Professional Documents
Culture Documents
Windows Server 2019 Report
Windows Server 2019 Report
Launch Virtual Box, create a NEW guest virtual machine and configure the following
settings.
Connect to the new virtual machine and quickly be prepared to click a key on your keyboard
to boot to the Windows Server 2019 ISO. Click “Start” to begin.
Select the language, skip or enter an applicable product key, select “Windows Server 2019
Standard (Desktop Experience)”, format the disk partition and the OS install will begin.
Power On the newly created guest VM and be ready to quickly press a key to boot from the
ISO
Press a key to boot from the mounted ISO CD. Reset the VM if you missed the change to
press a key
Enter the initial administrator password and the installation of Windows Server will be
complete. Move on to the next steps to rename the computer, install updates, activate
Windows, set the timezone and set a static IP address on the internal VM network card.
Configure Windows Server 2019 (Post OS Install)
Perform the following tasks on the newly installed Windows Server 2019 OS and reboot the
server.
Rename the Server
Set the Time Zone to your applicable Time Zone
Set a static IP Address on the TCP/IP V4 the INTERNAL Virtual Machine network
card OS settings
Install Windows Server 2019 Updates
IMPORTANT NOTE: Be sure to set a STATIC IP address on the VM’s internal LAN NIC
before you run the Active Directory Services install and configuration wizard. Active
Directory, DHCP and DNS require a static IP address. The Active Directory and DHCP
installation wizards will display errors if you don’t set a static IP address on the virtual
machine internal network card for IPv4.
Set a static IP address for the TCP/IPv4 virtual machine INTERNAL NIC as shown here in
the example below. Use your own private IP address subnet range. use a 10.x.x.x or
172.16.x.x or 192.168.x.x IP range
CRITICAL NOTE: Be sure to set the IP address for the preferred DNS server to 127.0.0.1
as shown below since we will be using the local server for DNS and Active Directory use.
Install the latest Windows Server 2019 updates from the Start Menu > Settings > Update &
Security settings applet and reboot as applicable.
Install Active Directory Services, DHCP and DNS Roles
Perform the following steps to install Active Directory Services for a new forest, DNS and
DHCP server on the virtual machine.
Prerequisites
DISABLE the External NIC on the virtual machine if you configured a 2nd NIC for
internet access as part of the Windows Server updates and license activation.
Launch “Server Manager” from the start menu and select “Add Roles and Features“.
Click Next at the “Before You Begin” screen, and “Next” at the “Select installation type”
screen. Be sure the installation type is set to the default “Role-based or feature-based
installation“.
At the “Select destination server” click Next to select your local server.
At the “Server Roles” screen be sure to select “Active Directory Domain Services“, “DHCP“,
and “DNS“. Select “Add Features” for each one and click Next.
Click Next at the “Select Features” screen.
Click Next through the “Active Directory Domain Services“, “DHCP Server” and “DNS
Server” screens. Click “Install” to confirm and begin the roles install.
Once the role features installation begins, do not close the Window. We will select the
“Promote this server to a domain controller” step in a few minutes.
Launch the DNS Manager tool from “Windows Administrative Tools” > expand your server
> right click on “Reverse Lookup Zones” and select “New Zone“. Click Next at the welcome
screen.
At the “Zone Type” screen leave the default option selected and click Next.
Click Next at the AD Replicate Scope screen and select the “To all DNS servers running on
domain controllers in this domain…“.
Select “IPv4 Reverse Lookup Zone” and click Next.
Reverse Lookup Zone name Network ID should be your environments subnet network. In my
case it’s 10.240.10.
At the Dynamic Update screen click Next, click Finish to complete the wizard. The new
Reverse DNS Lookup zone will be listed and clients will register their IP addresses
automatically in this zone.
Launch DNS Manager, right-click on your DNS server, select “Set Aging/Scavenging for All
Zones“. Check the box “Scavenge stale resource records” and click Ok to save the changes.
Configure DHCP Server Options and Authorize Server
The final step that needs to be performed is authorizing the DHCP server and creating /
enabling the DHCP client scope.
Launch DHCP Manager from the start menu > Windows Administrative Tools. Exp[and your
DHCP server, right-click on the server name and select “Authorize“. Right-click on the
server again and select “Refresh”. You should see all green check boxes now.
Finally, we can create the DHCP client scope. Right-click on “IPv4” option, select New
Scope, click Next at the welcome screen, provide a name for the DHCP scope and click Next.
Enter the DHCP IP address range using the applicable IP subnet details you have decided to
use. Click Next at the Exclusion and Delay screen, select the default 8 days for lease duration
and click Next.
Click Yes I want to configure these options now on the DHCP options screen.
Click Next through the remaining DHCP scope screens to activate the DHCP client scope.
The AD domain controller is finished, a DNS reverse DNS zone exist and WE now have a
DHCP client scope.
To test, create a client VM for Windows 10 and ensure the network card is using the
“INTERNAL” LAN connection and manually add the PC to the new AD domain
References
Microsoft Security Compliance Toolkit 1.0 – Baseline security group policy reports and
templates for Windows Server and Windows 10.
Windows Server 2016 (or Server 2019) (STIG) Security Technical Implementation Guide.