Checklist for Configuring a Windows 2019 Server

This is my old check list updated for Windows 2019 server. It helps make sure I don’t miss anything when setting up the server.

1. Verify you have Internet access and DNS name resolution.
   • Ping an external server to verify connectivity. If you are not sure, you can ping Google’s DNS server: 8.8.8.8
   • Visit a website to verify name resolution. (Note: If you have not yet turned off IE Enhanced Security Configuration for administrators, you can verify with one of the websites on the default approved list, such as http://www.microsoft.com or http://technet.microsoft.com)
   • Alternatively, you could use nslookup, tracert, or any other tool that will utilize DNS to resolve a domain name to an IP address
     
2. Change the time zone in Date and Time Settings.
   
3. Verify the time is correct (If this is going to be a PDC, you will need to point the NTP client to a NTP server.)
   • Run cmd as an administrator and run gpedit.msc to edit local policy. (NOTE: You can perform these same steps using group policy once AD is up and running. You will need to assign a filter to the GPO to ensure this policy only applies to the PDCE FSMO role AD server.)
   • Computer Configuration / Administrative Templates / System / Windows Time Service / Time Providers / Configure Windows NTP Client
   • Enabled
   • Change time.windows.com to the name or ip address of your NTP server. Leave the ,0x9 at the end. (NOTE: If you chose to use external NTP servers, ensure you have UDP port 123 open in your firewall from this server to the external NTP servers.)
   • Change type to NTP
   • Change SpecialPollInterval to 3600.
   • Reboot
   • Check NTP Status
     1. w32tm /query /configuration
     2. w32tm /query /status
     3. time /T
        
4. Enable remote desktop
   
5. Turn off Windows Firewall
   
6. Give server a descriptive name following the standard naming convention
   
7. Turn off IE Enhanced Security Configuration for Administrators
   
8. Windows Update
   • Turn on give me updates for other Microsoft products when I update windows
   • Manually check for updates and patch, patch, patch! Reboot after patching and keep checking for more patches until there are none.
     
9. Download and install BgInfo from technet Sysinternals
   • You may need to enable downloads from the Internet zone in Internet Explorer: Internet Option, Security, Internet, Custom level…
     Scroll down to Downloads / File download
     Select Enable
   • Direct download: http://live.sysinternals.com/Bginfo64.exe
   • In addition, you should use company wallpaper.
     
10. Change folder viewing preferences
    
11. Update PowerShell
    • Set shortcut to run as administrator
    • Update-Help
    • Set-ExecutionPolicy RemoteSigned (Need to run once for both 32 bit and 64 bit)
      
12. Join the domain
    
13. For app servers, add appropriate domain app group to the local administrator’s group
    
14. Install Remote Server Administration Tools
    • Server Manager / Manage / Add Roles and Features
    • Role-based or feature-based installation
    • Select your server, next on server roles, and go to features
    • Scroll down to Remote Server Administration Tools
    • From here, you can select what you need based on the server.  I usually add Active Directory module for Windows PowerShell, Active Directory Administrative Center, AD DS Snap-Ins and Command-Line Tools, DHCP Server Tools, and DNS Server Tools.  If this is a Hyper-V host machine, I also add Hyper-V GUI management Tools and Hyper-V Module for Windows PowerShell.
      
15. Pin common tools to the Taskbar such as Services, PowerShell, CMD Prompt, Active Directory Users and Computers and SQL Management Studio.
    
16. If the server is on a Hyper-V system, move the Taskbar to the top of the screen to keep it separate from your remote session computer’s Taskbar.