Server Administration

About the Picture

This picture is one of the multiple server clusters I have managed and maintained for the State of Oklahoma. This cluster is a collection of Sun Solaris, Windows 2003, Windows 2008R2 servers for running the State of Oklahoma's carrier class microwave system. Additional servers (not in picture) for the 3CX SIP PBX have been installed and setup recently by me in coordination with Ralph the Tower Communications Manager for OMES Wireless as we have worked together to provide Radio over IP functionality to the State of Oklahoma.

I also work with Windows 2012, Red Hat and Centos 7 servers in my duties with Intelligent Transportation Systems.

Windows Server Best Practices

Determine Server Role https://technet.microsoft.com/en-us/library/hh831669(v=ws.11).aspx
Name your server's hostname with a self-explanatory name indicating its role.
Use a naming convention.
Statically assign IP Addresses or exclude in DHCP.
Ensure that time settings are correct and that the server points to a qualified NTP server.
Ensure that both remote desktop services and a VNC client are operating for remote access.
Set security and firewall to highest protection possible and work backwards to admit accounts and change permissions.
Use IP address whitelisting for access.
Use strong passwords and require expiration.
Set automatic updates to enabled but point to one centralized update server to issue the updates to the rest of the domain/branch.
Document the server configuration and setup.
Set server for periodic backups.
Minimize 3rd party software installed on server. Only install tools that may be required to maintain the servers function.
Run services with the least privilege.

DNS

Primary DNS should be a windows server, a redundant DNS should be on a router in case server should fail.
Do not use public DNS servers on Windows workstations and should never be primary or secondary on server. Only use in the forwarding zone.
Follow additional tips from Microsoft https://technet.microsoft.com/en-us/library/cc959288.aspx
Additional tips http://techgenix.com/active-directory-insights-part1/
Additional forwarding tips https://www.petri.com/best-practices-for-dns-forwarding

DHCP

Follow Microsoft best practices for DHCP https://technet.microsoft.com/en-us/library/cc958920.aspx
On DHCP http://techgenix.com/windows-server-2012-dhcp-part1/
Configure longer leases that cover possible down times. If you know power outages are common at a site and can last a long time you may want to consider this, or if the site is a remote site.

Active Directory & Domain Controller

Best practice for Active Directory design https://msdn.microsoft.com/en-us/library/bb727085.aspx
Best practices for Virtualized AD controllers http://www.serverwatch.com/server-tutorials/virtualizing-active-directory-domain-controllers-general-best-practices.html
Always have a minimum of two domain controllers. More for larger organizations with no single server using more than 66% of its capacity ideally and never more than 75%.
Updated documentation and diagrams of Domain Controllers, Flexible Single Master Operator (FSMO) and Global Catalog (GC) Servers.
If high login times are encountered utilize Branch Cache features.
Understand group policy well and the tools to edit it before adding new policies or removing default policies.

File Serving

File sharing in an Enterprise https://technet.microsoft.com/en-us/library/dd347022.aspx
File sharing in a workgroup https://technet.microsoft.com/en-us/library/dd345812.aspx
Understanding Permissions https://technet.microsoft.com/en-us/library/cc783530(v=ws.10).aspx
Develop a standard for permissions.
Keep permissions as simple as possible.
Use user security groups.
Define permissions based on job role.
Keep root level folder creation within the administrator realm.
File and folder permission https://technet.microsoft.com/en-us/library/cc754344(v=ws.11).aspx
File and folder permissions for developers https://msdn.microsoft.com/en-us/library/bb727008.aspx
Viewing permissions http://www.thewindowsclub.com/effective-permissions-tool-windows
Windows 10 Access Controls https://www.youtube.com/watch?v=FFZsXI9sq34

Windows Server Update Services (WSUS)

Test patches in a test environment before applying to production environment. With Windows 10 this may be a chore with setting up master update servers for different server role types.
Determine WSUS capacity requirements.
Windows as as service in the Enterprise https://technet.microsoft.com/en-us/itpro/windows/manage/waas-update-windows-10
Article on just allowing Windows to update http://www.windowscentral.com/bad-it-admins-reveal-windows-10-downloads-your-pc

Hyper-V

Application Services

Network Services (VPN/RADIUS/Dial-Up)

Virtual Machine Servers (PROXMOX)

http://www.itworld.com/article/2915530/virtualization/containers-vs-virtual-machines-how-to-tell-which-is-the-right-choice-for-your-enterprise.html