Windows Server Configuration

1. Initial Server Setup

1.1 Windows Server Installation

Proper installation is the foundation of a secure and stable server environment.

Installation Requirements:

• Hardware Requirements: Minimum 2GB RAM, 32GB storage
• Network Configuration: Static IP address assignment
• Security Updates: Install latest security patches
• Driver Installation: Install all necessary drivers
• Windows Updates: Configure automatic updates

1.2 Initial Configuration

Essential post-installation configuration steps:

Basic Configuration Steps:

1. Set Computer Name: Configure server hostname
2. Configure Network: Set static IP and DNS settings
3. Join Domain: Add server to Active Directory domain
4. Enable Remote Desktop: Configure RDP access
5. Configure Firewall: Set up Windows Firewall rules

PowerShell Configuration Commands:

# Set computer name
Rename-Computer -NewName "SERVER01" -Restart

# Configure network adapter
New-NetIPAddress -IPAddress "192.168.1.10" -PrefixLength 24 -DefaultGateway "192.168.1.1" -InterfaceIndex 1

# Set DNS servers
Set-DnsClientServerAddress -InterfaceIndex 1 -ServerAddresses "192.168.1.1", "8.8.8.8"

# Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

2. Active Directory Configuration

2.1 Domain Controller Setup

Configure Active Directory Domain Services for centralized user and resource management.

Domain Controller Installation:

• Install AD DS Role: Add Active Directory Domain Services
• Promote to Domain Controller: Configure domain controller
• Configure DNS: Set up DNS for the domain
• Create Forest/Domain: Establish domain structure
• Configure Sites and Services: Set up replication

PowerShell Domain Controller Setup:

# Install AD DS role
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

# Install AD DS and DNS
Install-ADDSForest -DomainName "company.local" -DomainNetbiosName "COMPANY" -InstallDns -CreateDnsDelegation

# Verify domain controller status
Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, Site

2.2 User and Group Management

Create and manage user accounts and security groups.

User Account Creation:

# Create user account
New-ADUser -Name "John Doe" -SamAccountName "jdoe" -UserPrincipalName "jdoe@company.local" -AccountPassword (ConvertTo-SecureString "Password123!" -AsPlainText -Force) -Enabled $true

# Create security group
New-ADGroup -Name "IT Administrators" -GroupScope Global -GroupCategory Security

# Add user to group
Add-ADGroupMember -Identity "IT Administrators" -Members "jdoe"

3. DNS Configuration

3.1 DNS Server Setup

Configure DNS server for name resolution and domain services.

DNS Configuration Steps:

• Install DNS Role: Add DNS Server role
• Configure Forward Lookup Zones: Set up domain zones
• Configure Reverse Lookup Zones: Set up reverse DNS
• Configure Forwarders: Set up external DNS forwarders
• Test DNS Resolution: Verify DNS functionality

DNS PowerShell Commands:

# Install DNS role
Install-WindowsFeature -Name DNS -IncludeManagementTools

# Create forward lookup zone
Add-DnsServerPrimaryZone -Name "company.local" -ZoneFile "company.local.dns"

# Create reverse lookup zone
Add-DnsServerPrimaryZone -NetworkID "192.168.1.0/24" -ZoneFile "1.168.192.in-addr.arpa.dns"

# Configure DNS forwarders
Set-DnsServerForwarder -IPAddress "8.8.8.8", "8.8.4.4"

# Test DNS resolution
Resolve-DnsName -Name "www.google.com" -Server "192.168.1.10"

4. DHCP Configuration

4.1 DHCP Server Setup

Configure DHCP server for automatic IP address assignment.

DHCP Configuration Steps:

• Install DHCP Role: Add DHCP Server role
• Authorize DHCP Server: Authorize in Active Directory
• Create DHCP Scope: Define IP address range
• Configure DHCP Options: Set DNS, gateway, and other options
• Configure Reservations: Set static IP reservations

DHCP PowerShell Commands:

# Install DHCP role
Install-WindowsFeature -Name DHCP -IncludeManagementTools

# Authorize DHCP server
Add-DhcpServerInDC -DnsName "server01.company.local" -IPAddress "192.168.1.10"

# Create DHCP scope
Add-DhcpServerv4Scope -Name "Main Network" -StartRange "192.168.1.100" -EndRange "192.168.1.200" -SubnetMask "255.255.255.0"

# Configure DHCP options
Set-DhcpServerv4OptionValue -OptionId 3 -Value "192.168.1.1" -ScopeId "192.168.1.0"
Set-DhcpServerv4OptionValue -OptionId 6 -Value "192.168.1.10" -ScopeId "192.168.1.0"

5. File Services Configuration

5.1 File Server Setup

Configure file services for centralized file storage and sharing.

File Services Configuration:

• Install File Services Role: Add File and Storage Services
• Create Shared Folders: Set up network shares
• Configure Permissions: Set NTFS and share permissions
• Enable Shadow Copies: Configure VSS for backups
• Configure Quotas: Set disk space quotas

File Services PowerShell Commands:

# Install File Services role
Install-WindowsFeature -Name FS-FileServer -IncludeManagementTools

# Create shared folder
New-Item -Path "C:\Shares\Data" -ItemType Directory
New-SmbShare -Name "Data" -Path "C:\Shares\Data" -FullAccess "Everyone"

# Configure NTFS permissions
icacls "C:\Shares\Data" /grant "Domain Users:(OI)(CI)F" /T

# Enable shadow copies
Enable-VssProvider -Provider "Microsoft Software Shadow Copy provider"

6. Security Configuration

6.1 Group Policy Configuration

Implement security policies through Group Policy Objects (GPOs).

Security GPO Settings:

• Password Policy: Configure password complexity and history
• Account Lockout Policy: Set account lockout thresholds
• User Rights Assignment: Configure user privileges
• Security Options: Set advanced security settings
• Firewall Rules: Configure Windows Firewall

Group Policy PowerShell Commands:

# Create new GPO
New-GPO -Name "Security Baseline" -Comment "Security configuration for all computers"

# Link GPO to OU
New-GPLink -Name "Security Baseline" -Target "OU=Computers,DC=company,DC=local"

# Set password policy
Set-GPRegistryValue -Name "Security Baseline" -Key "HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -ValueName "RequireStrongKey" -Value 1 -Type DWord

6.2 Windows Firewall Configuration

Configure Windows Firewall for network security.

Firewall Configuration:

# Enable Windows Firewall
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

# Create custom firewall rule
New-NetFirewallRule -DisplayName "Allow RDP" -Direction Inbound -Protocol TCP -LocalPort 3389 -Action Allow

# Block specific IP range
New-NetFirewallRule -DisplayName "Block Malicious IPs" -Direction Inbound -RemoteAddress "192.168.100.0/24" -Action Block

7. Performance Monitoring and Optimization

7.1 Performance Monitoring

Monitor server performance and identify bottlenecks.

Performance Monitoring Tools:

• Performance Monitor: Built-in Windows performance monitoring
• Resource Monitor: Real-time resource usage monitoring
• Task Manager: Process and service monitoring
• Event Viewer: System and application event logs
• PowerShell Monitoring: Custom monitoring scripts

Performance Monitoring Commands:

# Get system performance information
Get-Counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 1 -MaxSamples 10

# Get memory usage
Get-Counter -Counter "\Memory\Available MBytes" -SampleInterval 1 -MaxSamples 5

# Get disk performance
Get-Counter -Counter "\PhysicalDisk(_Total)\% Disk Time" -SampleInterval 1 -MaxSamples 5

# Get network statistics
Get-NetAdapterStatistics | Select-Object Name, BytesReceived, BytesSent

7.2 Server Optimization

Optimize server performance for better efficiency.

Optimization Techniques:

• Disable Unnecessary Services: Turn off unused Windows services
• Optimize Virtual Memory: Configure page file settings
• Configure Power Settings: Set high performance power plan
• Update Drivers: Keep all drivers current
• Regular Maintenance: Schedule regular maintenance tasks

8. Backup and Recovery

8.1 Windows Server Backup

Configure backup solutions for data protection.

Backup Configuration:

• Install Backup Feature: Add Windows Server Backup
• Configure Backup Schedule: Set up automated backups
• Select Backup Items: Choose files and volumes to backup
• Configure Backup Destination: Set backup storage location
• Test Backup and Restore: Verify backup integrity

Backup PowerShell Commands:

# Install Windows Server Backup
Install-WindowsFeature -Name Windows-Server-Backup -IncludeManagementTools

# Create backup policy
$policy = New-WBPolicy
$filespec = New-WBFileSpec -FileSpec "C:\Shares"
Add-WBFileSpec -Policy $policy -FileSpec $filespec
$backupLocation = New-WBBackupTarget -NetworkPath "\\backup-server\backups"
Add-WBBackupTarget -Policy $policy -Target $backupLocation
Set-WBSchedule -Policy $policy -Schedule "01:00"

9. Troubleshooting Common Issues

9.1 Common Server Issues

Resolve common Windows Server problems.

Issue Resolution Steps:

• Check Event Logs: Review system and application logs
• Verify Services: Ensure required services are running
• Check Disk Space: Verify adequate free space
• Test Network Connectivity: Verify network configuration
• Review Performance: Check for resource bottlenecks

9.2 Diagnostic Commands

# Check system health
Get-EventLog -LogName System -EntryType Error -Newest 10

# Verify services status
Get-Service | Where-Object {$_.Status -ne "Running"}

# Check disk space
Get-WmiObject -Class Win32_LogicalDisk | Select-Object DeviceID, Size, FreeSpace

# Test network connectivity
Test-NetConnection -ComputerName "8.8.8.8" -Port 53