Windows/Server: Difference between revisions
Created page with "== Active Directory == * Server Manager -> Add roles -> Active Directory Domain Services + DNS <blockquote> <pre> Install-WindowsFeature AD-Domain-Services, DNS -IncludeManagementTools </pre> </blockquote> * Active Directory -> Promote -> Add new forest (ad.example.de) <blockquote> <pre> Install-ADDSForest -DomainName "ad.example.com" -InstallDNS </pre> </blockquote> Category:Windows" |
|||
| (21 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Download == | |||
* https://www.microsoft.com/de-de/evalcenter/download-windows-server-2025 | |||
** https://go.microsoft.com/fwlink/?linkid=2293216&clcid=0x407&culture=de-de&country=de | |||
== Active Directory == | == Active Directory == | ||
* Rename server | |||
<blockquote> | |||
<pre> | |||
Rename-Computer -NewName "RDS" -Restart | |||
</pre> | |||
</blockquote> | |||
* Server Manager -> Add roles -> Active Directory Domain Services + DNS | * Server Manager -> Add roles -> Active Directory Domain Services + DNS | ||
<blockquote> | <blockquote> | ||
| Line 6: | Line 18: | ||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* Active Directory -> Promote -> Add new forest (ad.example.de) | * Active Directory -> Promote -> Add new forest (ad.example.de) | ||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
Install-ADDSForest -DomainName "ad.example.com" - | $SecurePassword = Read-Host -Prompt "SafeMode Admin Password" -AsSecureString | ||
Install-ADDSForest -DomainName "ad.example.com" -DomainNetbiosName "AD" -InstallDns -SafeModeAdministratorPassword $SecurePassword | |||
</pre> | |||
</blockquote> | |||
== Remote Desktop Services == | |||
* Add user group | |||
<blockquote> | |||
<pre> | |||
Import-Module ActiveDirectory | |||
New-ADGroup "RDS allow log on" -GroupScope Global -GroupCategory Security | |||
</pre> | |||
</blockquote> | |||
* Install role | |||
<blockquote> | |||
<pre> | |||
Install-WindowsFeature RDS-RD-Server,RDS-Licensing -IncludeManagementTools | |||
Restart-Computer | |||
</pre> | |||
</blockquote> | |||
* Group Policy Management (gpmc.msc) | |||
** Forest → Domains → ad.example.de → Right click: Domain Controllers → Create GPO: "RDS" | |||
** Right click: "RDS" → Edit | |||
<blockquote> | |||
<pre> | |||
Computer Configuration → Policies → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Licensing | |||
-> Use the specified Remote Desktop license servers: Enable and add Server FQDN | |||
-> Set the Remote Desktop licensing mode: Per User | |||
</pre> | |||
</blockquote> | |||
<blockquote> | |||
<pre> | |||
Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → User Rights Assignment | |||
-> Allow log on through Remote Desktop Services → add "Administrators", "RDS allow log on" | |||
</pre> | |||
</blockquote> | |||
* Update policies | |||
<blockquote> | |||
<pre> | |||
gpupdate | |||
</pre> | |||
</blockquote> | |||
* Verify policies | |||
** "secpol" | |||
* Enable users - Add users to groups: | |||
** Remote Desktop Users | |||
** RDS allow log on | |||
== Time Service == | |||
<pre> | |||
w32tm /query /status | |||
w32tm /query /peers | |||
w32tm /query /source | |||
w32tm /resync | |||
w32tm /resync /force | |||
#Standalone | |||
w32tm /config /manualpeerlist:"time.cloudflare.com,0x8 time.google.com,0x8 0.de.pool.ntp.org,0x8" /syncfromflags:manual /update | |||
net stop w32time | |||
net start w32time | |||
w32tm /resync /force | |||
</pre> | |||
== Windows Search Services == | |||
* Install | |||
<blockquote> | |||
<pre> | |||
Install-WindowsFeature Search-Service -IncludeManagementTools | |||
Get-WindowsFeature Search-Service # Verify | |||
</pre> | |||
</blockquote> | |||
* Enable Service | |||
<blockquote> | |||
<pre> | |||
Start-Service WSearch | |||
Set-Service WSearch -StartupType Automatic | |||
Get-Service WSearch | |||
</pre> | |||
</blockquote> | |||
* Check Indexer Status | |||
<blockquote> | |||
<pre> | |||
Get-CimInstance -Namespace "root\cimv2" -ClassName "Win32_Service" | Where-Object {$_.Name -eq "WSearch"} | |||
control.exe srchadmin.dll | |||
</pre> | |||
</blockquote> | |||
* Disable perUser Index | |||
<blockquote> | |||
<pre> | |||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Search" -Name "EnablePerUserCatalog" -Value 0 -Type DWord | |||
Restart-Service WSearch | |||
control.exe srchadmin.dll | |||
-> rebuild index | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
== Automatic Updates (without WSUS) == | |||
<blockquote> | |||
<pre> | |||
# Enable automatic updates | |||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -Value 0 | |||
# Configure automatic updates (4 = auto download and schedule install) | |||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -Value 4 | |||
# 2 = Notify for download and auto install | |||
# 3 = Auto download and notify for install | |||
# 4 = Auto download and schedule the install | |||
# 5 = Allow local admin to choose setting | |||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "ScheduledInstallDay" -Value 0 | |||
# 0 = every day, 1 - 7 = sunday - saturday | |||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "ScheduledInstallTime" -Value 3 | |||
# Hour of the day in 24-hour format ( 3 = 03:00 ) | |||
</pre> | |||
</blockquote> | |||
== M365 == | |||
* Set OneDrive Default Dir / Not working?? | |||
<blockquote> | |||
<pre> | |||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft" -Name "OneDrive" -Force | |||
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive" -Name "DefaultRootDir" -Value "D:\%username%\OneDrive" -PropertyType String -Force | |||
</pre> | |||
</blockquote> | |||
[[Category:Windows]] | [[Category:Windows]] | ||
Latest revision as of 20:31, 19 November 2025
Download
Active Directory
- Rename server
Rename-Computer -NewName "RDS" -Restart
- Server Manager -> Add roles -> Active Directory Domain Services + DNS
Install-WindowsFeature AD-Domain-Services, DNS -IncludeManagementTools
- Active Directory -> Promote -> Add new forest (ad.example.de)
$SecurePassword = Read-Host -Prompt "SafeMode Admin Password" -AsSecureString Install-ADDSForest -DomainName "ad.example.com" -DomainNetbiosName "AD" -InstallDns -SafeModeAdministratorPassword $SecurePassword
Remote Desktop Services
- Add user group
Import-Module ActiveDirectory New-ADGroup "RDS allow log on" -GroupScope Global -GroupCategory Security
- Install role
Install-WindowsFeature RDS-RD-Server,RDS-Licensing -IncludeManagementTools Restart-Computer
- Group Policy Management (gpmc.msc)
- Forest → Domains → ad.example.de → Right click: Domain Controllers → Create GPO: "RDS"
- Right click: "RDS" → Edit
Computer Configuration → Policies → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Licensing -> Use the specified Remote Desktop license servers: Enable and add Server FQDN -> Set the Remote Desktop licensing mode: Per User
Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → User Rights Assignment -> Allow log on through Remote Desktop Services → add "Administrators", "RDS allow log on"
- Update policies
gpupdate
- Verify policies
- "secpol"
- Enable users - Add users to groups:
- Remote Desktop Users
- RDS allow log on
Time Service
w32tm /query /status w32tm /query /peers w32tm /query /source w32tm /resync w32tm /resync /force #Standalone w32tm /config /manualpeerlist:"time.cloudflare.com,0x8 time.google.com,0x8 0.de.pool.ntp.org,0x8" /syncfromflags:manual /update net stop w32time net start w32time w32tm /resync /force
Windows Search Services
- Install
Install-WindowsFeature Search-Service -IncludeManagementTools Get-WindowsFeature Search-Service # Verify
- Enable Service
Start-Service WSearch Set-Service WSearch -StartupType Automatic Get-Service WSearch
- Check Indexer Status
Get-CimInstance -Namespace "root\cimv2" -ClassName "Win32_Service" | Where-Object {$_.Name -eq "WSearch"}
control.exe srchadmin.dll
- Disable perUser Index
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Search" -Name "EnablePerUserCatalog" -Value 0 -Type DWord Restart-Service WSearch control.exe srchadmin.dll -> rebuild index
Automatic Updates (without WSUS)
# Enable automatic updates Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -Value 0 # Configure automatic updates (4 = auto download and schedule install) Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -Value 4 # 2 = Notify for download and auto install # 3 = Auto download and notify for install # 4 = Auto download and schedule the install # 5 = Allow local admin to choose setting Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "ScheduledInstallDay" -Value 0 # 0 = every day, 1 - 7 = sunday - saturday Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "ScheduledInstallTime" -Value 3 # Hour of the day in 24-hour format ( 3 = 03:00 )
M365
- Set OneDrive Default Dir / Not working??
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft" -Name "OneDrive" -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive" -Name "DefaultRootDir" -Value "D:\%username%\OneDrive" -PropertyType String -Force