The Windows installation got simplified with the time as you will see.
Let’s review the minimum spec together. Be aware in my document I will act as it’s a new fresh install, not a upgrade.
You will need that to install a 2012R2’s server at a minimum :
|Processor : 1.4Ghz 64 bit||Memory : 512 MB||Hard disk : 32G|
|A Network Interface Card (10/100/1000)|
We will simply start with the install’s media and we start the server..
We see the new loading image..not bad.
We choose the language wanted with the good keyboard layout and currency and we hit Next.
We click Install now !
We enter the product key. There I wrote the official product key for the evaluation and we click Next !
|TIP : Always wait when you are sure the server work correctly and your setup is done to activate your Windows Server copy.|
Select the GUI’s install and click Next !
|TIP : Unless you are good with the Powershell and you need a simple server, I strongly suggest the GUI’s version.|
Click I accept the licence terms and click Next !
Click Custom! Like I told earlier I do the standard setup as you would do on a new server.
You click on the drive to format and you click New.
You select the size’s wanted and you click Apply.
You click Ok into that dialog’s box. It prompt you because it will create a reserved partition.
We review the selection, and we click Next.
We now wait for actual setup..
We now restart..
We now enter the administrator password and we click Next !
|TIP : Be sure to remember it ! Even later when we will create an Active Directory Domain it will be the default password.|
Now we can login and we fall back to the default screen..
From there we now start !
In the menu we select the computer and we right click. We select Properties and inside that windows we click Change settings, and after Change…
We select a good computer’s name and we click OK
|Good to know : Renaming an existing Domain Controller is not a easy task, but it’s doable. Please see that link : http://technet.microsoft.com/en-us/library/cc782761(v=ws.10).aspx|
We now handle the Windows Update. If you got a WSUS’s internally you can skip that general tip. In the server I setup I always put the automatic update at off. Why ? Because if you got a bad update that got installed or a DVD forgot into the server and that make the server to not reboot.. So I handle by hand all the update or with the WSUS’s console I do approve only the one I want.
I tend to close the firewall when in the Office. Some technician prefer to leave it on, but in my case I prefer to disable it. Why you might ask me. For the simple reason that the Windows Firewall block certain port, but in my case all the needed port need to be open to allow my user to work. Firewall or not all the ports would be open and the Windows Firewall does not inspect any packet..
I prefer to limit the VLAN’s traffic in the switch / main router if needed and to have a good router to prevent any WAN’s abuse (as the DC is never in a DMZ or facing the Internet).
Some technicians will tell me it would be to prevent virus spanning, but if the file sharing is already activated the SMB’s port is already open, thus it will not block anything..(Unless unsecured LAN can access the DC)
Go set it as static ! Changing a DC’s IP later on is not a simple task ..
|Good to know :Setting a static IPv6 address is a best practice. It’s a common vulnerability used. (Enabling a rogue DHCP server to give a false address to the server via DHCP)|