In order to manage many of the feature of Windows Server 2019, you need to install and use the Windows Remote Server Administration (RSAT) tools. These tools include PowerShell modules, cmdlets, and other objects that enable you to manage the various features as described in this book.
This recipe configures several hosts: a domain controller (DC1), two domain-joined servers (SRV1, SRV2), and a Windows 10 domain-joined client (CL1).
This recipe enables you to use a Windows 10 computer to manage your Windows 2019 servers remotely. As needed, you can also log in to a server using remote desktop tools to carry out any needed administration locally.
This recipe assumes you have set up the VM farm for this book as described in the Preface to the book. In particular, this recipe uses a Windows Server 2019 host running as a domain controller (DC1), a Windows 10 client computer (CL1), plus two domain-joined servers (SRV1, SRV2).
Your client system should be Windows 10 Enterprise or Professional. Once you have installed the operating system, you should customize it with some artifacts used throughout this book, as follows:
# Set execution Policy Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force # Create Local Foo folder New-Item C:\Foo -ItemType Directory -Force # Create basic profile and populate New-Item $profile -Force -ErrorAction SilentlyContinue '# Profile file created by recipe' | OUT-File $profile '# Profile for $(hostname)' | OUT-File $profile -Append '' | OUT-File $profile -Append '# Set location' | OUT-File $profile -Append 'Set-Location -Path C:\Foo' | OUT-File $profile -Append '' | OUT-File $profile -Append '# Set an alias' | Out-File $Profile -Append 'Set-Alias gh get-help' | Out-File $Profile -Append '### End of profile' | Out-File $Profile -Append # Now view profile in Notepad Notepad $Profile # And update Help Update-Help -Force
These steps create the C:\Foo folder, create a profile, and update the PowerShell help information. You can add other customizations to these steps, such as adding VS Code or other third-party modules.
From
CL1, get all available PowerShell commands:$CommandsBeforeRSAT = Get-Command -Module * $CountBeforeRSAT = $CommandsBeforeRSAT.Count "On Host: [$Env:COMPUTERNAME]" "Commands available before RSAT installed: [$CountBeforeRSAT]"
Examine the types of command returned by
Get-Command:$CommandsBeforeRSAT | Get-Member | Select-Object -ExpandProperty TypeName -Unique
Get the collection of PowerShell modules and a count of modules before adding the RSAT tools:
$ModulesBeforeRSAT = Get-Module -ListAvailable $CountOfModulesBeforeRSAT = $ModulesBeforeRSAT.Count "$CountOfModulesBeforeRSAT modules installed prior to adding RSAT"
Get the
Windows Client VersionandHardware Platform:$Key = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' $CliVer = (Get-ItemProperty -Path $Key).ReleaseId $Platform = $ENV:PROCESSOR_ARCHITECTURE "Windows Client Version : $CliVer" "Hardware Platform : $Platform"
Create a URL for the download file—note this recipe only works for
1709and1803:$LP1 = 'https://download.microsoft.com/download/1/D/8/' + '1D8B5022-5477-4B9A-8104-6A71FF9D98AB/' $Lp180364 = 'WindowsTH-RSAT_WS_1803-x64.msu' $Lp170964 = 'WindowsTH-RSAT_WS_1709-x64.msu' $Lp180332 = 'WindowsTH-RSAT_WS_1803-x86.msu' $Lp170932 = 'WindowsTH-RSAT_WS_1709-x86.msu' If ($CliVer -eq 1803 -and $Platform -eq 'AMD64') { $DLPath = $Lp1 + $lp180364} ELSEIf ($CliVer -eq 1709 -and $Platform -eq 'AMD64') { $DLPath = $Lp1 + $lp170964} ElseIf ($CliVer -eq 1803 -and $Platform -eq 'X86') { $DLPath = $Lp1 + $lp180332} ElseIf ($CliVer -eq 1709 -and $platform -eq 'x86') { $DLPath = $Lp1 + $lp170932} Else {"Version $Cliver - unknown"; return}Display what is to be downloaded:
"RSAT MSU file to be downloaded:" $DLPath
Use BITS to download the file:
$DLFile = 'C:\foo\Rsat.msu' Start-BitsTransfer -Source $DLPath -Destination $DLFile
Check the download's Authenticode signature:
$Authenticatefile = Get-AuthenticodeSignature $DLFile If ($Authenticatefile.status -NE "Valid") {'File downloaded fails Authenticode check'} Else {'Downloaded file passes Authenticode check'}$WsusArguments = $DLFile + " /quiet" 'Installing RSAT for Windows 10 - Please Wait...' $Path = 'C:\Windows\System32\wusa.exe' Start-Process -FilePath $Path -ArgumentList $WsusArguments -Wait
Now that RSAT features are installed, see what commands are available on the client:
$CommandsAfterRSAT = Get-Command -Module * $COHT1 = @{ ReferenceObject = $CommandsBeforeRSAT DifferenceObject = $CommandsAfterRSAT } # NB: This is quite slow $DiffC = Compare-Object @COHT1 "$($DiffC.Count) Commands added with RSAT"Check how many modules are now available on
CL1:$ModulesAfterRSAT = Get-Module -ListAvailable $CountOfModulesAfterRsat = $ModulesAfterRSAT.Count $COHT2 = @{ ReferenceObject = $ModulesBeforeRSAT DifferenceObject = $ModulesAfterRSAT } $DiffM = Compare-Object @COHT2 "$($DiffM.Count) Modules added with RSAT to CL1" "$CountOfModulesAfterRsat modules now available on CL1""$($DiffM.Count) modules added With RSAT tools to CL1" $DiffM | Format-Table InputObject -HideTableHeaders
That completes adding the RSAT tools to the client; now we add the tools to
SRV1and look at comparisons with tools on other servers viaCL1.Get details of the features and tools loaded on
DC1,SRV1, andSRV2:$FSB1 = {Get-WindowsFeature} $FSRV1B = Invoke-Command -ComputerName SRV1 -ScriptBlock $FSB1 $FSRV2B = Invoke-Command -ComputerName SRV2 -ScriptBlock $FSB1 $FDC1B = Invoke-Command -ComputerName DC1 -ScriptBlock $FSB1 $IFSrv1B = $FSRV1B | Where-object installed $IFSrv2B = $SRV2B | Where-Object installed $IFDC1B = $FDC1B | Where-Object installed $RFSrv1B = $FeaturesSRV1B | Where-Object Installed | Where-Object Name -Match 'RSAT' $RFSSrv2B = $FeaturesSRV2B | Where-Object Installed | Where-Object Name -Match 'RSAT' $RFSDC1B = $FeaturesDC1B | Where-Object Installed | Where-Object Name -Match 'RSAT'Display details of the tools installed on each server:
'Before Installation of RSAT tools on DC1, SRV1' "$($IFDC1B.Count) features installed on DC1" "$($RFSDC1B.Count) RSAT features installed on DC1" "$($IFSrv1B.Count) features installed on SRV1" "$($RFSrv1B.Count) RSAT features installed on SRV1" "$($IFSrv2B.Count) features installed on SRV2" "$($RFSSRV2B.Count) RSAT features installed on SRV2"
Add the RSAT tools to the
SRV2server.$InstallSB = { Get-WindowsFeature -Name *RSAT* | Install-WindowsFeature } $I = Invoke-Command -ComputerName SRV1 -ScriptBlock $InstallSB $I If ($I.RestartNeeded -eq 'Yes') { 'Restarting SRV1' Restart-Computer -ComputerName SRV1 -Force -Wait -For PowerShell }Get details of RSAT tools on
SRV1vsSRV2:$FSB2 = {Get-WindowsFeature} $FSRV1A = Invoke-Command -ComputerName SRV1 -ScriptBlock $FSB2 $FSRV2A = Invoke-Command -ComputerName SRV2 -ScriptBlock $FSB2 $IFSrv1A = $FSRV1A | Where-Object Installed $IFSrv2A = $FSRV2A | Where-Object Installed $RSFSrv1A = $FSRV1A | Where-Object Installed | Where-Object Name -Match 'RSAT' $RFSSrv2A = $FSRV2A | Where-Object Installed | Where-Object Name -Match 'RSAT'Display after results:
"After Installation of RSAT tools on SRV1" "$($IFSRV1A.Count) features installed on SRV1" "$($RSFSrv1A.Count) RSAT features installed on SRV1" "$($IFSRV2A.Count) features installed on SRV2" "$($RFSSRV2A.Count) RSAT features installed on SRV2"
This recipe installs the RSAT tools on both a Windows 10 domain-joined computer (CL1) and on several Windows 2019 servers. The recipe also displays the results of the installation. You begin, in step 1, by getting all the commands available on the Windows 10 host and display a count.
Depending on the specific version of Windows 10 you use and what tools you may have already added to the client, the counts may be different. Here is what the output of this step looks like:
As you can see, 1528 total commands existed prior to adding the RSAT tools. In step 2, you examine the different types of command that make up that total, as shown here:
PowerShell includes aliases, functions, filters, and cmdlets as commands. Adding the RSAT tools increases the number of commands available. In step 3, you display a count of the modules installed currently, which looks like the following:
In step 4, you obtain the hardware platform and the Windows 10 version, which looks like this:
In step 5, you create a URL for downloading the RSAT tools. Different versions exist for different hardware platforms (for example, x86 and amd64) and for major Windows 10 versions (1709 and 1803). In step 6, you display the URL, which looks like this:
In step 7, you use the Background Intelligent Transfer Service (BITS) to retrieve the URL and store it as C:\Foo\Rsat.msu. The transfer produces no output.
In step 8, you check the Authenticode digital signature of the downloaded file to ensure the file was transferred correctly and has not been tampered with, which looks like this:
In step 9, you run the downloaded file that installs the RSAT tools. Aside from the message that the script is installing the RSAT tools, PowerShell runs this silently and there is no additional output from this step.
In Step 10, you determine that CL1 now has a total of 1270 commands, as shown:
In step 11, you discover the number of RSAT tools and the total of modules now available on CL1, as shown:
In step 12, you display the modules that were added to CL1, which looks like this:
The preceding steps complete the task of installing the RSAT tools on a Windows 10 client. In some cases, you may also want to install the relevant tools on some or all of your servers.
In this part of the recipe, you are installing the RSAT tools onto server SRV1. You then compare the tools added to SRV1 with what is available on other servers (for example, DC1 and SRV2). In this case, DC1 is a domain controller with other features added during creation of the DC1 server. SRV2, on the other hand, starts as just a domain-joined server with no additional tools.
In step 13, you determine the features available on the three servers—this produces no output. In step 14, you display a count of the features and RSAT features available on each server, which looks like this:
In step 15, you install the RSAT tools remotely on SRV1. To complete the installation, you also reboot the server if the installation requires a reboot. The output looks like the following:
In step 16, you determine the features now available on the three servers, producing no output, and finally, in step 17, you display the results, as follows:
In step 1, you saw that there were 1528 commands loaded on CL1 while in step 4 you saw that you had 77 modules on your system. PowerShell gets commands primarily from modules, although older PowerShell snap-ins also contain cmdlets. If you wish to use a command contained in a snap-in, you have to load the snap-in explicitly by using Add-PSSnapin. PowerShell can only auto-load commands found in modules.
In step 4 and step 5, you calculate and display a URL to download the RSAT tools. These recipe steps work for two versions of Windows 10 and for two hardware platforms. The URLs and versions of Windows 10 available may have changed by the time you read this. Also, the recipe caters just for Windows 10 versions 1709 and 1803. Download files for earlier versions are not available in the same way as for later versions. And for versions later than 1893, the mechanism may change again.
In step 15, when you displayed the results of adding features to SRV1, the output looked different if the formatting had been done on the server. On the server, PowerShell is able to display XML that states how to format output from WindowsFeature cmdlets. Windows 10 does not display XML, hence the list output in this step.