Windows 2012 R2: How to install and prepare for Active Directory

The Windows installation got simplified with the time as you will see.

 

Let’s review the minimum spec together. Be aware in my document I will act as it’s a new fresh install, not a upgrade.

You will need that to install a 2012R2’s server at a minimum :

Processor : 1.4Ghz 64 bit Memory : 512 MB Hard disk : 32G
A Network Interface Card (10/100/1000)

 

 

We will simply start with the install’s media and we start the server..

image001

 

 

We see the new loading image..not bad.

image002

 

We choose the language wanted with the good keyboard layout and currency and we hit Next.

image003

 

We click Install now !

image004

 

We enter the product key. There I wrote the official product key for the evaluation and we click Next !

image005

 

image006 TIP : Always wait when you are sure the server work correctly and your setup is done to activate your Windows Server copy.

 

Select the GUI’s install and click Next !

image007

image006 TIP : Unless you are good with the Powershell and you need a simple server, I strongly suggest the GUI’s version.

 

Click I accept the licence terms and click Next !

image008

 

Click Custom! Like I told earlier I do the standard setup as you would do on a new server.

image009

 

You click on the drive to format and you click New.

image010

 

You select the size’s wanted and you click Apply.

image011

 

 

You click Ok into that dialog’s box. It prompt you because it will create a reserved partition.

image012

 

We review the selection, and we click Next.

image013

 

 

We now wait for actual setup..

image014

 

 

We now restart..

image015

 

 

We now enter the administrator password and we click Next !

image016

 

image006 TIP : Be sure to remember it ! Even later when we will create an Active Directory Domain it will be the default password.

 

Now we can login and we fall back to the default screen..

image017

 

 

From there we now start !

 

 

 

Post Installation Task

Renaming the Server

In the menu we select the computer and we right click. We select Properties and inside that windows we click Change settings, and after Change

image019

We select a good computer’s name and we click OK

image020

image006 Good to know : Renaming an existing Domain Controller is not a easy task, but it’s doable. Please see that link : http://technet.microsoft.com/en-us/library/cc782761(v=ws.10).aspx

 

Windows Update

We now handle the Windows Update. If you got a WSUS’s internally you can skip that general tip. In the server I setup I always put the automatic update at off. Why ? Because if you got a bad update that got installed or a DVD forgot into the server and that make the server to not reboot.. So I handle by hand all the update or with the WSUS’s console I do approve only the one I want.

 

image021

 

 

image022

 

Windows Firewall

I tend to close the firewall when in the Office. Some technician prefer to leave it on, but in my case I prefer to disable it. Why you might ask me. For the simple reason that the Windows Firewall block certain port, but in my case all the needed port need to be open to allow my user to work. Firewall or not all the ports would be open and the Windows Firewall does not inspect any packet..

I prefer to limit the VLAN’s traffic in the switch / main router if needed and to have a good router to prevent any WAN’s abuse (as the DC is never in a DMZ or facing the Internet).

Some technicians will tell me it would be to prevent virus spanning, but if the file sharing is already activated the SMB’s port is already open, thus it will not block anything..(Unless unsecured LAN can access the DC)

image023

 

IP’s configuration

Go set it as static ! Changing a DC’s IP later on is not a simple task ..

 

image024

image006 Good to know :Setting a static IPv6 address is a best practice. It’s a common vulnerability used.  (Enabling a rogue DHCP server to give a false address to the server via DHCP)
Advertisements
This entry was posted in microsoft and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s