This document will outline a basic Server 2003 prep for purposes of building in Vmware.

Outline

1. Set up Vmware with 20 GB disk for OS. No less for any practical server.
2. Install as per normal. NTFS, full format.
3. Install Vmware tools, drivers.
4. Apply all updates.
5. Install Support Tools.
   1. Windows Server 2003 Service Pack 2 Support Tools
6. Set up NTP on server.
   1. Setting up Windows Server 2003 as an authorative time source
7. Change idle disconnect timeout from 15 minutes to unlimited. Stupid default.

You would then sysprep at this time if you're going to clone this server for further use.

1. Install domain if needed.
2. After installed, install DNS/WINS/DHCP.
3. dcdiag and netdiag need to be OK.
4. Install GPO editor. Install GPO templates for Office 2003.
   1. Group Policy Management Console with Service Pack 1

Details

If you don't have a legal copy of Windows 2003 R2 SP2, you can register and download through Microsoft's 180 day trial option. You can find this on Microsoft's website here.

Table of Contents

	Initial licensing page. Press Enter
	Normal first page of install. Press Enter
	Read and approve the licensing agreement. Press F8
	Select the unpartitioned space and press C to create.
	Choose the maximum amount of size, or 20 GB. Press Enter when ready to continue.
	Select the new partition and press Enter to install Windows here.
	Always use the NTFS file system with Windows, and always perform a full format. This is fast in Vmware.
	Windows will format, copy files, reboot and bring you back to this screen. Leave standards at English (United States) as saves a bunch of application issues down the road. Click on Next when ready.
	Enter in your name and company. Press Next
	Enter in your product key. If you downloaded from Microsoft then they sent you this key as part of your digital $0 invoice. Press Next
	Enter in the number of CAL's that you have purchased. For an eval, I usually enter in 100 in per server mode. Press Next
	Name your server and set your administrator password. Click Next
	Set your date, time and time zone if not already correct. Click Next
	Use default networking unless you have a reason to do otherwise. Click Next
	Keep in the default WORKGROUP for now. It's a good default convention until you're part of a domain. Click Next
	Windows will gronk for a while and come back with your initial login screen. Press CTRL-ALT-DEL as per normal.
	Login for the first time. How memorable.
	Use Vmware to swap CD's and continue installation from disk 2.
	Click on Next to continue with setup wizard.
	Approve the license, click Next
	Yay, you're complete. Click Next
	OK, here's your reminder to finish updating Windows. Do so. Click on Finish to get rid of this dialog. Reboot when complete and continue. Always keep servers up to date unless you have a reason not to.
	The manage your server roles utility is used by many administrators to configure their servers. I don't, personally, so I would click on "Don't display this page at logon". Your mileage may vary.
	We may as well install the Vmware Tools so from host click on VM -> Install Vmware Tools
	Click on Install
	Click on Next
	Click on Next
	Click on Install
	Click on Yes to open display properties. Hardware acceleration is a good thing.
	Click on the Settings tab and click on Advanced.
	Click on the Troubleshoot tab and turn the hardware acceleration to maximum. Click on OK a bunch of times.
	Click on Finish to complete the Vmware Tools installation.
	Click on Yes to reboot. It's probably worth noting that you should have Vmware set up to shut down guest operating system in the Vmware guest configuration as from this point forward Vmware will be able to cleanly shut down the guest OS, rather than just cutting the power. My $0.02
	After the reboot and login, right-click on the blue question mark and select Settings
	Click on Language bar and then uncheck Show language bar at the desktop. Click on OK twice
	Open up My Computer
	Click on Tools -> Folder Options
	Under the View tab, unselect "Automatically search for network folders and printers". Other options as per screenshot.
	Similarly match the bottom set of options to the screenshot. Click on Apply to all folders to set Detail as your default view.
	OK, double-click on the keys icon in the system tray.
	Activate Windows over the internet.
	No, don't bother registering.
	Yay, it was successful, click on OK to close.
	Now, open the properties for Local Area Connection by right-clicking on it from the Start Menu.
	Click on the Authentication tab and uncheck Enable IEEE 802.1x authentication for this network.
	Hardcode your IP address as appropriate for your Vmware configuration.
	Now, install the Support Tools SP2 from Windows Server 2003 Service Pack 2 Support Tools
	Click on Next.
	Agree to the EULA, click on Next.
	Type in your name and organization and click on Next.
	Click on Install Now.
	Click on Finish when complete.
	Apply the NTP registry file from below at http://wiki.pachogrande.com/twiki/pub/Public/VmwareInstallServer2003/Win2K3_NTP.reg or read through Setting up Windows Server 2003 as an authorative time source and do it by hand. Run the DOS commands as illustrated to confirm working OK.
	Disable the idle connection disconnection feature of Server. By default, clients will be disconnected from their network shares if idle for more than 15 minutes. Causes all sorts of problems with network apps that aren't smart enough to trigger the OS to re-initiate the connection.
	Run dcpromo to start the domain controller promotion process.
	Click on Next
	Click on Next
	Select Domain controller for a new domain, click on Next
	Select Domain in a new forest, click on Next
	Set your ADS realm. Use the suffix .local so that you're not conflicting with existing DNS space.
	Set your Netbios name. Generally this is your ADS realm with suffixes removed.
	Use defaults, click on Next
	Use defaults, click on Next
	Ask the installer to set up DNS for us. Click on Next
	Select permissions compatible only with Windows 2000 or Windows Server 2003 operating systems.
	Set your restore mode password. Generally, people use the same password as their administrative account. Click on Next
	Last summary page, click on Next
	Computer will gronk for a while as above.
	Switch CD's when requested and click on Ok
	Computer will gronk for a while as above.
	Click on Finish.
	Click on Restart now
	Log in to the domain for the first time as above.
	I don't usually use the roles wizard so I would click on Don't display this page at logon and close it. You can leave the box unchecked if you want to continue seeing it for now. Close it anyways.
	Run netdiag
	Caption
	Review the list of netdiag items and confirm all are in successful state, i.e. none failed.
	Click on Administrative Tools -> DNS
	Right-click on your server name, choose properties. Click on the Forwarders tab and remove the forwarder by highlighting it at bottom (192.168.32.1 in picture) and clicking on remove. This will make your server a proper DNS server rather than a blind forwarder.
	Now, right-click on Reverse lookup zone and select New Zone...
	Click on Next
	Select Primary zone and check Store this zone in Active Directory, click on Next
	Select To all domain controllers in the Active Directory domain, click on Next
	Choose the network ID as appropriate for your IP space. Click on Next
	Select Allow both nonsecure and secure dynamic updates. This is needed so that workstations can update their own reverse DNS. Click on Next
	Click on Finish
	Now, go into Add/remove programs in Control Panel and choose to add/remove Windows components. Under networking services, add DHCP and WINS.
	Go back into Local Area Network properties.
	Set the DNS server to use 127.0.0.1 for DNS going forward.
	Set up the WINS server to use the servers LAN address. You cannot use 127.0.0.1 as WINS will not bind to this.
	You can run ipconfig /registerdns to force the reverse DNS entries to be created, or this will happen automatically on next startup. I like to explicitly create them, myself.
	Now you can open DHCP from Administrative Tools and create a New Scope.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.
	Caption.

DNS configuration for AD

Conventions for file sharing

File sharing should always be set up on a different physical drive on the server, or at least on a different partition. If you fill the partition then its not as critical as if you fill your system partition.

My preference is to set up a Data folder with subfolders corresponding to drive mappings, rather than sharing the root of the drive.

Conventions for printer sharing

Conventions for AD/OU setup

My rule of thumb is to always set up an OU for the company at the root level named for the company.

Within this, structure OU's for Users and Computers.

In general, Computers will then be populated with two OU's at a minimum: Workstations; Laptops.

Users generally will not be populated with any other OU's.

Generally I don't set up any sites and change the default Site configuration with a single server. If you have multiple servers then you need to identify whether these servers are in distinct areas (and subnets) or not. If so, they should be set up in seperate sites. This lets computers automatically recognize that they should be talking to the local DC rather than falling back on the default behavior of round robining through all available DC's (and potientially timing out as a remote DC is unreachable or slow).

Conventions for workstation naming

Conventions for GPO setup