Windows optimize

Ten first steps with Windows Server 2012

Scott Lowe walks you through some of the first tasks administrators perform when deploying a new Windows server on the network. Here's how it looks on Windows Server 2012.
Most Windows system administrators have a list of steps that they take when deploying a brand new Windows server onto the network. It's pretty obvious that Microsoft has done their homework on this fact, too. With Windows Server 2012, many common "first run" tasks are pretty easy to find. That said, if you're new to Windows or just need a bump in the right direction, this article will show you the way. Figure A gives you a look at the main Server Manager window in Windows Server 2012. The numbers you see next to some of the items correspond to the numbered list in this article.

Figure A

An overview of the Server Manager window (click on images for full-size).

1. Rename the server

Given that the installer provides the server with a generic name, most administrators immediately rename the server to match the organization's naming convention. This is the first option on the Server Manager window, in fact.

To change your server name, click the existing name of the server. When the System Properties page appears, click the Change button. Provide a new computer name in the appropriate box and click the OK button. Note that changing the server name will require you to restart the machine.

Figure B

Change the server name and domain membership

2. Join a domain

If you look back at Figure B in item 1, you'll see information regarding domain membership at the bottom of the window. In the domain box, provide your domain name. This process is identical to what it used to look like in older versions of Windows.

3. Disable Windows firewall

Some organizations use host-based firewalls and some don't. If you're in the group that prefers to disable host-based firewalls, that's step three of the initial server preparation. In Figure A, you will notice that my system currently has the Windows firewall enabled for domain connections. To make a change to the Windows firewall configuration, click the Domain: On label. You will get a screen like the one shown in Figure C.

Figure C

Current Windows firewall status
At the left-hand side of the window, click the Turn Windows Firewall on or off link to make changes.  Select the radio button next to Turn off Windows Firewall for each network as shown in Figure D.

Figure D

Disable the firewall for each network

4. Enable Remote Desktop for remote management

There are a lot of ways to manage a Windows Server, but many administrators will install a full GUI and connect remotely to the console. It's quick and it's easy. Item four on our list is configuring this option.

First, click the Disabled link next to the Remote Desktop entry in Server Manager. When the Server Manager Remote page opens, select the radio button next to Allow remote connections to this computer.

Next, you need to add users that are allowed to connect remotely to the server. By default, the currently logged in user is granted this right once you enable Remote Desktop. To add additional users, click the Add button (Figure E).

Figure E

Enable and configure Remote Desktop

5. Configure the server's IP settings

In Figure A, you'll note that this server currently has an IP address provided by DHCP. Click that entry to provide this server with a static IP address. When you do so, a list of network adapters appears (Figure F). I have only a single network adapter in my server.

Figure F

This system has just one network adapter.
Double-click the listed adapter to open its information page (Figure G).

Figure G

The information page for the network adapter

From here, click the Properties button to open the properties page and, from there, double-click Internet Protocol version 4. Provide IP address information for the server. Note that the server I'm using is a temporary domain controller.

Figure H

Configure the adapter

6. Configure Windows Update

Keeping your server protected is of paramount importance. To get started, click Not Configured next to Windows Update. When the screen shown in Figure I appears, click the Turn On Automatic Updates button. Windows will immediately begin looking for any updates that have yet to be applied to your system. The result is shown in Figure J where you can see that Windows Update is now enabled and there are updates pending installation.

Figure I

Windows Update is not currently enabled

Figure J

Windows Update is enabled as there are updates waiting.
You can control the time at which updates are applied. Bear in mind that some updates require a system restart. To change Windows Update settings, click the Change Settings option at the left side of the screen. This will bring up the Change Settings window, shown in Figure K.

Figure K

The Change Settings window
From this screen, click the link entitled Updates will be automatically installed during maintenance window to open the Automatic Maintenance settings window, shown in Figure L. In this window, change the time at which automatic maintenance should take place. Note that maintenance includes processes that include updates, security scans, and other system diagnostics.

Figure L

Configure the system's maintenance window

7. Disable Internet Explorer Enhanced Security Configuration

By default, Internet Explorer in Windows Server is configured with Enhanced Security enabled. Although the purpose is sound -- administrators shouldn't be browsing the web from servers -- when the need to do so does arise, this configuration is beyond frustrating. Many administrators simply disable this security setting in order to get their work done.

In Windows Server 2012, this setting is front and center. Click the On link next to IE Enhanced Security Configuration to open the window you see in Figure M. You'll note that there are two settings: One for administrative accounts and a second for users. If you're going to disable this feature on a regular server (i.e. a server that isn't going to host Terminal Services/Remote Desktop Services), I recommend that you disable this setting for administrators, but leave it enabled for general users.

Figure M

Configure IE security settings

8. Configure time zone settings

There are a whole lot of time zones. This one is pretty easy. Click the current time zone setting to open the Date and Time configuration window shown in Figure N. From there, click the Change Time Zone button and in the resulting window, choose the appropriate time zone.

Figure N

Windows Date and Time configuration

9. Install antimalware software

Although I have yet to do this for my lab server, for production, antimalware server is a must in most environments. I've had fantastic success with Microsoft Forefront Endpoint Protection. Every organization uses different tools, though.

10. Make sure the server is "enlightened"

Most new servers these days are of the virtual variety. As such, they need tools installed which provide the server operating system with drivers that match the virtual environment and enable some of the capabilities of virtualization. If you're running Windows Server 2012, the Hyper-V Tools are baked into the operating system. However, if you're running a different version of Windows Server or are using VMware, make sure to install either the Hyper-V or VMware Tools.

Figure O

Install VM tools

About

Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...

9 comments
Still_Rockin
Still_Rockin

Let me add my thanks for this summary, Scott. From someone who found the massive UI changes from server 2008 to 2012 a bit frustrating to find stuff - I mean, when one has to google how to shutdown/restart the darn server because of the "disappearance" of the start button - and no I haven't worked with any Windows 8 clients yet - I am always in awe of the team at Microsoft whose job is must be to figure out how to move stuff around between major o/s versions in the most inscrutable way... (And can someone explain to me why, after it taking awhile even to find the "search box", typing 'windows update' into it doesn't return any results???) Anyway, I guess I'm getting used to it now. Thanks again Scott!!!

brian
brian

For an extra boost of speed, almost all these things, and much more, can be automated using Windows Deployment Services (WDS) for installing new systems. WDS can perform the entire setup and automatically join the new system to the domain without lifting a finger, other than making sure PXEBoot is first in the boot order. The domain policy can then set most everything else up, from the firewall policy, to Windows Update settings, on down to the automated installation of malware/virus software.

DaleBach
DaleBach

Most of us "assume" that everyone knows things - when quite the opposite is true. Operating systems change as does all software, and articles such as this are irreplaceable for their nuggets of knowledge. Thanks Scott for taking the time, always appreciate reading from someone who has "been there". Time saving for any harried Net Admin who has yet to set up a Server 2012 - especially as there is very little literature (as of this date) actually available.

jfuller05
jfuller05

On my network, we have a network firewall (Sonicwall) and we have Windows Firewall enabled on our servers. Is there an advantage to disabling host-based firewalls?

Knighthawk5193@Yahoo.com
Knighthawk5193@Yahoo.com

This was informational! I have always wondered why these tasks are almost always overlooked by some people......then when their server is attacked, hacked, or disabled through a virus, or DDoS, they complain about Windows security not being up to snuff. LoL! I may not have used Windows server products in over 10 years, (Ubuntu Server, and a few Linux clients / laptops!) But it seems that Microsoft has finally gotten closer to making the "perfect server OS"

andyrwebman
andyrwebman

@Still_Rockin damn right. You couldn't accidentally make stuff this rubbish, they've clearly sat down for a long time and thought "how can we wipe out all that valuable previous experience and charge them a fortune for re-training"

If there was more competition they'd go bust

Scott Lowe
Scott Lowe

As you grow the number of servers that need to talk to one another, the host-based firewall configuration tasks start to become a bit more unwieldy. Of course, whether or not the host firewall is used is specific to individual organizations. I've seen some that use them and some that don't. Example: When deploying System Center, I generally recommend that admins deploy all of the System Center servers behind a single firewall and to not run a firewall on each of the servers. There are simply too many ports to keep track of for smaller shops and that front end firewall is often a "good enough" solution. Scott

John5doe
John5doe

@Scott Lowe  If you ever run across tips to speed up the silly start screen search, I'm all ears. I have server 2012 r2 running on very good hardware, and the search is still pretty slow.