In the previous guide, we have completed our first installation of Windows Server 2019. Now, it’s time for us to configure it in the way that we want it to function. Before we go into that, there are some things that you need to know about the way Windows Server is configured by default.
Security settings in Windows Server
As you can see, Windows Server has internet explorer installed by default. When you try navigating a website, you are given an message telling you that the site is blocked and whether you would like to add an exception. This is done to protect the server from any viable threat of exploitation from malicious actors through internet explorer.
Later in this guide, I will show you a way to disable this protection in case you are in need of downloading installation files for example. Even so, you are better off installing an 3rd party web browser such as Firefox or Google Chrome and then making any additional configurations to maximize security. Also, you can just grab anything that you need from another PC via USB media and transfer them into your Windows Server computer.
Performance in Windows Server
You may notice a dip in performance on Windows Server compared to regular Windows. Go to your Control Panel and navigate to System->Advanced system settings->Advanced tab and then click on “Settings”. Under Performance Options, navigate to the “Advanced” tab and you will notice that the Processor scheduling is set to “Background services” by default. This is needed because Windows Server optimizes services always running in background instead of the foreground.
You may also notice the tab right next to it “Data Execution Prevention” which is set to “Turn on DEP for all programs and services except those I select:” by default, this helps prevent any malicious software from injecting code into the Windows subprocess system.
Server Manager will be the primary place for configuring and managing your Windows Server, whether locally or remotely on another server computer listed on the left hand panel. From here at the bottom, you can also see status of your server as well as all the events/errors that may have occurred and how you can fix them. Click on “Local Server” on the left-hand side of your server panel.
Now you are at the properties section for your server. Here, you can configure crucial aspects of the Windows system as well as displaying hardware information. The following are displayed here:
- Computer name – The name of your server computer. Assigned by default, but can be changed through the “System” settings in Control Panel.
- Workgroup – A group of computers on the LAN that your computer is connected to.
- Last installed updates – The last time your Windows Server has been updated.
- Windows Update – Your current configuration for receiving updates to Windows Server from Microsoft.
- Windows Defender Firewall – Displays whether your firewall is On or Off as well as the firewall group(Private) your network interface is configured to.
- Remote management – Whether this server can be remotely accessed through Server Manager on another Windows machine, “Enabled” by default.
- NIC Teaming – Allows multiple network interface cards to be merged together for in the event one of them fails.
- IE Enhanced Security Configuration – Prevents Internet Explorer from accessing any websites, as explained in Security.
Disable IE Enhanced Security Configuration
In order to browse the web freely on Internet Explorer, click where it says “On” under IE Enhanced Security Configuration.
Where it says “Administrators” click “Off”. If you plan on having any other users access your server, leave the other one at “On”. You should now be able to browse the internet freely. If you’re still getting any warning boxes in Internet Explorer, click the checkbox and click “OK”.
Roles are the bread and butter of Windows Server. These are programs/services/features that are built into the system and contain many different types of server software to suit your needs. For the most part, these are easy to install through the use of a wizard.
Installing a Role
At upper right-hand corner of the Server Manager menu, click on “Manage” and “Add Roles and Features”
You are now taken to a wizard, from here you will be installing a service for the first time. For this guide we are going to install IIS Web Server. Click Next.
Make sure that “Role-based or feature-based installation” is selected as we will be doing that and click Next.
We will be installing our roles and features onto a server from the server pool, our server is selected by default. Click Next.
A list of roles available is displayed. Go ahead and click on the checkbox next to “Web Server (IIS)”. You are then asked to install the required features for this role, make sure that the checkbox at the bottom is checked and click “Add Features”. Click Next.
You are now given a list of features that you can install, since the ones required by Web Server IIS have been selected, click Next. You will see a brief description of the primary Role that you’ll be installing. Click Next.
Here you will be able to add various services to your role. Let’s go ahead and add an “HTTP redirection” service to our web server for example so that we can forward visitors from our HTTP website to an HTTPS one. Click Next.
Click on the Install button and wait for it to finish. Depending on the role or feature installed you may need to reboot your server. Once the installation is complete, click on Close.
Once back in Server Manager, click on “Tools” at the menu and on “Internet Information Services (IIS) Manager”
IIS is now up and running, open up Internet Explorer and type in http://127.0.0.1 in the address bar. You should get an Internet Information Services welcome page in several different languages which means that our web server is fully functional.
You have now learned the basics of Windows Server and how to configure and install roles and features. Keep exploring and trying many different roles and services to see how they suit your needs/demands.