Steve Borba

My notes, I hope they help you, feel free to comment/add to them

Windows Server Install Amazon

Step 1, Launch instance, Windows 2016 Datacenter, t2.small (I think 2GB is already low for RAM on windows), don’t change instance details, don’t change storage, no tags, setup firewall (I have static IPs, so I allowed all just from those IPs).

Step 2, configure windows (get password, TS to server and):
  Remove Features you aren’t using (needs winrm service) – smb 1.0 was the only one I removed
  Stop services you aren’t using – for /f %a in (Server2016-Disable-Services) do sc stop %a & sc config %a start= disabled
  Add .net 3.5 (don’t yell at me, the application I am installing needs it, used source C:\Windows\servicing\Packages)
  Configure NIC – disable: register DNS, ipv6, netbios; remove: client, F&P Share, llmnr, lldp, multiplexor, etc.
  Configure windows firewall, added allow all from my IP, disabled everything else (except DHCP, and ICMP un-reachable and fragment)
  Install snmp Dism /online /enable-feature /featurename:SNMP
    reg add HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers /t REG_SZ /f /v 1 /d “SOME-IP”
    reg add HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities /t REG_DWORD /f /v “SNMP-STRING” /d 10
  Add get MD5 hash reg add HKLM\SOFTWARE\Classes\*\shell\GetMD5\command /t REG_EXPAND_SZ /f /ve /d “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -windowstyle hidden -command \”(New-Object -ComObject Wscript.Shell).Popup((‘%1 = ‘+(get-filehash -Algorithm md5 ‘%1′).Hash),0,’File Hash’,0x0)\””

Thats it for now, I need to look through some of my server 2012 R2 notes and add any policy/security options to add.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>