Deploying Windows Server - General Overview

If you're like me, you've probably been deploying Windows Server since you finished high-school. For some of us, we deployed our first Windows Server even before then. So it's easy to get stuck in a rut, and continue doing things as you always have. But, you really need to change the way you do things everytime a new version of Windows Server is released. With Windows Server 2012 now on our doorstep, the procedure for installing and configuring Windows Server is about to take another dramatic change. So here is an overview of a few basic steps you should complete whenever you install Windows Server, some of these steps will only apply to the later versions:
  1. Always install on redundant storage - Be it a SAN or a RAID array (1 or 10)
  2. Consider Server Core - It may be a little daunting to run a server without a GUI, but your security team will thank you for it!
  3. Configure a static IP address - IPv4 and IPv6 or disable IPv6 if you're not going to use it. Be aware that some features rely on IPv6, find out what they are and see if that will effect you
  4. Configure your hostname - Come up with a naming convention that makes it easy to identify the server's role in your environment. Sometimes people like to link the name with the IP, which makes it easy to determine the IP address based on the name.
  5. Configure a Server SOE - You can do this using scripting or Group Policy objects, having a Server SOE makes your server's easier to manage. I configure loopback processing on my Server SOE so that all Administrators have a similar operating environment. This makes it easier to produce documentation that works
  6. Run the BPA (Best Practice Analyser) -  For the roles you have installed, fix any errors and read any warnings to see if you need to fix them too. If the BPA is missing for your role, install it by obtaining the Windows Update from Microsoft. Once you have had the server up and running for a while, re-run the BPA
  7. MBSA - More on this later

Popular posts from this blog

Get local computer UUID/GUID using Windows Powershell

Use the following syntax to get the local computer's UUID/GUID using Windows Powershell: get-wmiobject Win32_ComputerSystemProduct  | Select-Object -ExpandProperty UUID Add -computername after the WMI class to find a remote computer's UUID, example: get-wmiobject Win32_ComputerSystemProduct -computername RANTPC | Select-Object -ExpandProperty UUID
Read more

gPLink and gPOptions

gPLink is a property for sites, domains and organisational units that contains a prioritised list of GPOs linked to the node. gPOptions is a property that contains all Block Policy Inheritance settings for the node. To manage GPO links on a node, you must have read and write access to the gPLink and gPOptions properties.
Read more

PSLoggedOn Getting Started on Windows Server 2008 R2

Image
PSLoggedOn is a tool I downloaded to allow me to find out which computers a user is currently logged on to. Getting it up and running wasn’t exactly easy. I’m running a Windows Server 2008 R2 test environment. The first error I encountered was: Error browing network: The list of servers for this workgroup is not currently available. Note: I kept the spelling mistake from the error message to make it easier to find via search engines. To get past this error, you have to enable and start the “Computer Browser” service. Then I started getting the error telling me that the Administrator is not logged on. That’s simply not true because I am logged onto another server (Name: ELARA): I turned the firewall OFF OFF OFF (It is a test network after all). I enabled Network Discovery and to do that I went on a service starting frenzy: DNS Client, Function Discovery Resource Publication, SSDP Discovery, and UPnP Device Host, Computer Browser After all that, I ran the script against the se
Read more