Document version: MESJAN2016, revision 23JUN2016 1

Creating a Windows Server 2012 R2 virtual instance Maher Saad, Chestnut Residence, University of Toronto

Disclaimer The author of this document shall not carry responsibility for any damage to the network, computer(s) software or hardware either direct or indirect as a result of following the instructions herein.

Introduction This document provides steps on creating a virtual instance of Windows Server 2012 R2 using Oracle VirtualBox.

This document presumes that Oracle VirtualBox is installed and pfSense is setup and configured as a virtual instance on your personal computer already. For more information on how to install Oracle VirtualBox and how to create a virtual network using pfSense please refer to the Building a virtual network documentation available at: http://individual.utoronto.ca/mahersaad

Configuring a Windows Server 2012 R2 virtual instance behind pfSense avoids any type of interference with existing services and other servers on a production network.

This document is based on Windows Server 2012 R2 Standard (Server with GUI) x64 installation.

This document presumes total of 200GB hard drive capacity (dynamically allocated) for this virtual server instance; 80GB will be used for the Windows Server Operating System installation files (OS) and the remaining hard drive capacity is intended for shared folders and data storage. If you are planning to perform this installation on a production server with much more hard drive capacity, such as 500GB or more, not a virtual instance, you may consider creating 200GB OS partition or more instead of 80GB to serve future purposes being a production server.

This document is intended for I.T. professionals. However, other users may find this document useful and straight forward to follow.

Requirements - A PC with a network card, adequate processing power, adequate memory and hard drive capacity - A virtual network build with Oracle VirtualBox and pfSense - A Windows Server 2012 R2 ISO image, DVD or USB medium to install from

Brief - In Oracle VirtualBox create and configure a new Windows Server 2012 R2 virtual instance - Install Windows Server 2012 R2 - Install Oracle VirtualBox Guest Additions - Configure hard drives - Configure Internet Explorer - Configure Windows Updates - Install McAfee Site Advisor - Install Microsoft Enhanced Mitigation Toolkit (EMET)

http://individual.utoronto.ca/mahersaad

Document version: MESJAN2016, revision 23JUN2016 2

Procedure

1. On the PC, run Oracle VirtualBox Manager and click New to create a Windows Server 2012 R2 virtual instance:

2. Follow snapshots a and b below to complete creating the Windows Server 2012 R2 virtual instance:

a. Enter name, type, version, set memory capacity and then click Create

b. Set Virtual hard drive capacity as desired and then click Create

Document version: MESJAN2016, revision 23JUN2016 3

When complete, the new Windows Server 2012 R2 virtual instance will appear on the left menu as illustrated below:

3. Let’s review the Setting of the DC1 virtual instance to make some necessary changes, follow as illustrated below:

- Select DC1 and click Settings

- In System untick Floppy from the boot order

- Presuming we are launching the Windows Server 2012 R2 installation from a DVD medium, in Storage under Storage Tree select the optical disk Empty, in Attributes click the optical drive icon to select Host Drive ‘F: ‘ where F is our PC physical optical drive letter

Document version: MESJAN2016, revision 23JUN2016 4

- Deselect Audio as it is not usually needed in server installations

- Under Network set Adapter 1 to Internal Network then click OK. This will let our Windows Server 2012 Server instance connect on the pfSense virtual internal network

4. Insert the Windows Server 2012 R2 DVD medium into the PC DVD optical drive and start the DC1 virtual instance:

5. As we added the virtual optical drive to the PC drive letter, DC1 virtual instance will boot up from the Windows Server 2012 R2 DVD disk drive. Follow prompts as below:

- Select correct time and currency format then click Next

Document version: MESJAN2016, revision 23JUN2016 5

- If you wish to avoid the small partition Windows setup creates upon installation, use the Shift and F10 keys on the keyboard to open up and the Command Prompt, and follow as illustrated in the snapshot example below (Note: if you are performing this installation on a production server, not a virtual instance, proceeding with the following steps will erase all data on a production server hard drive)

- Click Install now

Document version: MESJAN2016, revision 23JUN2016 6

- Select the version you wish to install then click Next. This example used the 2012 R2 Standard Server with a GUI

- Read License terms, if you accept tick I accept then click Next

- Select Custom: Install Windows only (advanced)

Document version: MESJAN2016, revision 23JUN2016 7

- Click Next and wait for setup all complete

6. When setup completes the virtual machine will restart, as soon as you get the Oracle VM start-up screen click the X button corner to power off the virtual instance:

7. Remove the Windows Server installation disk as we no longer need it present in the PC optical drive. Carry on as illustrated in snapshots example a and b next page:

Document version: MESJAN2016, revision 23JUN2016 8

a. In the Oracle VM VirtualBox Manager go to the DC1 Settings and in System untick Optical from the Boot Order list:

b. In Storage under Storage Tree select Host Drive ‘F:’, click the optical drive icon and select Remove Disk from Virtual Drive then click OK:

8. Start DC1 and wait until Windows Server starts for the first time:

Document version: MESJAN2016, revision 23JUN2016 9

9. Create a strong password for the Administrator account then click Finish:

10. Use the right hand side Ctrl key and the Delete key on the keyboard to emulate the Ctrl+Alt+Del to login

11. If prompted, click Yes to find PCs, devices, and content on the network

12. In the Devices drop down menu select Insert Guest Additions CD image… to install the guest additions which consist of device drivers and system applications that optimize the guest operating system for better performance and usability:

13. Open File Explorer, right-click on the CD Drive and from the shortcut menu select Install or run program from your media:

14. The Oracle VM VirtualBox Guest Additions setup window will appear. Follow prompts, install device software, and accept defaults until setup all complete. When prompted click Finish to Reboot Now

15. During the reboot and from the Machine menu under Settings you may remove the VBoxGuestAddition from the Virtual drive as illustrated in the snapshot below:

Document version: MESJAN2016, revision 23JUN2016 10

16. After reboot, login to the server, close Server Manager if opened automatically, and adjust screen resolution. Right-click the start button and from the shortcut menu select Disk Management to change the DVD drive letter to E:

17. In Disk Management right-click the optical drive and from the shortcut menu select Change Drive Letter and Path:

18. Click Change, from the drive letter drop menu change drive letter from D to E then click OK to continue:

19. In Disk 0 right-click the unallocated partition and from the shortcut menu select New Simple Volume. Follow screen prompts, you may change the Volume Label to Data, click Next then Finish to format the new partition:

20. Exit Disk Management when the new partition format complete Note: It is best to restart the server after each change, such as this one, each driver installation and other hardware device updates

21. At this point I would rename the C drive volume label to DC1 in File Explorer to reflect the server name we are about to give to our server next step

22. Right-click on the start button and from the shortcut menu select System. In System select Advanced system settings and change the server name to DC1 or as desired, click OK and restart when prompted

Document version: MESJAN2016, revision 23JUN2016 11

23. Enable the Shutdown button at the login screen: right-click the Start button, select Run, type gpedit.msc, in the Group Policy Editor expand Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options, set Shutdown: Allow system to be shut down without having to logon to Enable. This will come handy if you needed to restart or shutdown the server without logging in. Close gpedit when done

24. Right-click the start button and from the shortcut menu select Search:

25. In the search box type Internet Explorer, from the list appears right-click on Internet Explorer and from the shortcut menu select Pin to Taskbar:

26. From task bar run Internet Explorer. If prompted, select Use recommended security and compatibility settings then click OK

27. If prompted, Turn on Protected mode

28. If prompted to Turn on Windows SmartScreen, select Get administrator approval before running an unrecognized app from the Internet (recommended)

29. In Internet Explorer activate the menu bar by pressing the Alt key on your keyboard once 30. Activate the following options as illustrated below, when done close Internet Explorer. These visible options will

come handy when needed. Close IE when done:

Document version: MESJAN2016, revision 23JUN2016 12

31. Run Server Manager:

32. In Server Manager | Local Server | turn off IE Enhanced Security Configuration for Administrators then click OK:

33. Run Internet Explorer (IE) and from the Tools drop down menu run Windows Update then close IE:

34. In Windows Update left side menu click Change settings:

Document version: MESJAN2016, revision 23JUN2016 13

35. In Windows Update Change Settings menu set as illustrated below or as desired then click OK:

36. Check for updates, download, install and wait until windows is updated, restart server when prompted. Repeat Windows update until available updates are all installed on the server

37. Check, download and install available server hardware device driver and firmware updates in case you are performing this installation on a physical server

38. Run Internet Explorer, download and install McAfee site advisor to add a layer of security when browsing

39. Download and install Microsoft Enhanced Mitigation Experience Toolkit (EMET) to add additional layer of defence

against malware attacks

40. You may consider installing an antivirus as well. Faculty and staff conducting university business can get a copy of

Microsoft System Center 2012 Endpoint Protection

41. In Internet Explorer go Tools, Internet Options, Content, AutoComplete, Settings, and untick User names and

passwords on forms so that IE doesn’t prompt to remember passwords

Above was a basic installation exercise of Windows Server 2012 R2 Standard with GUI x64. End of document.

https://www.siteadvisor.com/final/index.html