7. Finalizing the Installation and Customizing the Configuration
After the Windows
Server 2008 R2 Install Windows Wizard collects the information and
installs the Windows operating system, the system will restart. The
administrator must set a password before logging in to complete the
installation process. When logged in, the Initial Configuration Tasks
Wizard is automatically invoked. This wizard presents the following
tasks, as shown in Figure 5, to initially configure the server. The high-level initial configuration tasks include the following:
1. | Provide Computer Information
|
2. | |
3. | |
Traditionally, these
configuration tasks were addressed during the initial installation of
Windows; however, now these elements are configured after the initial
installation of the operating system is complete. By removing these
elements from the installation, the installation process is much faster.
Setting the Administrator Password
The first configuration task to
perform after installing Windows Server 2008 R2 is to set an
administrator password. This must be done before you can log on the
first time. The installation process automatically creates the default
administrator account called, surprisingly enough, Administrator. This
account has local administrative privileges and enables you to manage
all local configuration settings for the server.
As a best practice, you
should rename this account after you complete the installation and
assign a strong password. You must enter it twice: first in the Password
text box and then again in the Confirm Password text box. As in
previous Windows operating systems, the password is case sensitive and
can contain up to 127 characters. In addition, a strong password should
include both upper- and lowercase letters, numbers, and symbols.
You should choose your
password carefully to ensure the security of the system. You can change
both the Administrator account name and password in the Change Password
dialog box.
Activate Windows
Once the administrator
password has been set, initial configuration tasks can be executed,
starting with Activation. As with other Microsoft operating systems,
Windows Server 2008 R2 must be activated. Click Activate Windows, which
is the first initial configuration task. In the Windows Activation
dialog box, enter the product key and click Next to activate the
product. Choose to Automatically Activate Windows if you want to have
Windows activate the next time the server comes online or remove the
checkmark if you want to manually choose to activate Windows later.
Click Next to continue with the installation process.
Setting the Time Zone
Next
on the initial task list is setting the date and time of the server.
Click the Set Time Zone link in the Initial Configuration Tasks Wizard
to invoke the Date and Time dialog box. On the Date and Time tab, set
the time zone where the server will operate by clicking the Change Date
and Time button. In addition, click the Change Time Zone button to
configure the time zone for the server. The next tab, Additional Clocks,
as displayed in Figure 6,
should be utilized if there is a need to display the time in another
time zone. Up to two clocks can be configured on this tab. The final
tab, Internet Time, is where you configure a time server for the server
to synchronize its clock with. Time.windows.com is the default time server; however, other time servers can be selected by clicking the Change Settings button.
Configuring Networking
The third setting in the
Provide Computer Information section of the Initial Configuration Tasks
Wizard is Configure Networking. You need to decide on network settings
for the server so it can connect to other computers, networks, and the
Internet. By default, Windows Server 2008 R2, as with previous versions
of Windows, installs Client for Microsoft Networks, File and Printer
Sharing for Microsoft Networks, and TCP/IPv4. In addition, Windows
Server 2008 R2 installs QoS Packet Scheduler, Internet Protocol version 6
(TCP/IPv6), Link-Layer Topology Discovery Mapper I/O Driver, and
Link-Layer Topology Discovery Responder.
Don’t be alarmed. The
default client, service, and protocols that are installed by default
will meet most companies’ needs and require little manual configuration.
You will, however, likely want to change the TCP/IPv4 settings and
assign a static address for the server.
Note
Windows
Server 2008 R2 utilizes IPv6 as the default protocol. If you do not
have plans to utilize IPv6, you might want to disable this protocol to
facilitate future server role installation. Many server roles, such as
Domain Controller, DNS Server, and DHCP Server, require static IP
addresses. You will either need to disable IPv6 or assign the server a
static IPv6 address to install these roles. You can disable IPv6 by
clearing the check box for Internet Protocol Version 6 (TCP/IPv6) and
clicking OK.
Providing the Computer Name and Domain
Use the Provide Computer Name
and Domain link to change the name of your computer and to add your
computer to a domain or workgroup. If you are joining an existing
domain, you will need the logon name and password for an account with
appropriate domain permissions. Alternatively, you can have the
administrator of the domain add your computer name into the domain so
that your server can connect. If you do not know the name of the domain
that the server will be a member of, or if you do not have the
administrative rights to join the server to the domain, you can still
change the computer name and you can always join the server to a domain
at a later time.
Now that we configured the
elements in the Provide Computer Information section of the Initial
Configuration Tasks Wizard, the next step is to focus on the second
configuration section called Update This Server.
Enabling Automatic Updating and Feedback
The Enable Automatic
Updating and Feedback link in the Update This Server section is used to
configure how your system maintains its health and security by
automatically downloading and configuring software updates and the
degree to which you want to participate in Microsoft’s information
gathering efforts.
Although it’s easy to
dismiss these features, the tools do provide you an easy way to patch
your systems and contribute your experience with Microsoft products with
very little or no effort. Anonymous information gathered from users
shapes Microsoft products and technologies, so if you don’t have
corporate policies around sharing technical information outside of your
organization, give some thought to participating. If selected, the
following options can be configured automatically, or you can manually
configure the settings:
Automatic Updates—
Automatic Updates are not configured by default. You can leave this
setting as is or configure the server to check for updates automatically
on a schedule that fits your maintenance procedures. When patching
large enterprise environments, it is a best practice to control software
updates via a patching solution, such as System Center Configuration
Manager 2007 R2 or WSUS 3.0 SP1.
Windows Error Reporting—
Windows Error Reporting, by default, prompts you to send detailed
information to Microsoft when errors occur on your server. You can turn
this function off or configure it to automatically send the error
information to Microsoft. Reports contain information that is most
useful for diagnosing and solving the problem that has occurred.
Customer Experience Improvement Program—
The Customer Experience Improvement Program (CEIP) gathers anonymous
information and periodically sends it to Microsoft. CEIP reports
generally include information about the features and general tasks
performed by a user as well as any problems encountered when using the
Microsoft product.
Downloading and Installing Updates
Even though you might have
selected the option in the previous steps to automatically configure
server updates, it is still possible to download and install updates
manually by selecting the Download and Install Updates link in the
Update This Server section of the Initial Configuration Tasks Wizard.
When selected, the server will connect to the Microsoft Windows Update
site. Before configuring roles or features or making your server
available to users on the network, it is a best practice to install the
latest updates and patches from Microsoft. If your environment uses an
automated tool such as WSUS, tested and approved patches might already
be installed by your update and patching infrastructure if the system
was joined to the domain and is configured to do so.
Note
When selecting the
Download and Install Updates link for the very first time, if updates
are not being installed automatically, you will be prompted with the
option to turn on automatic updates. In addition, it is possible to
select the Find Out More link to obtain updates for other Microsoft
products installed on the server.
The final section on the
Initial Configuration Tasks Wizard is called Customize This Server. The
options are covered in the following sections.
Adding Roles
Using the Add
Roles link on the Initial Configuration Tasks Wizard, you can quickly
install server roles, such as Active Directory Domain Services, Active
Directory Rights Management Services, DNS Server, and much more to your
server. The process also adds dependent services and components as
needed (alerting you along the way). This ensures that as you are
setting up your system, all the necessary components are
installed—alleviating the need to use multiple tools to install, secure,
and manage a given server role—and that the roles are set up securely.
Although it’s critical to understand dependencies for whatever role or
function the server might hold, getting the system set up quickly,
efficiently, and accurately is always paramount, and these setup tools
help accomplish just that.
Adding Features
You can use the Add Features
link to help configure useful tools and system features installed on the
server. Features such as RPC over HTTP Proxy for Exchange, Remote
Assistance, .NET Framework 3.0 Features, Background Intelligent Transfer
Service (BITS), and SMTP Server can be installed and configured. Backup and other management tools can also be installed using this tool.
Enabling Remote Desktop
By enabling Remote Desktop, you
can connect to either a remote console or an RDP session while not
physically at the server. Using Remote Desktop to manage systems greatly
eases administration of servers but does open another door into each
system; therefore, you should consider restricting access via Remote
Desktop to users who have a need to access those systems. The two
options for allowing Remote Desktop access include Allow Connections
From Computers Running Any Version of Remote Desktop (Less Secure) and
Allow Connections From Computers Running Remote Desktop with Network
Level Authentication (More Secure).
Configuring Windows Firewall
By default, Windows Firewall
is turned on when the base OS is first installed. Although the firewall
only protects the server from inbound and outbound access (as opposed to
compromises from within the OS, such as a virus or other malware), this
is typically adequate protection on a newly built machine until the
system is patched and loaded with antivirus software or any other
protective systems. Unless you configure exceptions to the firewall,
users will not be able to access resources or services on the server.
Exceptions to this are services or resources that are made available
using the Initial Configuration Tasks Wizard or other GUI-based tools,
such as Server Manager, that automatically create the exceptions,
enabling you to leave the firewall on while enabling access to specific
functions on the server, if desired. With Windows Server 2008 R2, it is
possible to configure incoming and outgoing firewall rules on each
network connection.
