Oh Windows, you are thou heartless....No, it really isn't but as a Macadmin who spends most of my time on an OS X boxes mixed in with other Unix/Linux OS, Windows Server can seem strange. Windows Server does have command line options however, they expectation is for Admins to use the GUI to configure services or roles. For those who are interested in the Command Line options take a look at Powershell. This is Microsofts recommendation for interacting with Windows Server via the command line. While on Unix/Linux systems you configure via the terminal. Using the GUI has been a huge shift for me, not to mention just knowing some of the nuisances of Windows Server 2012. Windows have changed and made Server Manager much more powerful than the versions in Windows 2008.
Lucky for me that during the setup of my groups Windows Server, I was simultaneously enrolled in a Windows Server configuration course. The course afforded me an opportunity to gain a better understanding of new features and settings Windows in Server 2012. During the setup, I did have concerns about the setup of the Server. Standard Windows configurations would have admins join a domain, which will apply the necessary settings in order to protect the system. But what do you do if you are not joining it to a domain and letting it be a stand alone server?
Things that I thought about were:
- Local Security Policy
- Remote Desktop Services
- Windows Firewall
Local Security Policy is loaded with different Windows Settings that need to be changed or left alone. The different categories to think of are:
- Account Policies
- Local Policies
- Windows Firewall with Advanced Security
- Network List Manager Policies
- Public Key Policies
- Software Restriction Policies
- Application Control Policies
- IP Security Policies on Local Computer
- Advanced Audit Policy Configuration
I have yet to find a comprehensive list of suggestive settings but Microsoft does have resources on their TechNet site which help administrators with this topic:
- Administer Security Policy Settings
- How to Configure Security Policy Settings
- Introduction to Windows Firewall with Advanced Security
- Deployment: Windows Firewall and Group Policy
- Overview of IPSec Rules in Windows Firewall With Advanced Security
- Remote Desktop Services Overview
These are just a few resources I used in order to help configure a Windows Server, however, there are many other resources. If someone has a list of best practices for setting up a Windows Server it may be worthwhile to create a document for the masses at large. Not all Macadmins touch or deal with Windows Server on a regular basis, however, if it would be good to have a guide to help navigate the Windows Waters. At times, I still feel lost but it is a matter of knowing my limitations and finding the correct resources to help solve my problem.