Announcement

Collapse
No announcement yet.

Server setup - Standards settings and tweaks

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server setup - Standards settings and tweaks

    I've setup a few servers (server 2003) and haven't had any problems, but I'm sure there are steps and tweaks that I do not know about. I would like to get a sticky with all the additional settings and tweaks that should go into every server setup. Here are a few of my own.

    Define server forrest
    Server 1 - Office/accounting
    Server 2 - file sharing - non-critical/financial information
    Server 3 - etc



    Setup shares before setting users
    Determine share scheme
    • Domain Admin (IT guy only)
    • Admins (managers)
    • Users (users)
    • Guest (Only if you must)
    • Etc


    Create login.bat script for users based upon account types and shares for mapping
    (User.bat Admin.bat poweruser.bat)
    Create user groups (other then the predefined groups)
    Set share access according to groups (not users)

    Set policies
    • Password complexity
    • Password life
    • Login message
    • USB off on server
    • Windows Update policies
    • add more here...


    Deployment
    • Office
    • AntiVirus


    Create users - Create the first in a group and test;
    • Login access
    • Login script
    • Share access
    Duplicate user and simply change the name & password
    ..Repeat for other groups.

    Ensure domain is visible.

    Edit 1-
    Scheduled Tasks
    • Defrag
    • Weekly cleaning (clean manager or 2nd party)


    Desktop Shortcuts
    • Computer Management (For open sessions and viewing errors and events)
    • Active directory


    Additional Programs;
    • Remote login (Logmein/teamviewer etc)


    Backup configuration;
    • Onsite backup Daily (Backup drive with folders Monday - Sunday with daily backup)
    • Monthly snapshot (to DVD or removable drive)
    • Annual snapshot (to DVDs or removable drive stored offsite or firesafe)
    • Offsite backup solution?


    There are a LOT of gaps here. Long time users feel free to edit/add information. I just want to get the ball rolling. If there are other threads or articles already in place, please note them.
    Last edited by crobertson; 7th April 2011, 21:00. Reason: Update to list
    I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
    Chris Robertson
    The Computer Doctor

  • #2
    Re: Server setup - Standards settings and tweaks

    Originally posted by crobertson View Post
    Do NOT use server for DHCP server. Use firewall/router (you can take server offline without disrupting DHCP)
    .
    yea - i have to disagree with this one. Here's why:

    DHCP process works on a lease period (8 days by default, IIRC)
    computers will, when they start up, try and renew the lease. Normally, if they can't renew, and it's within the life time, it should keep the lease.

    So, unless you're planning on needing the srver offline for a long period of time, then the DHCP being on the server won't matter.. DHCP is a fairly simplistic protocol in that sense.


    Anyway.. if your server is down, why do you need DHCP ? :P
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Server setup - Standards settings and tweaks

      This is true. It shouldn't be in there, but be application driven. There are some computers on some networks that aren't connected to the server or the domain. It's a small thing and just a matter of choice. Good point though.
      I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
      Chris Robertson
      The Computer Doctor

      Comment


      • #4
        Re: Server setup - Standards settings and tweaks

        If you're using Active Directory, then you need your clients to use your servers for DNS. Many routers won't allow you to specify what clients should use for DNS. Plus Microsoft DHCP allows you to specify a whole host of additional optoins which you don't get with a router. So I would go with tehcamel in suggesting there is no scenario where you would install a server but leave DHCP on the router.

        As for giving a list of tweaks that should be done for every server setup... surely that's impossible. The setup each time should be driven by the unique requirements of the company it's being installed for, which is why systems must be planned before they are implemented.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Server setup - Standards settings and tweaks

          Originally posted by gforceindustries View Post
          If you're using Active Directory, then you need your clients to use your servers for DNS. Many routers won't allow you to specify what clients should use for DNS. Plus Microsoft DHCP allows you to specify a whole host of additional optoins which you don't get with a router. So I would go with tehcamel in suggesting there is no scenario where you would install a server but leave DHCP on the router.

          Actually - I never really said there was NO scenario. I can think of some :P

          for instance.. quite a few of our clients are being moved to cloud-based scenarios. There's a firewall at the local site (say cisco router) and a server out on cloud infrastructure somewhre. a Site-to-site vpn runs between the two locations...
          so DHCP HAS to be local to the site, and thus on the router..


          but in general, yes I think there are many more options available with MS DHCP.

          I also agree with your sentiment of making sure the clients are configured to refer to the internal "primary/master" name server as first NS record.
          (I use primary/master as a relative concept, not an absolute)


          some other tweaks I would do include setting scheduled tasks to defrag disks, maybe some monitoring on specific services.

          I'd also make sure my OUs were set up properly, and user/computer objects went into the correct OU.

          I'd create a separate "TehCamel_A" administrator account for myself, to separate my privileges. I'd also ensure that local admin access is not granted on local computers (except mine, naturally)

          I'd try and make sure that all services run on as minimal privileges as possible. (No, mr website developer, having a Dotnet application that requires the domain adminstrator password hard coded into a we.config file is NOT a good idea, and it's not necessary, it's just LAZY.)


          I'd setup WSUS, and deploy relevant policies.

          I'd setup AV, and ensure it's published via policies
          same with Office.
          I'd also consider some sort of remote tool (like say teamviewer) that would run on startup on every desktop computer, to help with resolving issues from my desk, rather than having to get up and walk over there.

          maybe policies to implement archiving of outlook.

          A backup regime


          as per your signature, if you need further explanation on any of these, please let me know!
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Server setup - Standards settings and tweaks

            And my 2 cents worth. With a Server DHCP you can use Reservations (printer, switches, NAS devices etc) but you can't do that with the Router supplying IPs. Also try getting SBS to run like that.

            I don't think this can be made a Sticky simply due to the sheer number of different network/Domain configuration methods. It would have to specify te network config. eg. Single Server, AD or Workgroup, Roles on Server, Apps on Server etc etc. It becomes VERY complex. I tried doing in practise what you have suggested in theory in the schools I worked in. It DIDN'T work because each site was different. Some need to run SQL, anothers required ISA, a different one wanted Exchange and yet another wanted only SharePoint. Different printers and deployment methods and Server O/Ses made the setup differnet everywhere. I was hoping for a standard "template" that could be used everywhere. Then you get moved to a new location and some tosser has set it up different or even worse, all wrong.

            I think all you can do is read the threads, see what others have done and tweak to suit your client's requirements. The IMPORTANT part is for you to document what has been done, even include notes as to why it was done that particular way.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: Server setup - Standards settings and tweaks

              Originally posted by biggles77 View Post
              And my 2 cents worth. With a Server DHCP you can use Reservations (printer, switches, NAS devices etc) but you can't do that with the Router supplying IPs. Also try getting SBS to run like that.
              I infact use a netgear router/firewall to handle the DHCP. It has a static IP table assignment, I have a table of equipment | Port (wall port) number and physical location | punchdown # | IP address.
              From there I make the rules of what has access to them and so fourth. My server does my DNS work though and the ISP's server. I haven't had a problem YET.

              Originally posted by biggles77 View Post
              I don't think this can be made a Sticky simply due to the sheer number of different network/Domain configuration methods.
              I understand what you are saying, but some of the generalities that you noted are exactly what I/we are looking for. I know many people that manage servers and don't have any of those things in place.


              Originally posted by biggles77 View Post
              I think all you can do is read the threads, see what others have done and tweak to suit your client's requirements. The IMPORTANT part is for you to document what has been done, even include notes as to why it was done that particular way.
              I have been reading though and what little I know I have learned but usually though having problems from a server NOT being set up correctly. If I personally learned under someone knowledgeable as yourself, I would have been better off, but have not had the luxury.
              I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
              Chris Robertson
              The Computer Doctor

              Comment


              • #8
                Re: Server setup - Standards settings and tweaks

                Originally posted by tehcamel View Post
                as per your signature, if you need further explanation on any of these, please let me know!
                I looked up some in my handy dandy network reference list (with no luck) and for "OU" I'm going with Office User ,
                WSUS - Window Server Update service

                I'm adding the others to the checklist!
                I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
                Chris Robertson
                The Computer Doctor

                Comment


                • #9
                  Re: Server setup - Standards settings and tweaks

                  OU = Organisational Unit. It is an AD Container that contains Objects like the Group, Office Users. (I have added an 's' to your original Office User because that would be a very limiting Object)
                  1 1 was a racehorse.
                  2 2 was 1 2.
                  1 1 1 1 race 1 day,
                  2 2 1 1 2

                  Comment


                  • #10
                    Re: Server setup - Standards settings and tweaks

                    to follow up on what biggles said:

                    take a look at your Active Directory tree and you'll see all those "folders" - these are the organisational units, and you can nest them inside each other. With SBS in particular, you will have the "MyBusiness" OU then below that, you have "Users" and below that "SBSUsers"
                    for instance


                    ps biggles - I have an article on how to configure a static reservation using the CLI on a fortigate router.. so it's possible
                    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                    Comment

                    Working...
                    X