===Steps to set up Student Windows Servers ===

  * Install Windows Server 2016 and all updates
    * When asked for a product type, choose Windows Server 2016 Standard with Graphical Desktop
    * When asked for a product key, choose WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY. This is the KMS server key that pulls licensing from CCS's server
  * Join to the cfs.uoguelph.ca domain
  * Install Software. Much of it is available in the FS sysadmin share
    * Adobe Reader
    * Cryptool (V1 and V2)
    * Easy68K
    * Firefox
    * Google Chrome
    * Logicworks
    * MS Office 2016 Pro (Word, Excel, Powerpoint only)
    * Python 3.8
    * Visual Studio Community (Can pull the install profile from existing server)
  * Create batch file at C:\Scripts\logon.bat to mount home folders. The folder should be world readable but not writable. Contents should be <code>@echo off</code><code>net use H: \\gringotts\%username% /persistent:yes</code>
  * Set GPO
    * Disable Shutdown/Restart/Hibernate buttons
    * User login script to run the C:\Scripts\logon.bat
    * Point RDP licensing server to grindelwald.socs.uoguelph.ca
    * Set RDP licensing type to per-device CAL
    * Set 12 hour limit to terminate disconnected and idle sessions
  * Set firewall rules
    * Block Telnet Outbound (Port 23)
    * Block RDP Outbound (Port 3389)
    * Block SSH Outbound (Port 22)
    * Allow SSH for SoCS 131.104.48.0/23 (Port 22)
  * Allow RDP from the SoCS Faculty, Staff, Grads, TAs, and Undergrads groups in AD
  * Update the SoCS DNS record for Windows to ensure the machine IP is listed there