Basic Steps After Deploying a Server

The very first step is to patch the OS. Even a "fresh" ISO might be months old.

• Open Settings > Update & Security.
• Click Check for updates.
• Install all available patches and restart as needed.

Why? Unpatched servers are vulnerable to exploits from day one.

Servers should never rely on DHCP for their primary IP address. They need a fixed address so clients and other servers can reliably find them.

• Go to Network Connections (ncpa.cpl).
• Right-click your adapter > Properties.
• Select IPv4 and enter your static IP, Subnet Mask, Gateway, and DNS servers.

Default names like WIN-837492... are impossible to manage. Give your server a descriptive name that follows your organization's naming convention (e.g., NYC-WEB-01).

Change this in Server Manager > Local Server > Computer Name. A reboot is required.

Accurate time is crucial for logs, authentication (Kerberos), and backups. Ensure the time zone is correct, or configure the server to sync with an NTP server.

To manage the server without standing in front of it, enable RDP.

• Go to Server Manager > Local Server.
• Click on Remote Desktop and select "Allow remote connections to this computer".
• Security Tip: Only allow connections from computers running Remote Desktop with Network Level Authentication (NLA).

Never turn off the firewall! Instead, allow only the ports you need. For a web server, allow port 80/443. For a file server, allow SMB.

Use Windows Defender Firewall with Advanced Security to create granular inbound/outbound rules.