sysadmin:todo:services:internal:windowservers

Install Windows Server 2016 and all updates
- When asked for a product type, choose Windows Server 2016 Standard with Graphical Desktop
- When asked for a product key, choose WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY. This is the KMS server key that pulls licensing from CCS's server
Join to the cfs.uoguelph.ca domain
Install Software. Much of it is available in the FS sysadmin share
- Adobe Reader
- Cryptool (V1 and V2)
- Easy68K
- Firefox
- Google Chrome
- Logicworks
- MS Office 2016 Pro (Word, Excel, Powerpoint only)
- Python 3.8
- Visual Studio Community (Can pull the install profile from existing server)
Create batch file at C:\Scripts\logon.bat to mount home folders. The folder should be world readable but not writable. Contents should be
```
@echo off
```
```
net use H: \\gringotts\%username% /persistent:yes
```
Set GPO
- Disable Shutdown/Restart/Hibernate buttons
- User login script to run the C:\Scripts\logon.bat
- Point RDP licensing server to grindelwald.socs.uoguelph.ca
- Set RDP licensing type to per-device CAL
- Set 12 hour limit to terminate disconnected and idle sessions
Set firewall rules
- Block Telnet Outbound (Port 23)
- Block RDP Outbound (Port 3389)
- Block SSH Outbound (Port 22)
- Allow SSH for SoCS 131.104.48.0/23 (Port 22)
Allow RDP from the SoCS Faculty, Staff, Grads, TAs, and Undergrads groups in AD
Update the SoCS DNS record for Windows to ensure the machine IP is listed there