The first 10 steps when Deploying Windows Server 2012
Most Windows system administrators have a list of steps they take when deploying a brand new Windows server onto the network. It’s pretty obvious that Microsoft has done its homework on this, too. With Windows Server 2012, many common “first-run” tasks are easy to find. That said, if you’re new to Windows or just need a bump in the right direction, this article will show you the way. Figure A gives you a look at the main Server Manager window in Windows Server 2012. (Click on the image to view it at full size.) The numbers you see next to some of the items correspond to the numbered list in this article.
An overview of the Server Manager window.
1: Rename the server
Given that the installer provides the server with a generic name, most administrators immediately rename the server to match the organization’s naming convention. This is the first option on the Server Manager window, in fact.
To change your server name, click the existing name of the server. When the System Properties page appears, click the Change button. Enter a new computer name in the appropriate box (Figure B) and click OK. Note that changing the server name will require you to restart the machine.
Change the server name and domain membership.
2: Join a domain
If you look back at Figure B, you’ll see information regarding domain membership at the bottom of the window. In the domain box, provide your domain name. This is identical to how it used to look in older versions of Windows.
3: Disable Windows firewall
Some organizations use host-based firewalls and some don’t. If you’re in the group that prefers to disable host-based firewalls, that’s step three of the initial server preparation. In Figure A, you will notice that my system has the Windows firewall enabled for domain connections. To make a change to the Windows firewall configuration, click Domain: On. You will get a screen like the one shown in Figure C.
This screen shows the current Windows firewall status.
On the left-hand side of the window, click Turn Windows Firewall On Or Off to make changes. Select the radio button next to Turn Off Windows Firewall for each network, as shown in Figure D.
Disable the firewall for each network.
4: Enable Remote Desktop
There are a lot of ways to manage a Windows Server, but many administrators will install a full GUI and connect remotely to the console. It’s quick and it’s easy. Item four on our list is configuring this option.
First, click Disabled next to the Remote Desktop entry in Server Manager. When the Server Manager Remote page opens, select the Allow Remote Connections To This Computer option.
Next, you need to add users who are allowed to connect remotely to the server. By default, the currently logged in user is granted this right once you enable Remote Desktop. To add users, click the Add button (Figure E).
Enable and configure Remote Desktop.
5: Configure the server’s IP settings
In Figure A, you’ll note that this server currently has an IP address provided by DHCP. Click that entry to provide this server with a static IP address. When you do so, a list of network adapters appears (Figure F). I have only a single network adapter in my server.
This system has just one network adapter.
Double-click the listed adapter to open its information page (Figure G).
Open the information page for the network adapter.
From here, click the Properties button to open the properties page. Then, double-click Internet Protocol Version 4 and provide IP address information for the server (Figure H). Note that the server I’m using is a temporary domain controller.
Configure the adapter.
6: Configure Windows Update
Keeping your server protected is of paramount importance. To get started, click Not Configured next to Windows Update. When the screen shown in Figure I appears, click Turn On Automatic Updates. Windows will begin looking for any updates that have yet to be applied to your system. The results appear in the window shown in Figure J. As you can see, Windows Update is now enabled and there are updates pending installation.
Windows Update is not currently enabled.
Windows Update is enabled as there are updates waiting.
You can control the time at which updates are applied. Bear in mind that some updates require a system restart. To change Windows Update settings, click the Change Settings option on the left side of the screen. This will bring up the Change Settings window, shown in Figure K.
The Change Settings window lets you schedule updates.
From this screen, click Updates Will Be Automatically Installed During Maintenance Window to open the Automatic Maintenance settings screen, shown in Figure L. Here, you can change the time when automatic maintenance takes place. Note that maintenance includes processes that include updates, security scans, and other system diagnostics.
Configure the system’s maintenance window.
7: Disable Internet Explorer Enhanced Security Configuration
By default, Internet Explorer in Windows Server is configured with Enhanced Security enabled. Although the purpose is sound — administrators shouldn’t be browsing the Web from servers — when the need to do so arises, this configuration is beyond frustrating. Many administrators simply disable this security setting to get their work done.
In Windows Server 2012, this setting is front and center. Click the On link next to IE Enhanced Security Configuration to open the window you see in Figure M. You’ll note that there are two settings: One for administrative accounts and one for users. If you’re going to disable this feature on a regular server (i.e., a server that isn’t going to host Terminal Services/Remote Desktop Services), I recommend that you disable this setting for administrators but leave it enabled for general users.
Configure IE security settings.
8: Configure time zone settings
There are a whole lot of time zones. This one is pretty easy. Click the current time zone setting to open the Date And Time configuration window, shown in Figure N. From there, click the Change Time Zone button and choose the appropriate time zone.
Configure the time zone settings.
9: Install anti-malware software
Although I have yet to do this for my lab server, for production, anti-malware software is a must in most environments. I’ve had fantastic success with Microsoft Forefront Endpoint Protection. Every organization uses different tools, though.
10: Make sure the server is “enlightened”
Most new servers these days are of the virtual variety. So they need tools installed that provide the server operating system with drivers that match the virtual environment and enable some of the capabilities of virtualization. If you’re running Windows Server 2012, the Hyper-V Tools are baked into the operating system. However, if you’re running a different version of Windows Server or are using VMware, be sure to install either the Hyper-V or VMware Tools (Figure O).