Ten first steps with Windows Server 2012 R2:
Most Windows system administrators have a list of steps that they take when deploying a brand new Windows server onto the network. It’s pretty obvious that Microsoft has done their homework on this fact, too. With Windows Server 2012, many common “first run” tasks are pretty easy to find. That said, if you’re new to Windows or just need a bump in the right direction, this article will show you the way. Figure A gives you a look at the main Server Manager window in Windows Server 2012. The numbers you see next to some of the items correspond to the numbered list in this article.
An overview of the Server Manager window (click on images for full-size)
1. Rename the server:
Given that the installer provides the server with a generic name, most administrators immediately rename the server to match the organization’s naming convention. This is the first option on the Server Manager window, in fact.
To change your server name, click the existing name of the server. When the System Properties page appears, click the Change button. Provide a new computer name in the appropriate box and click the OK button. Note that changing the server name will require you to restart the machine.
Change the server name and domain membership
2. Join a domain:
If you look back at Figure B in item 1, you’ll see information regarding domain membership at the bottom of the window. In the domain box, provide your domain name. This process is identical to what it used to look like in older versions of Windows.
3. Disable Windows firewall:
Some organizations use host-based firewalls and some don’t. If you’re in the group that prefers to disable host-based firewalls, that’s step three of the initial server preparation. In Figure A, you will notice that my system currently has the Windows firewall enabled for domain connections. To make a change to the Windows firewall configuration, click the Domain: On label. You will get a screen like the one shown in Figure C.
Current Windows firewall status
At the left-hand side of the window, click the Turn Windows Firewall on or off link to make changes. Select the radio button next to Turn off Windows Firewall for each network as shown in Figure D.
Disable the firewall for each network:
4. Enable Remote Desktop for remote management:
There are a lot of ways to manage a Windows Server, but many administrators will install a full GUI and connect remotely to the console. It’s quick and it’s easy. Item four on our list is configuring this option.
First, click the Disabled link next to the Remote Desktop entry in Server Manager. When the Server Manager Remote page opens, select the radio button next to Allow remote connections to this computer.
Next, you need to add users that are allowed to connect remotely to the server. By default, the currently logged in user is granted this right once you enable Remote Desktop. To add additional users, click the Add button (Figure E).
Enable and configure Remote Desktop:
5. Configure the server’s IP settings:
In Figure A, you’ll note that this server currently has an IP address provided by DHCP. Click that entry to provide this server with a static IP address. When you do so, a list of network adapters appears (Figure F). I have only a single network adapter in my server.
This system has just one network adapter.
Double-click the listed adapter to open its information page (Figure G).
The information page for the network adapter:
From here, click the Properties button to open the properties page and, from there, double-click Internet Protocol version 4. Provide IP address information for the server. Note that the server I’m using is a temporary domain controller.
Configure the adapter:
6. Configure Windows Update:
Keeping your server protected is of paramount importance. To get started, click Not Configured next to Windows Update. When the screen shown in Figure I appear, click the Turn on Automatic Updates button. Windows will immediately begin looking for any updates that have yet to be applied to your system. The result is shown in Figure J where you can see that Windows Update is now enabled and there are updates pending installation.
Windows Update is not currently enabled:
Windows Update is enabled as there are updates waiting:
You can control the time at which updates are applied. Bear in mind that some updates require a system restart. To change Windows Update settings, click the Change Settings option at the left side of the screen. This will bring up the Change Settings window, shown in Figure K.
The Change Settings window:
From this screen, click the link entitled Updates will be automatically installed during maintenance window to open the Automatic Maintenance settings window, shown in Figure L. In this window, change the time at which automatic maintenance should take place. Note that maintenance includes processes that include updates, security scans, and other system diagnostics.
Configure the system’s maintenance window:
7. Disable Internet Explorer Enhanced Security Configuration:
By default, Internet Explorer in Windows Server is configured with Enhanced Security enabled. Although the purpose is sound — administrators shouldn’t be browsing the web from servers — when the need to do so does arise, this configuration is beyond frustrating. Many administrators simply disable this security setting in order to get their work done.
In Windows Server 2012, this setting is front and center. Click the On link next to IE Enhanced Security Configuration to open the window you see in Figure M. You’ll note that there are two settings: One for administrative accounts and a second for users. If you’re going to disable this feature on a regular server (i.e. a server that isn’t going to host Terminal Services/Remote Desktop Services), I recommend that you disable this setting for administrators, but leave it enabled for general users.
Configure IE security settings:
8. Configure time zone settings:
There are a whole lot of time zones. This one is pretty easy. Click the current time zone setting to open the Date and Time configuration window shown in Figure N. From there, click the Change Time Zone button and in the resulting window, choose the appropriate time zone.
Windows Date and Time configuration:
9. Install antimalware software:
Although I have yet to do this for my lab server, for production, antimalware server is a must in most environments. I’ve had fantastic success with Microsoft Forefront Endpoint Protection. Every organization uses different tools, though.
10. Make sure the server is “enlightened”:
Most new servers these days are of the virtual variety. As such, they need tools installed which provide the server operating system with drivers that match the virtual environment and enable some of the capabilities of virtualization. If you’re running Windows Server 2012, the Hyper-V Tools are baked into the operating system. However, if you’re running a different version of Windows Server or are using VMware, make sure to install either the Hyper-V or VMware Tools.
Install VM tools