From 4210bc041dfaab8b03ccd7dbdb7469403c77bc6c Mon Sep 17 00:00:00 2001 From: Remco Date: Sun, 21 Sep 2025 13:33:16 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=86=99=20Add=20more=20=F0=9F=86=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Windows server start settings no hotel.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 extra tuts/Best Windows server start settings no hotel.md diff --git a/extra tuts/Best Windows server start settings no hotel.md b/extra tuts/Best Windows server start settings no hotel.md new file mode 100644 index 0000000000..d52f195267 --- /dev/null +++ b/extra tuts/Best Windows server start settings no hotel.md @@ -0,0 +1,45 @@ +## Initial Configuration for Windows Server + +After a clean installation, it's crucial to set up the server correctly. This involves several key steps to ensure it is secure, stable, and ready for its intended role. + +### 1. **Install All Windows Updates** 💾 +The first thing you should do is ensure the server is up to date with the latest security patches and bug fixes. +* Open **Server Manager**. +* Go to **Local Server**. +* Click on **Windows Update** to check for and install all available updates. + +### 2. **Configure the Network** 🌐 +Proper network configuration is vital for connectivity and security. +* In **Server Manager**, go to **Local Server** and click on the **Ethernet** link. +* Set a **static IP address**, subnet mask, default gateway, and DNS servers. Do not rely on DHCP for a server. +* Give the server a descriptive name, like `WEB-SERVER-01`. You can do this in **Server Manager** under **Local Server > Computer Name**. + +### 3. **Set a Strong Administrator Password** 🔑 +A strong password for the built-in Administrator account is the foundation of your server's security. +* Create a password that is complex and unique. Avoid using common words or personal information. + +### 4. **Disable Internet Explorer Enhanced Security** 🛡️ +For administrative tasks and web-based management tools, you'll need to disable this feature. +* In **Server Manager**, go to **Local Server**. +* Click on **IE Enhanced Security Configuration** and turn it **Off** for Administrators. + +### 5. **Enable Remote Desktop (RDP)** 💻 +Remote Desktop is essential for managing the server from another computer. +* In **Server Manager**, go to **Local Server**. +* Click on **Remote Desktop** and allow connections. It's best practice to allow connections only from a specific set of users for security. + +### 6. **Configure the Firewall** 🔥 +The firewall is your server's primary defense. +* Open **Windows Defender Firewall with Advanced Security**. +* Create specific **inbound rules** for the services your server will host (e.g., HTTP/HTTPS for a web server, RDP for remote management). +* By default, all other ports should be blocked. Do not open ports unless a service explicitly requires it. + +### 7. **Set Up a Backup Solution** 💾 +Having a solid backup strategy is non-negotiable. +* Use **Windows Server Backup** to create a schedule for regular backups of your system state and critical data. +* Store your backups on a separate disk or a network location, never on the same disk as your operating system. + +### 8. **Install Necessary Roles and Features** ⚙️ +Install only the roles your server needs to perform its job. +* In **Server Manager**, click **Add Roles and Features**. +* Select the roles you need, such as **Web Server (IIS)**, **Active Directory Domain Services**, or **Hyper-V**. Only install what's necessary to reduce the attack surface. \ No newline at end of file