File Server Setup Check List

2012 R2

winrm quickconfig
https://learn.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/winrm-service-not-start-uninstall-winrm-2

ftp:5.45.82.71:21:,http:5.45.82.71:80:

https://answers.microsoft.com/en-us/windows/forum/all/the-paging-file-is-too-small-for-this-operation-to/0169adbb-deee-4231-ab0f-302c4656728c

FTP Server Extensibility

2000

Steps done OffLine in Yellow

Steps done OnLine in Blue

Install Windows 2000 Server

Disconnect from the Internet
Put in Windows 2000 Server CD

Windows 2000 Components

Accessories and Utilities
Certificate Services
Indexing Service
Internet Information Service (IIS)
Management and Monitoring Tools
Message Queuing Services
Networking Services
Other Network File and Print Services
Remote Installation Services
Remote Storage
Script Debugger
Terminal Services
Terminal Services Licensing
Windows Media Services

Terminal Services Setup
Remote administration mode

Networking Settngs

Networking Settings
Typical settings

Workgroup or Computer Domain
No, this computer is not a network or domain

Internet Protocol (TCP/IP)

Enter the IP addresses

Enable IP SECurity

Start
Settings
Network and Dialup Connections
Select the connection for the card to the Internet
Properties
Internet Protocol (TCP/IP)
Properties
Advanced...
Options
Optional settings: IP Security

Use this IP security policy:
Client (Respond Only) - this level is necessary for VNC or RDC to work.

Block Unnecessary Ports

For workstations, you only need to open up Port 445 for drive mapping. This is for Server Message Block (SMB) transactions, necessary for mapping a drive letter to a workstation disk drive. However this is a port often used by hackers.

Start
Settings
Network and Dialup Connections
Select the connection for the card to the Internet
Properties
Internet Protocol (TCP/IP)
Properties
Advanced...
Options
Optional settings: TCP/IP filtering
Properties
Enable TCP/IP Filtering (All adapters)
Permit Only:

TPC Ports	Description for Web or iMail server
20	FTP data
21	FTP server
25	SMTP (on email server only)
80	Web browsing
110 137 138 139	POP3 (email server only) NETBIOS NETBIOS NETBIOS
443	Secure Web Server (https) ex. DataUpload.com
445	Server Message Block (SMB) transactions (drive mapping) Microsoft-DS (warning, this been suggested not to open)
3158	FrontPage Extensions
3389	Remote Desktop Connection
5901	WinVNC (5900 is the default for VNC)
8383	iMail (on email server only)
others	See Knowledge Base, Microsoft, List or Ranum or here Bill Boswell article, or the Complete List

UDP - Permit All such as
137 - browsing requests of NetBIOS over TCP/IP
138 - Net Login, Browsing requests of NetBIOS over TCP/IP

For a VPN we need 443, 500, 4500, 60443
You can check with www.GRC.com Services, ShieldsUp!

IP Protocols - Permit All

OK
OK

You must shut down and restart your computer before the new settings will take effect. Do you want to restart your computer now?

Yes - Reboot

NOTE: On Email Servers (FS4) we need ports 25 for outgoing mail, 110 for incoming mail, and 8383 for iMail. For example, without 25, users will get the error shown to the left. On Web site only servers, we can prevent spammers from using our server by blocking port 25.

More info

Install Windows 2000 Server Server Pack 4 right away

Pun in CICorp W2K CD #2 to install SP4

Install AVG AntiVirus right away

Install AVG Server free virus protection
Run an initial scan

Now it is OK to connect to the Internet

This is the FIRST TIME the computer gets on the Internet
Plug in the Ethernet cable

AVG Update

Update AVG to the latest version
Disconnect
Run AVG scan of hard disk
Connect to Internet again

Install the LSasser Virus Removal Tool right away

Fine Tuning of Windows Desktop

Windows Update from Microsoft.com
repeat until all updates are installed
Open a window,
Not Hide File Extensions
Not Hide Hidden Files and Folders (so we can see hidden viruses)

Update Internet Explorer to 6.0

IE6Setup.exe

Add Useful Items on the Desktop

Right click on menu item, then
Send To > Desktop (create shortcut)

Add MSCONFIG.EXE (for managing startup options)
Add Terminal Services Manager from Administrative tools (for managing RDC sessions)
Window Task Manager in "Hide when minimized" mode in the Task Bar
Add Computer Management to desktop and Quick Launch

On D: Drive set up Conversion Folders

plus if it is going to be a Web site server
D:\HTTP folder

D:\CONVERT
D:\CONVERT\$DO
D:\CONVERT\$DO\DONE

Rename Administrator to Admin007

Then make a new decoy Administrator user, but disabled with no groups or rights

This is to make it less easy for hackers

Set up users

Rick
David
Gerard
Oksana
BobbiJo
Data123 (for conversion server)

Services

Must be Automatic, Started, for web hosting to work.
This avoids the "Error 1717: The interface is unknown"

Event Logging

World Wide Web Publishing Service

Drive Mappings

X: to \\67.55.221.7\D (FS13's D: drive)
U: to \\67.55.221.4\E (FS14's E: drive) for Setup software

Install Handy Utilities

You can get these from the U: Drive
Or CICorp's W2KServer Disk #2

If you need to extract files for setup, use the C:\TEMP folder

Make a Desktop Icon for all
and QuickLaunch Icon for some

Tarylynn - for quick copying conversion folders back to X: drive
DUMeter - for monitoring the Download and Upload of files
VNC4 Server - for logging in to console from remote
RDC - Remote Desktop Connection - for remote session work (goes under Accessories, Communications)
RoboCopy - for date sensitive quick backups (put in to C:\Winnt)
WinZip Version 8.0 (no later) - for unzipping
WinZip Classic, Express Setup, No tips, Folders: Last open
WZCLine - WinZip 8.0 Command Line utility
(put in to C:\Winnt)
RUndelete - for undeleting files
Evidence Eliminator - good for clearing out temp files
Screen Monitor Drivers
Printer Drivers

Install DeleFXP

Here is a good utility that can get rid of those folders with
hidden names and reserved names such as com9 and lpt1.

http://jrtwine.com/Products/DelFXPFiles/index.htm

These folders are so numerous and hard to delete, giving
an "access denied" message.

"Taggers" look for open FTP sites to store music cd's and games.

It freed up over 5 gigabytes of space on FS1 D: drive!

These "undeletable" folders were easily deleted with DeleteFXP.

RegistryFix

Run this program from http://RegistryFix.com

We have it Setup/Utilities

Go to Advanced Options and do:
Registry Backup
Clean up any unwanted Browser Helper Objects

Specialty Conversion Software (optional)

ACT! 6
ACT! 8
Goldmine
Maximizer
Sharkware
SalesForce Data Loader

Make an "FS#" logo using PaintBrush and put it on the desktop

Text is Arial Bold 72 Point font
Name the file FS.BMP and put it in the C:\WINNT folder
From desktop, select Active Desktop
New Desktop Item

FS15

Perform our Standard Preventive Maintenance Steps

FS1	FS2	FS3	FS4	FS5
FS6	FS7	FS8	FS9	FS10
FS11	FS12	FS13	FS14	FS16

Monthly Maintenance

Remove previous month's log files from Email from FS4
C:\iMail\Spool then ReBoot the eMail server or stop then start Services
ScanDisk
Defragmentation
AntiVirus Update
Windows Update
AntiSpyware Update
Remove "undeletable" hacker junk folders with DeleteFXP
Add the Server to www.Pingdom.com if it needs to be checked. A text message will go to your mobile phone, if the web site is down.

Click here for more details on Checkup

Notes

Setting up a Web Server as a DNS Server

This is something we are working on.

Please see DNS Options - we now use CIREG (a GoDaddy reseller) because the DNS is integrated with the Domain name Registration

Old Procedures that we do not do any more

Outpost kept causing our servers to freeze up, a total pain in the neck.

Install Outpost Firewall right away

Install Outpost Firewall
Run an initial SpyWare scan

We have a hardware firewall now, so we do not need this either.

If Outpost is not installed
Install McAfee Personal Firewall Plus

In Options, go to System Services
Select the options appropriate for the server (similar to TCP/IP settings above)

File Transfer Protocol (FTP) Ports 20-21 (for DataUpload and Web server only)
Mail Server (IMAP) Port 143 (if a mail server)
Mail Server (POP3) Port 110 (if a mail server)
Mail Server (SMTP) Port 25 (if a mail server)
Microsoft Directory Server (MSFT DS) Port 445 (so we can map drives)
Microsoft SQL Server (MSFT SQL) Port 1433 (if running ACTSQL or SQL)
Remote Assistance/ Terminal Services (RPC) Port 3389 (so we can log in)
Remote Procedure Calls (RPC) Port 135
Secure Web Server (HTTPS) Port 443 (if it is a web server)
Universal Plug and Play (UPNP) Port 5000
Web Server (HTTP) Port 80 (if it is a web server)
Windows File Sharing (NETBIOS) Ports 137-139

If McAfee won't install, install ZoneAlarm

Install Microsoft AntiSpyWare Beta
We no longer use this program

Turn on all Agents to be Active
and on Automatic Schedule

* Set up Users
* Change Administrator to Admin007
* Create a dummy Administrator account
* Reset permissions for Internet Guest Account for D:\HTTP
*

copy to WINNT:
RoboCopy
WinZip.exe
WinUnzip.exe

Shortcuts:
ACT!
ACTDiag
Maximizer
CMD.EXE
Tarylyn

36
Shwab
HMO
PPO pay more

smart office

How to turn off Test Mode in Windows
Command prompt:
bcdedit -set TESTSIGNING OFF