sop - 2013 server build

MS Windows Server 2008 Build Checklist Created on DATE \@ "M/d/yyyy" 7/22/2015 of 17

Last saved by Robert Jones on 4/18/2023

Paperwork Creation Go to PAPERWORK PAGEHardware or Virtual Machine Prep Go to MACHINE PREP PAGEPrepare Server Environment Go to PREP ENVIRONMENT PAGEInstall Windows Server OS Go to OS INSTALLATION PAGE(Skip for a Virtual Machine)Customize Desktop and Power Go to CUSTOMIZE DESKTOP PAGECORE SERVER CONFIGURATION PROCEDURE - Configure settings as follows:

1. Maximize the Initial Configuration Tasks window. 2. Activate Windows – click the link and run through the wizard to activate the license. If you get an

error activating, verify that the date and time are set correctly.3. Set Time Zone – verify date and time are set correctly4. Configure Networking – Right click and select Disable for any NICs that you are not going to use.

Right click on any NICs that you will be using, and select Properties. Uncheck IPv6 to disable it. To fully disable IPv6 – Import \\Serv1w\public\Win2k8 R2\ipv6_Params_Dis.reg This will add the following registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters]"DisabledComponents"=dword:ffffffffSelect IPv4 and click Properties, and enter network information if necessary. Click OK when finished.Prod: Subnet: 255.0.255.0 Gateway: 100.22.1.1 DNS: 100.22.20.33 & 34 IP: 100.22.20.nnn

5. Add to Domain – Provide Computer Name and Enter appropriate domain information and credentials to

join the domain. REBOOT.

6. Enable Automatic Updating and Feedback – Click Manually Configure Settings. Under Windows Automatic Updating click Change Settings and select Never Check for Updates, and uncheck Allow All Users To Update This Computer. Click OK. Under Windows Error Reporting, Select I Don’t Want To Participate, and click OK. Under Customer Experience, verify that the current setting is “Not Participating” (this is the default). Click Close.

7. Download And Install Updates – Click Check For Updates. Click install updates to install all available Important updates. Reboot as needed.

8. Add Roles – Add roles as necessary. File Services role is necessary if any shares will be created.9. Add Features – Add SNMP Services10. Enable Remote Desktop – Enable and select Allow Connections From Computers Running Any

Version of Remote Desktop11. Configure Windows Firewall – Click Turn Windows Firewall On Or Off link on the left side of the

window; then select Turn Off Windows Firewall in all three sections of the window that launches.12. Complete Initial Configuration Tasks - Check Do Not Show This Window At Logon at the lower left

of the window, and then REBOOT server.

Prepare Server Environment Go to PREP ENVIRONMENT PAGEInstall Necessary Agents and Add-ons Go to INSTALL AGENTS PAGE COMPLETE BUILD - Ensure Hardware Specific or VMWare Tools Are Installed

MS Windows Server 2008 Build Checklist Page 1



PAPERWORK PAGE

1. Use a Server Commissioning Form to ensure Network and Security can identify the new machine as valid and provided network addressing if necessary.http://guidepost/itdforms/ServerProvisioning.doc

2. Create a SUR to gain approval for adding new server to environment.


http://guidepost/itdforms/ServerProvisioning.doc



MACHINE PREP PAGE

Physical3. Use latest version of HP SmartStart utility (8.7) and boot with the appropriate CD for your architecture

(x86 or x64). Ensure the OS CD or ISO image is available.

4. After accepting the license agreement, the opening screen appears. Click Install. Select the OS that you want to install from the list presented. This will begin the interview/install process.

5. When prompted by SmartStart, select No to the “Install SNMP?” question.

Virtual1. You can Deploy from an existing VM Template or Clone a Base Image like “Prod W2008R2 Std”.

2. Enter the Name of the new server.

3. Under the Name block, select the Prod or Non-Prod DataCenter and click Next

4. Then select the Prod or Non-Prod Cluster and click Next

5. Select the Prod or Non-Prod Resource Pool and click Next

6. Choose VNX SAN LUN with ample available disk space and click NextLet it default to Same Format

and click NextMS Windows Server 2008 Build Checklist Page 3



1. Enter Owner’s Name and Organization and click Next

2. Enter your server name again for NetBIOS name and click Next

3. Enter EA license key (Prod) or Technet key (Non-Prod) and Per Seat and click Next

4. Enter S…123! (… = standard team selected word) for password and click Next

5. Set Time Zone and click Next

6. Click Next on Run Once screen7. Select Custom Settings (Prod) or Typical (Non-Prod) and click Next8. Enter IP information for Prod or use DHCP for Non-Prod and click Next




1. Enter Domain info or let default to Workgroup if wish to add to Domain later and click Next

2. Click Next to generate new SID3. Uncheck “Save this…” and click Next




1. Click Finish on Summary screen and click Finish on next screen




OS INSTALLATION PAGE

1. For Hardware installations, after the SmartStart interview is complete and the boot drive is prepared, you will be prompted to load the OS CD. Once the OS files are copied, the CD will eject and the server will reboot. The OS files will be copied from the temporary partition to the OS partition on the disks, and the OS installation will continue. This will be the most lengthy part of the server building process. When the Windows Setup Wizard starts, you will be prompted to enter the server name, administrator password (use the FHLB default local admin password), and verify the time zone. Note that you will not be able to join the domain at this time, due to the fact that the server setup assumes that DHCP is being used and it has a valid IP address. Click ‘Yes’ when the “Do you want to try and join a domain later?” prompt appears. You will join the domain later in this process. Once the OS is built (which will probably include 2-3 reboots), the server will sit at the CTRL-ALT-DEL prompt.

2. After logging in with the local administrator account, additional drivers will be installed. This will take several minutes and will automatically reboot the server when complete.

3. As the server is rebooting, press F9 to enter the ROM Based Setup Utility. Set the Date and Time. Escape and press F10 to Save & Exit. The server will reboot.

4. After the reboot, you will log into the server with the local administrator account.




CUSTOMIZE DESKTOP PAGE

1. RDC to new Server or use VCenter to Power-on and view via Console2. Log into server with Administrator using password you created3. After logging in with administrator account, additional drivers will be installed. This will take several

minutes and server may reboot a few times – be patient.4. When server is back up and waiting, log in.5. Minimize the Initial Configuration Tasks window6. Right-click on Desktop and select View – Small icons

7. Right-click on Computer from Start Menu and select Show on Desktop

8. Drag Network icon to Desktop to create shortcut




9. Right-click on Taskbar and select Properties

10. Select checkbox for Use small icons and in Taskbar Buttons block, select “Never combine”

11. Click Customize and select checkbox at bottom of next page to “Always show all…” and click OK




12. Select Start Menu tab and set Documents, “Don’t display this…” button

13. Go to Control Panel and create a Power Plan called “Always On For Real” & verify centered on High Performance




PREP ENVIRONMENT PAGE

1. Server Manager window launches automatically. Configure settings as follows:a. Click Configure IE ESC link on the right under the Security Information section. Select the Off

radio button for Administrators, leave On selected for Users. Click OK.b. Expand the Storage item on the left side of the window, and select Disk Management. On the

right side you will see the current volume that is created on the top section, and the CD drive (if present) and any available partitions on the bottom section.

c. If a CD drive is present, right click on the drive and select ‘Change Drive Letter and Path’. Change the letter of the CD drive to Z:.

d. Now create a data drive if needed. If a Virtual Server, add disk using available VNX LUN space. Go into Disk Management and create new volume by Right Clicking on the unallocated partition, and selecting ‘Create new partition’ and select the ‘Extended Partition’ option. Enter the size you want to create (usually all available). Then Right Click again and say ‘Create new logical drive’ and select the ‘Logical Drive’ option. Enter the size you want (usually all available). Right Click once more and select ‘Format’, ensure NTFS is selected, enter any label name you wish, and click OK. Repeat process with any additional partitions.

e. In the Computer Information section, check the Do Not Show Me This Console At Logon option. Close the Server Manager window.

2. Unless there are specific requirements to do otherwise, restrict access to any data drives by performing the following steps. NOTE: Do NOT perform these steps on the OS drive. Right click on the drive you are changing, and select Properties from the menu. Click on the Security tab. The only entries should be SYSTEM – Full Control and the local Administrators Group – Full Control. Remove all other entries. Perform these steps on all extra data drives on the server.

3. Go to Control Panel User Accounts, and click Change User Account Control Settings. Select Never Notify and click OK. REBOOT server for change to take effect.

4. Go to a Command Prompt

5. Enter \\serv1w\public\serversetup2008.cmd <servername>

This script will launch the installer for Legato and CSP, modify the local hosts file (required for Legato), modify the system path to add the utility directories to it, create the C:\TEMP directory. It will also populate the HP Notify application with the appropriate values, as well as create the standard icons in the QuickLaunch toolbar, and set the proper SNMP string settings for Insight Manager functionality.

(See Actual Script Output on Next Page)(See Pages Following for Responses to Legato and CSP Prompts)




Legato Install Click Next, Next, Next, Next, Install

Type FULLBAK1 in “Enter a server name:” block

Click Add

Click Next, then Finish, and OK

CSP Install

Click Next Click Accept button and Next (to accept agreement), Click Next




DESELECT “Enable Intrusion Prevention” – keep all other defaults Click Next

Enter REDCSEC3W as the Primary Management Server On the same screen at the bottom, browse to the agent-cert.ssl certificate in the

\\Serv1w\public\CSP Installation for Windows 2008\ directory, and click Open. Click Next, Next, Next, Install




INSTALL AGENTS PAGE

At this point you are ready to install the default applications that run on all servers in the Bank’s environment. These are CSP security monitoring, Symantec EndPoint Protection, Altiris machine management, and Event Sentry alert communication tools. The Symantec EndPoint Protection software is installed in a ‘push’ fashion by the Symantec Endpoint Protection Manager console on the ServSep1w server.

13. Symantec Endpoint Protection Installation - RDC to ServSep1w

Launch SEP Manager Console Login with Admin or equivalent account

On the toolbar on the left click on “Clients” Click Find Unmanaged Computers on lower left of screen Click the Computer Name radio button Enter the Server Name in the field Enter a user name and pwd (use any account that has admin rights) Click Search Now

In the unmanaged computer windows click to select the computer At the bottom under Installation select the following:

o Client Installation Package – Select the latest version and correct OS version.o Installation Settings: Select Install Setting – COMPANYo Features – Select Only AntiVirus and AntiSpywareo Preferred mode should be computer mode.o Click change to modify the Install To Group. The Group should be “Server”




Click Start Installation NOTE: The deployment status in the unmanaged computers window should show successful. In about 5-10 minutes the server will show up in the server group under the

clients tab. Verify that the Symantec Services show up. If it does not then go to the TEMP directory and find CLT-INST directory. Run LUSETUP.exe then run Symantec Antivirus.msi after the install completes verify the deployment status.

14. Altiris Agent install – Use Web Browser Go to http://ServAlt1w/Altiris/Console.aspx Click on Actions/Agents Push Tab Enter the name of the computer, and click ADD Highlight the machine name, and click Install Altiris Agent Use an account with ADMIN access to the server and click Proceed With Install Refresh screen until the install completes successfully

15. EventSentry Agent Install - RDC to ServTer1w Login to ServTER1w as an Admin user and launch the EventSentry Management icon Select the FHLB group that server will be added to. Right click and select Add Computer/IP Address. Type your server name and then click Enter. Right click on the server you just added and select Install and Configure agent. On the right hand side, right click on the computer name and select GO. This will install the agent on

the server.


http://BlueAlt1w/Altiris/Console.aspx