Installing Windows 2003: Final Touches

Ingredients

• An installed Windows 2003 server. Prior recipes which document this:
  • Installing Windows 2003
  • Windows 2003 Post-Install Actions
  • Windows 2003 Post-Install Updates
• Connection to the internet.
• About 10 minutes time.

Instructions

•   Notice the timestamps!
  • To see any step, move the video slider to that timestamp.
  • You can pause there or watch video.
  • Go fullscreen for greater detail; remove captions if they obscure something.
  • Still confused? Go here for a better explanation.
• Opening (discussion)
  • 0:00 In this recipe we document a few final touches to our basic W2003 installation.
  • 0:04 Enabling autoupdates, MBSA scan and remediate, indexing setup, and taking stock of what's configured.
• Connecting via RDP (discussion)
  • 0:08 This time, we will connect via Remote Desktop, rather than the vSphere client as in prior recipes.
  • 0:12 On my Win7 client, go to the Start menu, type "Remote", and choose "Remote Desktop Connection" when it appears.
  • 0:20 The IP address of the server is 10.0.0.51. Type that into the "Computer" field and press "Connect." Acknowledge the warning about RDP verification.
  • 0:26 Connected to the server's desktop. Enter password.
• Automatic Updates (discussion)
  • 0:40 On the Start menu, choose "Control Panel," then "Automatic Updates."
  • 0:50 There are several choices. A common worry is: under what circumstances will the computer to reboot on its own?
  • 0:55 To find out, click the link: "How does Automatic Updates work?"
  • 1:03 The Help interface opens. The answer is in the FAQ.
  • 1:07 If an Administrator is logged on, she can delay the reboot. If a normal user is logged on, he cannot.
  • 1:13 Note: not all updates cause reboot.
  • 1:18 I choose "Automatic," knowing that it may reboot the system in the wee hours of the morning.
  • 1:22 If this becomes a problem, it can be changed later.
• MBSA Evaluation and Remediation (discussion)
  • 1:26 Open IE to download the MBSA tool. Currently MBSA 2.1.1 is the latest version.
  • 1:40 Getting IE Enhanced Security dialogs. I prefer to have them, reminding me always to browse safely from servers.
  • 1:45 But I am sure all Microsoft sites are safe, so I set a generic exclusion for *.microsoft.com
  • 2:04 Downloading the MBSA. Click "Run" to run the installer immediately.
  • 2:20 MBSA setup. Click "Next," accept the license, "Next," "Next," "Install," and "OK."
  • 2:42 On the Start menu, "All Programs" and then "Microsoft Baseline Security Analyzer 2.1"
  • 2:51 MBSA opens. Click "Scan a computer." The local system is chosen. Click "Start Scan."
  • 3:05 The scan took a bit over a minute to run. Some checks have failed.
  • 3:14 The first is password expiration. Two accounts have no password expiration set. Click "Result details."
  • 3:19 The two accounts are Administrator and Guest. For reasons explained in the discussion article, we will keep them that way.
  • 3:24 The NoExpireOK.txt file allows us to list exclusions we are OK with. To edit it ..
  • 3:27 On the Start menu choose "My Computer." In Explorer, navigate to c:\Program Files\Microsoft Baseline Security Analyzer."
  • 3:41 Find the "NoExpireOK.txt" file, and open it.
  • 3:48 Add "Administrator" and "Guest" to the file. Save and close it.
  • 4:04 Close the MBSA window to return to the main scan results.
  • 4:12 There is one more critical item: IE security settings. Click "Result details."
  • 4:18 The Administrator account does not have "High" security level in the Internet zone.
  • 4:24 In IE, click "Tools," and select "Internet Options"
  • 4:29 Select the "Security" tab, then the "Internet" zone. Click "Default level."
  • 4:35 Set the level to "High" and click "OK."
  • 4:40 Close the MBSA result windows, and scan again. The scan will not take as long this time.
  • 5:03 This time MBSA gives the computer a "Strong Security" rating. Close MBSA when you are satisfied.
• Clear Desktop Icons (discussion)
  • 5:23 Clearing icons from the desktop. The video shows that Help for the Security Configuration Wizard (SCW) is easily obtained.
  • 6:19 So deleting the icon from desktop is OK to do. MBSA is on the Start menu as previously seen.
• Set Index Options (discussion)
  • 6:23 Click the Indexing icon in the notification area and choose "Windows Search Options."
  • 6:30 Click the "Modify" button, and place a checkmark next to all drives you want fully indexed.
  • 6:37 Close out of Indexing options dialogs.
• Inventory Installed Programs and Components (discussion)
  • 6:41 On the Start menu, choose "Control Panel," then "Add or Remove Programs."
  • 6:51 Installed programs are listed here. You can change or remove them as needed.
  • 7:03 Click "Add/Remove Windows Components."
  • 7:07 Explore. Double click any item you want to know more about. Only the checked items are currently installed.
  • 7:23 Here I am un-checking (removing) the "Chat" item from the "Communications" accessory group.
  • 7:28 I'm leaving all other items as installed. W2003 installs few components by default.
  • 7:46 Click "Next" to complete the add/remove of Windows Components.
  • 7:50 In 20 seconds, the wizard completes. No reboot required this time, though some component additions will require reboot.
• Check Firewall Settings (discussion)
  • 7:56 On the Start menu choose "Control Panel," then "Windows Firewall."
  • 8:08 The firewall is enabled (good!). Click the "Exceptions" tab.
  • 8:11 There is only one enabled exception: "Remote Desktop." This was set in a prior recipe when RDP was enabled.
• Closing (discussion)
  • 8:18 This ends our video series on installing W2003. A very basic configuration!