Windows Server 2003 Administration Tips

By | August 28, 2007

Want to build an enterprise network? which can accomodate multiple user? n offcourse we can’t forget the security factor.
I have some hints to build a network like that using windows server 2003 with several software installed to perform much reliable, secure network.
First i’ll explain about the feature of windows server 2003, Microsoft Windows Server 2003 Family have 3 version, Standar Edition, Enterprise Edition and Data Senter Edition. each version have same ability but have a few different on hardware support.for small use the standar edition may be the best choice, but if you have large type or enterprise server you can use the enterprise or Data center edition to support much more cpu, RAM and storage.
The Next, the main feature use often @ a network with multiple user :

  • Active Directory
  • DNS (Domain Name System)
  • DHCP (Dynamic Host Configuration Protocol)
  • File Sharing
  • Terminal Server
  • Windows Service Update Server

With 3rd party software from Symantec we can deliver an integrated anti-virus management system @ the network, @this hints i will use Symantec AntiVirus Corporate Edition for easier update n install.

To build this kind of network i’ll show the step by step to build it.:

  1. Preparing the Server:
    1. Choose ServerEdition that match your requirements
      • Standard Edition
      • Enterprise Edition (for me, i’ll choose this version coz it’s have different UI for management and have more support for large disk and memory but there will be less support for server service application can be install on its)
      • Data Center Edition
    2. Just Install it till finish. n offcourse use the original software from Microsoft ( @ this point i use Windows from MCA/ Microsoft Campus Agreement)
    3. Install all driver needed
    4. Patch it with an up to date Patch System. @ this moment Microsoft has released SP2 for Windows Server 2003 ( if u have installed the WSUS Server u can update from this server, for the tutorial about it i’ll post later)
  2. Just Write down your requirement
  3. Installing The Features:
    1. Active Directory & DNS
      1. Overview: if u decide to install this feature, u must install it in pair, u can’t install just one of it,because the Active Directory need a DNS Server to management the workstation, but if u decide not to install active directory u still can install the DNS.
      2. How To:
        • first step to install Active Directory is to decide the domain name, is this an independent domain or derived domain from its parent or maybe a delegation domain?
        • if its an independent domain / standalone domain, u can choose create a new forest, but if its derived domain from parent u can choose new tree from an existing forest. the simple difference is just for management domain, when its derived from its parent all management is derived from its parent,parents administrator (enterprise admins) can manage this domain/tree, but it’s still have ability to configure its own domain. when its independent all management is independent from its parent.
          • new forest => independent/standalone domain
            • eq. wafa.web.id => this is independent domain (forest)
          • new tree from existing forest => derived domainfrom its parent
            • eq. linux.wafa.web.id => this can be a new tree coz its derived from wafa.web.id forest ( but this can be another independent domain if u prefer not share / not integrate the management)
        • the second step, the usage of this server, is this a primary domain controller or just another backup / secondary domain controller server.
        • third step, define the Domain Name for your Domain, write down the Full Qualified Domain Name (eq. wafa.web.id => this is FQDN but later in domain name it’ll just use WAFA for domain name)
        • Set Administrator Password for Domain and set the Rescue Password if u want demote (remove this feature) the server in the future
      3. The Management:
        • Active Directory / Domain Controlleraccomodate both of users and computers.
          • a computer joined the domain called workstation
          • when a computer joined the domain,it’s need domain admins privilege to joining to the domain controller.
          • when a computer need to detach from domain, it’s also need domain admins privilege to detach from domain controller.
          • when a computer joined the domain, it’s add to the domain computer and also add to dns server.
        • Active Directory have this group policy to accomodate the user: (i just write the most used and general)
          • Domain Admins => have privilege administrators @ all the workstations and domain controllers, can manage everything.
          • Enterprise Admins => same like Domain Admins, but it’s have more privilege over another Tree in an Forest.
          • Domain Users => User privilege, can be use to logged in to all workstations joined the domain
          • Domain Guests => Guest privilege, limited access to workstation resource
      4. Some keyword @ Active DirectoryInstallation:
        • Forest
        • Tree
        • Domain Name
        • ContextName
        • Organizational Unit
    2. DHCP
      1. Overview: DHCP Server used for mobile user, so they don’t need to set their IP Address and another network settings manually , this Server provide a collection of an IP Address called Address POOL for defined time called lease with some networking options called Router Options (nameserver,Domain Name,Gateway, etc..)
      2. How to Install :
        • Add this role feature from Server Management
        • Define new scope
        • Define address pools range
        • Define lease time ( how long the client can use its Network configuration/IP)
        • Define another options such as Gateway, Domain Name, DNS Server, etc.
        • Restart the service
    3. FileSharing (FileServer)
      1. Overview: by default Microsoft Windows Server have an ability to serve public file sharing, but this feature can be added for another ability and feature to the basic service.
      2. How to Install:
        • Same like another Role, add this feature from Server Management
        • to configure a new sharing folder, just add share name and browse the valid folder to share.
    4. Terminal Server
      1. Overview: by default Microsoft Windows Server have an ability for Remote Desktop User, but this feature have increase the performance and support ability for this service.
      2. How to Install:
        • Same like another Role, add this feature from Server Management
        • add some license rule for this terminal server
          • per user => used for per user connected
          • per device => used for per computer connected
        • for better support u can activate the terminal server license from Microsoft by obtaining your information, this can be activated when you have an internet connection.
    5. Windows Service Update Server
      1. Overview: this service is to accomodate local update service for all Microsoft product in the network, so it will safe more bandwidth coz all of Microsoft product not need to update directly to Microsoft update site
      2. How to Install:
        • the installer not package with the installation CD but u can obtain it from Microsoft download center. the installation tutorial shipped with the installer.
        • with this service installed, u just need to download all updates once for this server and the all computer can update from this server. just point the update site to this server.
          • to set ur workstation to point to WSUS Server, i have simple step:
            • just run : gpedit.msc @ run command
            • point to :
              • Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Update
              • Enable Configure Automatic Updates
              • Enable Specify intranet Microsoft update service location, in this case just point to ur WSUS Server

the last is about the security and antivirus management.. for this purpose i use the Symantec Antivirus Corporate 10 edition, for installation just follow the instruction. but i have a few notes for installation:

  • install this feature before installing the terminal service feature
  • install as server mode
  • after install the serverantivirus, u can install symantec system console to manage ur client later.
    • from this management console u can deploy to your client remotely, this feature quite simple for your domain network, coz u only need domain admins and u can deploy it to all ur workstation
    • u can manage and categorized ur network into groups
    • a group can have different policy
    • u can do mass virus definition update to all ur client when the server has finished update its definition
    • u can schedule download of the update

for another information and the advance tutorial, i’ll write down later in another version.


with loves, with efforts, with knowledges knowing the best for ur best illuminator

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.