2008 Server Core Setup and RODC


2008 Server Core Initial Setup notes: Credit "Avi Samocha's Blog"

Set password for local admin –
Choose 'Other User' at the logon screen> type 'Administrator' with no password and press Enter > Follow the instruction to create a new password.



Run Sysprep (For deployment) –
Navigate to 'C:\windows\system32\sysprep' and run - sysprep /OOBE /Generalize /shutdown.


Disable/Enable Screen Saver and Screen Saver Lock –
Regedit: Navigate to HKEY_CURRENT_USER\Control Panel\Desktop and modify the 'ScreenSaverActive' & 'ScreenSaverIsSecure' Keys (0 to Disable, 1 to Enable).



Rename the Server –
netdom renamecomputer <ComputerName> /NewName:<NewComputerName>



Setup IP Configuration –
View Interfaces: netsh interface ipv4 show interfaces
Set IP for Interface: Netsh interface ipv4 set address "InterfaceName" static 192.168.0.2 255.255.255.0 192.168.0.1
Set DNS Server Addresses: netsh interface ipv4 add dnsserver name="InterfaceID" address="DNSIPAddress"
Run again for additional DNS Servers.



Join the computer to Domain –
netdom join "ComputerName" /domain:"DomainName" /userd:"UserName" /passwordd:"password"

Note:If you have trouble reaching the domain try checking your firewall settings or disabling it all together temporarily as listed below



EnableWindows Update –
Cscript c:\windows\system32\scregedit.wsf /au 4
Net stop wuauserv
Net start wuauserv
This will set the default configuration for Windows Update – 3AM update check. If you want to force update check run: Wuauclt /detectnow



Enable Remote Management on Firewall –
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

Disabling and Enabling Windows Firewall-
To disable the windows firewall –
netsh firewall set opmode disable
To enable the windows firewall –
netsh firewall set opmode enable



Enable Windows Remote Management (WinRM) –
winrm qc



Enable Remote Desktop –
cscript C:\Windows\System32\ Scregedit.wsf /ar 0
If Firewall Enabled –
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes


Installation of a Windows Server 2008 Core RODC:

Install DNS –
start /w ocsetup DNS-Server-Core-Role


Prepare DC Schema for RODC – (Skip if 2008 Only Server Environment)
On the Schema Master navigate to the following folder on Windows Server 2008 Media and run the following command:
X:\sources\adprep>adprep /rodcprep


Run Dcpromo with an unattended file for RODC Installation –
(dcpromo /unattend:<unattendfile>)
Sample of Unattended File for RODC Installation:

[DCInstall]
InstallDNS=Yes
ConfirmGc=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
Password=
RebootOnCompletion=Yes
ReplicaDomainDNSName= DomainDNSName
ReplicaOrNewDomain=ReadOnlyReplica
ReplicationSourceDC=SRV2008DC.DomainDNSName
SafeModeAdminPassword=
SiteName=Default-First-Site-Name
UserDomain=DomainDNSName
UserName=Administrator

You Server Core Initial Setup and RODC are Done!

Comments

Post a Comment

Popular posts from this blog

FRS to DFSR Post Cleanup “File Replication NtFrs Stopped”

Image
After successfully migrating from FRS to DFSR you get the File Replication NtFrs service is Stopped error on the local servers AD DS Services list. In the Event logs you may see Event id 13575 13577. You can confirm your migration completed by opening a cmd prompt as administrator and typing in: dfsrmig /getmigrationstate After your migration to DFSR is completed and you have given your servers ample time to propagate this service is no longer required. Since it is set to “Automatic”, as shown below” it shows in logs as a false positive error. Edit the File Replication Service and change it to “Disabled”, as shown below: Once it is listed as “Disabled” it will no longer show in the Console as an “error” Note : it may take some time to clear from the active view
Read more

Domain Migration SubinACL /Migratetodomain How To:

Caution : DO NOT run this on Domain Controller C:\ and only run on roaming profiles folders, or my docs shares day of migration to avoid ownership change issues. Confirm Domain trust is in place and users and groups have been migrated Test ping of olddomain.org from new domain Test ping of newdomain.org from olddomain Add newdomain.org domain controller host records to olddomain.org including reverse DNS records Confirm the user running the app is a domain admin in BOTH domains Download SubinACL here: http://www.microsoft.com/en-us/download/details.aspx?id=23510 /Migratetodomain- command will add the permissions of the new user to the old files and folders for example if jimbob@olddomain.org was migrated to the new domain jimbob@newdomain.org and you run the command below any file or folder in that path that has jimbob@olddomain.org will add Jimbob@newdomain.org with the exact same permissions. This is a safer way to migrate by keeping the old and new permissions intact while a...
Read more

How to configure HP LaserJet Printer IPsec Encryption

Image
  I always recommend using a static IP for network printers. Once you have that configured use the printers web interface by going to that IP address using internet explorer. Select the” Networking” Tab > “IPsec/Firewall” as shown below: First we will add a rule to allow unencrypted traffic from all connections we will later define IPsec rules specific to the print server. You can set encrypted for all but keep in mind if it fails you will have a harder time remotely repairing it. Select “Add Rules” > “All IP Addresses” as shown below: Select “All Services” >”Next” as shown below: Select “Allow traffic…” >”Next” as shown below: Select “Finish” >”Next” as shown below: Select “OK” as shown below: It should take you back to the ” Networking” Tab > “IPsec/Firewall” as shown below: Note: “Enable IPsec/Firewall” is unchecked Now we will add an Encrypted Rule: Select “Add Rules” > “New” as shown below: Name the Rule, Specify the local and remote IP Addresses ...
Read more