Few questions about first-time Win2k3 installation

[Hamins]

Hi everyone,

I'm a newbie to Windows 2003. I have been assigned the task of setting up a network of around 25 comps + 2003 server. I have finished installing Win2003 on the server. I want to know if there is any checklist to follow before promoting the sever to a Domain Controller.

Also, I would like to know how to harden the Win2003. Should it be done before, or after I promote it to a Domain Controller.

The server will be the only one in the domain, and will be multi-roled. It'll be the Domain Controller, and will be used for user-management, file/print sharing, DNS, DHCP. There will be no database running on the server. All the data will be will reside on this server, and will mostly be ms-office files, and emails. However, the data is very confidential.

I would like to know at what level I should set the security ... ie. should it be at the Domain Level, OU Level, or group level ? I would like to apply tight security restrictions on the network. I would also like to know what type of security is to be applied for the Domain Controller itself. Is it advisable to use any of the pre-defined security templates? If yes, which ones should I use for member computers, users, and the domain controller itself ?

I need to know the above ASAP. Any help/suggestions would be appreciated.

Thnx

Edited June 12, 2005 by Hamins

[valter]

Check my reply here. Follow the step nr. 4 but pick High Security-Domain Controller instead of Member Server. Make sure you read enclosed material bafore you do anything. This is to be applied after you promote your server to DC.

The best practice is to make an image of your server installation (Acronis True Image or Ghost) before you promote it, so in case of disaster, you can quickly go back ...

Edited June 13, 2005 by klasika

[Hamins]

thnx Klasika,

further suggestion, anyone else ?

[CrescendoBEAt]

WOW!!! u have so in deep questions!!! u need study MCSE for answers!!

hi, first review the Windows server 2003 checklist on it's Help & Support center. then pey attention which is better to seperate the servers, cuz for example the DC(domain controller) and DHCP shouldn't place on same server for security issues. if u have budget limit, try to use 2 server, one for DC and DNS and 2ed for DHCP and File server and other roles.

>> by the way the advise of klasika is great, always try to back up ur data.

and about the security just aplly NTFS premissions for file,[this is the best restrictions for file access] and use default security group policy of DC for computers on the domain.

[wullieb1]

My tip would be to install DNS and ensure that it is running properly BEFORE attempting to promote to a DC.

Always ensure that your DC uses a static IP, i prefer to use the start of the IP range.

Always point the DC to use the DNS server, i always prefer to have it on the same server, as it's primary DNS server then set up your DNS server to forward requests to another DNS server, internal or external, if required.

Not so important with 2003 but ensure you have a good naming structure for you AD forest. Ensure you have all OU's etc named and ready to go when you install AD.

Finally DOCUMENT everything. This is especially handy if you have a disaster scenario, seen it happen many a time, and will allow you to trace your steps and rebuild to the same standard as before. Take plenty of screen shots as well.

As klasika says always take a backup image of the drive for ease of roll back.

[Hamins]

Hi everyone,

thnx wullieb1, and everyone else for your suggestions.

My setup is quite simple, due to the requirments, and budget constraints. I have just one server to my disposal. It's a HP ML150 G2, with Xeon 3.0Ghz, 1GB DDR-RAM, 73GB SCSI HDD. As I mentioned in the fist post, it will be a multi-roled server. It will serve as a DC, a DNS server, DHCP server, and file & print server. Right now, there are only 15 PCs + one printer on the network.

I will be re-installing the server tomorrow. I have a 73GB HDD. I want to make 2 partitions. The primary partitions will hold the OS, programs, and system files, and the other partition for all the user-date, profiles and emails. Will 15GB be enough for the primary partition ?

I have downloaded the Ms Security guide. It'll be quite helpful for security settings. I have just one question. The heirachy in my company is pretty flat. No departments, and all users (except the designated admin), will have the same user-rights. So, I want to know at what level I should set the security at ... should it be Domain, OU, or group ? ..... I mean, what would b most advisable ?

Please lemme know .... thnx