sysadmin:todo:services:internal:windowservers
Steps to set up Student Windows Servers
- Install Windows Server 2016 and all updates
- When asked for a product type, choose Windows Server 2016 Standard with Graphical Desktop
- When asked for a product key, choose WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY. This is the KMS server key that pulls licensing from CCS's server
- Join to the cfs.uoguelph.ca domain
- Install Software. Much of it is available in the FS sysadmin share
- Adobe Reader
- Cryptool (V1 and V2)
- Easy68K
- Firefox
- Google Chrome
- Logicworks
- MS Office 2016 Pro (Word, Excel, Powerpoint only)
- Python 3.8
- Visual Studio Community (Can pull the install profile from existing server)
- Create batch file at C:\Scripts\logon.bat to mount home folders. The folder should be world readable but not writable. Contents should be
@echo off
net use H: \\gringotts\%username% /persistent:yes
- Set GPO
- Disable Shutdown/Restart/Hibernate buttons
- User login script to run the C:\Scripts\logon.bat
- Point RDP licensing server to grindelwald.socs.uoguelph.ca
- Set RDP licensing type to per-device CAL
- Set 12 hour limit to terminate disconnected and idle sessions
- Set firewall rules
- Block Telnet Outbound (Port 23)
- Block RDP Outbound (Port 3389)
- Block SSH Outbound (Port 22)
- Allow SSH for SoCS 131.104.48.0/23 (Port 22)
- Allow RDP from the SoCS Faculty, Staff, Grads, TAs, and Undergrads groups in AD
- Update the SoCS DNS record for Windows to ensure the machine IP is listed there
sysadmin/todo/services/internal/windowservers.txt · Last modified: 2020/10/30 17:54 by 127.0.0.1