Configure Windows Server 2008 R2

1. Open Server Manager. Click Start > Administrative Tools > Server
Manager.

Refer to the right panel of the Serve Manager

• To assign a computer name, click Change Systems Properties.
• To assign a static/manual IP address and DNS, click View Network
Connections.
• To allow remote desktop connection for remote configuration, click
Configure a Remote Desktop.

The above initial configurations are necessary to prepare the server computer for
the installation of Active Directory Domain Service Role (AD DS) and promotion to
Domain Controller.

Add Active Directory Domain Service (ADDS) Role

1. Open Server Manager. Click Start > Administrative Tools > Server Manager.
2. In the left panel of Server Manager, click Roles.

3. Click Add Roles link found in the right panel of the Roles Summary section.
4. Click Next button in the Add Roles Wizard Window to begin the installation.
5. Select Active Domain Directory Domain Service and then click Next to
continue and when you reach the Confirm Install window, click Install button to
start the installation.

6. After the installation, promote the SERVER-PC to a Domain Controller by clicking

red underlined text or launching the AD DS Installation wizard thru
dcpromo.exe.
Promote Server to Domain Controller

1. To promote Server Computer to Domain Controller, launch the AD DS

Installation wizard. Click Start > Run > dcpromo.exe
2. When the AD DS
Installation wizard appears, click Next to continue.

3. Since it is our first time to create a Domain Controller, select Create a new domain in a
new forest . Click Next to continue.
4. Type your network domain name e.g. crossroads.com, css.local, cti.com.
Click next to continue.

5. Select Windows Server 2008 R2 as the forest functional level.

6. Add DNS Server as additional option for this domain controller. It is

recommended to add the DNS Server on the first domain controller.

7. A warning appears because currently there is no running DNS server in your network. Just click
Yes to continue. Let our server computer (Domain Controller) be the DNS server at the same
time.
8. Leave everything as default location for Database and log files. Click Next to continue
 9. Enter your administrator account password. Click Next to continue.
10.Click Next to start the installation. Installation will take some time and a reboot is required.

After the promotion

of computer
server to domain
controller, the
server’s primary or
preferred DNS
address is
automatically set to 127.0.0.1. Since our domain controller is also a DNS server, we need to set our
server’s DNS address same to its IP address.

To do this:

1. Open Control Panel > Network and Internet > Network and Sharing Center.
2. In the left panel of Network and Sharing Center, click Change Adapter Settings.
3. Right-click Local Area Connection > Properties.

4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.

5. Change the value of Preferred DNS server from 127.0.0.1 to server’s IP address. (Whatever the IP
address of the server is, it should also be the value of your preferred DNS server)
 6. Click OK button to save settings.

INSTALL AND CONFIGURE DHCP ROLE

1. In the Server Manager, click Add Roles.

2. Select DHCP Server from the list of server roles.

3. Select the network connection(s) that will be used for serving clients. In this demo, 192.168.0.2
has been selected by default.

4. Specify IPv4 server settings.

• For the Parent Domain, just leave current domain name as default.
• Set the value of Preferred DNS same as the server’s IP address. This is important because all
Windows clients need this information to join to the domain network.
5.

WINS is not required in this application so leave this setting as default.

6. Specify the range of your DHCP client’s base on the requirements of your network. If you only
have 10 computers in your network, you may set the scope to cater only 1 or 100 IP addresses
like 192.168.1.1 –
192.168.1.100. Scope always depends on the requirements of the Network Administrator. To
do this, click on Add button and fill in the required field.
 Note: Set the value of the Default Gateway same to Router’s IP address.

7. For DHCP Authorization, always use the Administrator account.

Although you can specify, any members of the Administrators group of users but to make
our life easier, let Administrator be the authorized user in terms of DHCP settings
management. In the next window after confirmation, click Install to start the installation
of the DHCP role.
To manage DHCP service, locate DHCP in the Administrative Tools. Go to Start

> Administrative Tools > DHCP.

To view connected clients, click Address Leases under Scope options.

To add IP exclusions (IP
lease exemptions,
IPs that should not be given
to the client computers),
right click Address
Pool under the Scope and
Select New

Exclusion Range. Enter

the IP you wanted to
exclude.

Important: Exclude your

Router (gateway) and your server’s IP address.

Configure your DHCP server options. Server options are values that were given to connected clients
during the lease of IP address such as Default Gateway and DNS settings. For some reason, this should
not be performed in actual environment (security matters). During the assessment, to make your life
easier in joining windows client computer, this is a good option.

To configure Server Options, right click Server Options on the left panel and select Configure
Options. The following are the most important options to configure:

• Router [003] = the network’s gateway or the router’s IP address.

• DNS Server [006] = the IP address of the DNS Server.
• DNS Domain Name [015] = string value of the current domain name e.g.
cti.local or crossroads.com
Sample Server Options Configurations.
 Once the configuration is done, refresh your
DHCP IPv4 settings so that all clients will have
these options on their adapter settings. In the
client computer, perform the ipconfig
/renew and ipconfig /release to be able
to receive a new set of network settings.

To check if the server options were included during leasing of IP address, log on to client computer. Go
to Start > cmd , then type ipconfig /all.

Compare the highlighted items to your Server Options. If it’s exact same value, therefore, your DHCP
server is working pretty well.

Install File Server Resource Manager (FRSM)

To install the File Server Resource Manager in Windows Server 2008 R2, click on Roles in the Server
Manager and then click on Add Roles. Click through the Before You Begindialog.
In the Server Roles screen, click File Services and then Next.

In the File Services screen, click Next. In the ‘Role Services’ screen that comes up next, you’ll want to
check File Server Resource Manager and then click Next. For now, we’ll skip configuring FRSM and click
Next to bypass Configure Storage Usage Monitoring.
On the Confirm Installation Selections, click Install and wait for the installation to finish.

Setup a Print Server

There are two main benefits to centralizing all your shared printers onto a print server, firstly you can
install all the different Windows client drivers on the server so they are automatically deployed, and
secondly it greatly simplifies the management of the printers.

First of all you need to ensure that your Windows 2008 Server has the Print Services role installed, so
logon to it and open the “Server Management” console, then click “Roles” in the left-hand pane:

The “Roles Summary” will list all the roles currently installed on your server, and if like above you don’t
see Print Services then you will need to add it by clicking the “Add Roles” link. This will start the “Add
Roles Wizard”, click Next past the introductory page and on the next one click to check the “Print &
Document Services” role:

Click “Next” and the next page explains some of the basic principles of the Print Services role, once
you’ve read it click “Next”and on the following page you are asked to select specifically which services
you require. Here we only need “Print Server”, which should already be ticked, unless you know you
have a need for any of the other role services then leave them unticked. Click “Next” to take you to
the confirmation page and then click “Install” to add the Print and Document Server role. The
installation process should only take a minute or two and then you can click “Finish” to close the
wizard. A restart of the server should not be required.

The Print Management Console

Now you have the Print Services role installed on your server you can use the Print Management console
to perform all your printer administration tasks, so open it by going to Start – Administrative Tools –
Print Management. Expand the Print Servers tree, then your server and click “Printers” to view the
printers already installed:
Installing the Role Service
1.1 Start Server Manager, Click on Add Roles, and choose the Remote Desktop Services role
1.2 Click Next
Choose Remote Desktop Licensing

Review the text, but don’t make any choices, Click Next
Click Install.
Add Domain Users

1. To add domain user accounts, click Start > Administrative Tools > Active
Directory Users and Computers.

2. On the left panel of the window AD Users and Computers windows, right-click Users >
New > User.
3. Fill in the required fields. Click Next to setup a password for the user.
 Note:
• User logon name should be formalized e.g. juan.delacruz or jdelacruz.
• Password‘s minimum character length is 8, a combination of alphanumeric (with at least
1 Capital letter).
 4. Click Next to continue and you’re done!

To organize user accounts, it is recommended that you put all the users in one container called
Organizational Unit. To add users in an OU, simply create a new

Organizational Unit (OU).

1. Right-click on your domain name e.g. YourDomainName.Com > New > Organizational Unit.

2. Choose your own OU. Note: Very important that you name your OU base on your actual
department or units like Service Department, Admin Department, IT Unit, etc. Click OK to
finish.
To create users inside the container/unit, right click on the OU, New > User.

(Steps 3 – 4 above)
Creating Shared for Folder Redirection

1. Create a folder in the desktop

2. Right click the created folder and Click Properties

3. Click Sharing
4. Click Advanced Sharing then Click Permissions then Click Add Then Type Domain User then
Click Check names then Click Ok
5. Click Full Control Box to Check then Click Apply then Click Ok
6. Click Share then Click Browse Down then click Find People
7. Type Domain User Click Check names it will Highlight then Click Ok
8. Click and Choose Read/Write then Click Share then Copy Network Path
Configure Folder Redirection

Folder Redirection policy allows a system administrator to redirect certain folders from a user’s
profile to a file server for backup purposes.

In this task, we will use the same folder we’ve created in Configuring User Home Directory.

1. Open Group Policy Management consol. Go to Start > Administrative Tools > Group Policy
Management.

In this
demo, I created a folder redirection policy on my Student OU (Organizational Unit). If no
existing organizational unit, you can select the Default Domain Policy as your policy object
for folder redirection.

2. Create a new policy. The name of your policy should be specific.

3. Right click the folder redirection policy and select edit.

4. In this demo, we will redirect all files and folders located in the user’s documents library.
Go to User Configuration > Policies > Windows Settings > Folder Redirection. Right click
Documents Folder and select Properties.

5. Specify the target

location or folder.
• Setting :
Basic –
Redirect

everyone’s folder to the same location

• Target folder location : Create a folder for each user under the root path
• Root path: \\server\shared folder, where server is the name or the
computer name of your server and share folder is the name of the network
shared folder as central file storage for all users.
6. Click on Settings tab. Uncheck the “Grant the user exclusive rights to Documents” option.
Once done, click OK and apply.

7. Update the
policy on both

computers by using the command gpupdate /force.

Adding Printer

1. Go to start Click Devices And Printers and on top Click Add

Printer
2. Click Add local printer
 3. Choose LPT1: Local Port Click Next

 Install the driver for your printer by selecting the printer's manufacturer from the
Manufacturer and then the model number. (If the model number of your printer isn't listed,
click on the Windows Update button to list additional printer models.)

Click on the Next button.

Enter a descriptive name for your printer in the Printer name text area or leave the name
that is already filled in, then click on the Next button. (In the example below, "Xerox
WorkCentre 7345 PCL6" has been entered for the printer name. ) Note: You can change the
printer name at any time.

You should see the following window showing that Windows 7 has started the process of
installing the printer:
2. In the next window, make sure the option Share this printer is selected, and then
click on the Next button. If the printer was added successfully, you should see the
following window: and then click on the Finish button.
You can view the new printer listing by clicking again on the Start button, and then clicking
again on Devices and Printers. You should see the entry for your printer. (In the example
below, "Xerox WorkCentre 7345 PCL6" has been added.)
Configure Users for Remote Desktop Connection

1. In the Server Manager, click Add Roles and select Remote Desktop
Services Role.
2. Select only the following services:
• Remote Desktop Session Host - Users can connect to an RD
Session Host server to run programs, to save files, and to use
network resources on that server.
• Remote Desktop Connection Broker - This prevents a user
with a disconnected session from being connected to a different
RD Session Host server.
• Remote Desktop Licensing - manages the Remote Desktop
Services client access licenses (RDS CALs) that are required for
each device or user to connect to a Remote Desktop Session Host
(RD
Session Host) server.

3. For level
authentication, select
Require Network Level of Authentication.
4. Leave other settings by default. Just click Next to continue the
installation.

By default, only Administrators group are allowed to access the server

remotely. Local security policy for terminal services should be configured to
allow users or groups to logon using remote desktop services.
To check:

1. Logon to client computer.

2. Go to Start > Run. Enter mstsc. You may also search “Remote Desktop
Connection” in the search bar.
3. Enter the computer name or IP address of the server.
4. On the next window, enter your domain account and password to
connect.
5. Done.
Deploy Printer using Group Policy

1. In the Server Manager, click Add Roles and select Print and Document Services Role in the
Roles list.
2. Select Print Server in the Role services. This is the only service we need to deploy our

printer using group policy object (GPO

Just continue the installation and leave other settings by default until you reach the installation
succeeded window.

3. Connect the printer, install its driver and share.

Note:
Refer to the
printer
manual on
how to install its driver.

4. Go to Start > Administrative Tools > Print Management.

5. Click All Printers. Right click network printer and select Deploy with

Group Policy…

6. Specify where to deploy the printer. In this example, the network printer will be deployed
to Students OU (organizational unit).
7. Create a new policy. Right-click anywhere in the white space and select New. Type “Printer
Deployment” for example.
8. Deploy the printer by clicking Add button. Check both “The users that this GPO
applies” and “The computers that this GPO applies”
9. Click Apply and OK.
10. Update the policy on both computers using the command gpupdate /force.
 Join the computer to a domain

• Click Start then Right Click Computer Then Click Properties

• In the System Properties dialog on the Computer Name tab, click Change.
• In the Computer Name/Domain Changes dialog, click Domain, type the Domain of your Active
Directory domain and click OK.

• In the Windows Security dialog, type a domain administrator username and password, or the
credentials of another user account with permission to add computers to the domain, and click
OK.
• You should then see a welcome message to the domain. Click OK in the message dialog box.
• When prompted to restart the computer, click OK.
• Close the System Properties dialog.
• Click Restart Now in the Microsoft Windows dialog.
Log on as a domain user
Once the computer has rebooted, log on as a domain administrator by clicking the Switch
User arrow on the logon screen and then select Other user. You can then log on to the
server as a domain user.