfiguration -CollectionName “QuickSessionCollection” -ConnectionBroker “server01.fgedu.local”
# 配置远程桌面授权
C:\> Install-RDLicense -LicenseServer “server01.fgedu.local” -LicenseMode PerUser
# 激活远程桌面授权
C:\> slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
C:\> slmgr.vbs /ato
# 配置远程桌面用户
C:\> Add-LocalGroupMember -Group “Remote Desktop Users” -Member “jdoe”
# 配置远程桌面连接设置
C:\> Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server” -Name “fDenyTSConnections” -Value 0
C:\> Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp” -Name “UserAuthentication” -Value 1
# 查看远程桌面会话
C:\> quser
# 断开远程桌面会话
C:\> rwinsta /server:server01 sessionid
7. PowerShell高级脚本
PowerShell是Windows Server管理的强大工具,可以通过脚本自动化管理任务。author:www.itpux.com
# 检查服务器状态
$servers = @(“server01”, “server02”, “server03”)
foreach ($server in $servers) {
$ping = Test-Connection -ComputerName $server -Count 1 -Quiet
if ($ping) {
Write-Host “$server is online” -ForegroundColor Green
} else {
Write-Host “$server is offline” -ForegroundColor Red
}
}
# 批量创建用户
$users = @(
@{Name=”Alice Smith”; SamAccountName=”asmith”},
@{Name=”Bob Johnson”; SamAccountName=”bjohnson”},
@{Name=”Charlie Brown”; SamAccountName=”cbrown”}
)
foreach ($user in $users) {
New-ADUser -Name $user.Name -SamAccountName $user.SamAccountName -UserPrincipalName “$($user.SamAccountName)@fgedu.local” -Enabled $true -PasswordNeverExpires $true -AccountPassword (ConvertTo-SecureString “P@ssw0rd” -AsPlainText -Force)
Write-Host “Created user: $($user.Name)”
}
# 监控磁盘空间
$servers = @(“server01”, “server02”)
foreach ($server in $servers) {
$disks = Get-WmiObject -Class Win32_LogicalDisk -ComputerName $server -Filter “DriveType=3”
foreach ($disk in $disks) {
$freeSpace = [math]::Round($disk.FreeSpace / 1GB, 2)
$totalSpace = [math]::Round($disk.Size / 1GB, 2)
$percentFree = [math]::Round(($disk.FreeSpace / $disk.Size) * 100, 2)
Write-Host “$server – $($disk.DeviceID): $freeSpace GB free of $totalSpace GB ($percentFree%)”
if ($percentFree -lt 20) {
Write-Host “WARNING: Low disk space on $server – $($disk.DeviceID)” -ForegroundColor Red
}
}
}
# 自动化服务管理
$services = @(“WinRM”, “wuauserv”, “bits”)
foreach ($service in $services) {
$status = Get-Service -Name $service
if ($status.Status -ne “Running”) {
Start-Service -Name $service
Write-Host “Started service: $service”
} else {
Write-Host “Service $service is already running”
}
}
8. 安全加固与最佳实践
Windows Server 2022的安全加固是确保系统安全的重要措施。
C:\> Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
# 配置Windows Defender防病毒
C:\> Set-MpPreference -DisableRealtimeMonitoring $false -ScanParameters 2
# 启用BitLocker加密
C:\> Install-WindowsFeature -Name BitLocker -IncludeManagementTools
C:\> Enable-BitLocker -MountPoint “C:” -EncryptionMethod Aes256 -UsedSpaceOnly -PasswordProtector
# 配置本地安全策略
C:\> secedit /export /cfg “C:\SecurityPolicy.inf”
C:\> # 编辑安全策略文件
C:\> secedit /configure /db “C:\Windows\Security\Local.sdb” /cfg “C:\SecurityPolicy.inf” /areas SECURITYPOLICY
# 启用审核策略
C:\> auditpol /set /category:”Account Management” /success:enable /failure:enable
C:\> auditpol /set /category:”Logon/Logoff” /success:enable /failure:enable
# 禁用不必要的服务
C:\> Stop-Service -Name “RemoteRegistry” -Force
C:\> Set-Service -Name “RemoteRegistry” -StartupType Disabled
# 配置用户账户控制
C:\> Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” -Name “EnableLUA” -Value 1
C:\> Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” -Name “ConsentPromptBehaviorAdmin” -Value 2
# 应用安全更新
C:\> Install-Module -Name PSWindowsUpdate
C:\> Get-WindowsUpdate -Install -AcceptAll
9. 监控与管理工具
有效的监控和管理工具可以帮助管理员及时发现和解决问题。
C:\> wevtutil sl Application /enabled:true
C:\> wevtutil sl Security /enabled:true
C:\> wevtutil sl System /enabled:true
# 配置事件转发
C:\> winrm quickconfig
C:\> wecutil qc
# 安装系统中心操作管理器(SCOM)
# 下载SCOM安装媒体并运行Setup.exe
# 配置性能监控
C:\> New-PerformanceCounterAlert -Counter “Processor(_Total)\% Processor Time” -Threshold 90 -SampleInterval 5 -Minutes 5 -Action “Send-MailMessage -To ‘admin@fgedu.local’ -Subject ‘High CPU Alert’ -Body ‘CPU usage is high on server01’ -SmtpServer ‘smtp.fgedu.local'”
# 使用Windows Admin Center
# 下载Windows Admin Center并安装
# 访问https://server01:443
# 配置服务器管理器
C:\> Get-ServerManagerServer -ComputerName server01, server02 | Add-ServerManagerServer
# 查看系统性能
C:\> Get-Counter -Counter “\Processor(_Total)\% Processor Time”, “\Memory\Available MBytes”, “\LogicalDisk(C:)\% Free Space” -SampleInterval 2 -MaxSamples 5
# 生成系统健康报告
C:\> Generate-SystemHealthReport -ComputerName server01 -OutputPath “C:\Reports”
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
