IT NT Server Services Windows 2000 Installation .

010

Windows 2000 servers in the St. Paul, centralized environment, should not
be installed with FTP, Telnet, or the Guest account active. If they are
needed they need management justification before they are installed. If
FTP is installed it must have anonymous FTP disabled.

Create Driver diskettes if third party drivers are required.

Installation and Configuration of Windows 2000:

Operating System Install

1. Boot from the Windows 2000 Server CD
2. Press F6 if you need to load Third Party SCSI or RIAD Drivers
3. Press Enter to continue setup at Welcome to setup
4. If prompted Press “C” to continue setup if setup has determined that your hard disk is
new
5. Press F8 to accept license agreement
6. Highlight unpartitioned space
7. Press C to create a partition
8. Create 9GB System Partition
9. Enter to create
10. Highlight New(unformatted) and press Enter to install
11. Highlight Format the partition using NTFS file system and press Enter to Continue
12. System will reboot when it has finished this portion of setup
13. Remove any floppies from the A: Drive

Operating System Setup

14. Select Next at the regional settings
15. Enter Name/Organization (3M Company/3M Company)- Select Next
16. Enter CD key (on back of CD case)– Select Next
17. Select licensing per seat – Select Next
18. Enter server name and administrators password (it must be complex) – Select Next
19. Highlight Accessories and Utilities and Select Details
20. Unselect Communications , Games, and Multimedia – Select OK
21. UnCheck Indexing Service
22. UnCheck Internet Information Services (IIS)
23. Highlight Management and Monitoring Tools - Select Details
24. Select Simple Network Management Protocol Select OK
25. Unselect Script Debugger
26. Highlight Terminal Services - Select Details
27. Select Enable Terminal Services - Select OK
28. Select Next to setup Windows 2000 components
29. Set Date, Time, and Time zone - Select Next
30. Select Remote Administration Mode for Terminal Services Setup - Select Next
31. Select Custom settings networking Settings - Select Next
32. Select Install
33. Highlight Protocol – Select Add
34. Highlight Network Monitor Driver – Select OK
35. Highlight Internet Protocol (TCP/IP) and Select Properties
36. Select Use the following IP Address
37. Enter IP address, subnet mask and default gateway

2/10/08 1
/var/www/apps/collegelist/repos/collegelist/trunk/collegelist/tmp/scratch7/931842.doc
IT NT Server Services Windows 2000 Installation .010

38. If local DNS enter in Preferred DNS

39. Otherwise enter 169.10.8.5 for Preferred DNS server
40. Enter 169.10.8.4 for Alternate DNS server
41. Select Advanced
42. Select WINS tab
43. Select ADD and enter 169.10.8.36 Select ADD
44. Select ADD and enter 169.10.9.141 Select ADD
45. Select OK to Advanced TCP/IP Settings
46. Select OK to Internet Protocol (TCP/IP) Properties
47. Select Next to Networking Components
48. Select Yes, make this computer a member of the following domain
49. Enter domain name – Select Next
50. Type in administrator ID and password for the domain you wish to join Select OK
51. Remove CD and any floppies when prompted
52. Select finish to finish setup
53. System will reboot

Note If you have an HP LT6000 you must execute the following file \\integration\windows
2000\installation documentation\HP\w2kvp.reg on the server you are installing at this point in the
installation. If you do not run this file now, you will experience lockups.

Operating System Configuration

54. Logon as administrator
55. Select I will configure this server later – Select Next
56. Uncheck Show this screen at startup
57. Close Windows 2000 configure your Server
58. From Start/Settings/Control panel – Select System
59. Select Advanced tab– Startup and Recovery - change Display List of Operating Systems
for: to 5 sec – Select OK to Startup and Recovery
60. OK to exit System Properties
61. Select Display
62. Select Screen saver tab- set screen saver to default screen saver, set wait to10 min. and
password protect – Select OK to Display Properties
63. Select Settings tab
64. Set screen area to 800x600 – OK
65. Select OK to display settings
66. Select Yes to keep settings
67. Close Control Panel
68. Right Click on Menu Bar
69. Select Properties
70. UnCheck Use Personalized Menus
71. Select Advanced Tab
72. Check Display Logoff
73. Select OK to Task Bar and Start Menu Properties
74. From Start/Programs/Administrative tools – Select Event Viewer. Right click the
application log – Select Properties
75. Select - Overwrite Events as Needed –
76. Set Maximum log size to 2048 - Select OK
77. Repeat for Security and System logs
78. Close Event Viewer

2/10/08 2
/var/www/apps/collegelist/repos/collegelist/trunk/collegelist/tmp/scratch7/931842.doc
IT NT Server Services Windows 2000 Installation .010

79. From My Computer/Explorer/Tools/Folder Options/View – Uncheck Hide file extensions

for known file types
80. Select OK to Folder Options
81. Close My Computer
82. From Start/Programs/Administrative Tools – Select Services
83. Double click DHCP Client Service
84. Change startup Type for DHCP Client Service to Manual
85. Select OK to DHCP Client Service Properties
86. Double click Distributed File System Service
87. Change startup Type for Distributed File System Service to Manual
88. Select OK to Distributed File System Service Properties
89. Double click Distributed Transaction Coordinator Service
90. Change startup Type for Distributed Transaction Coordinator Service to Manual
91. Select OK to Distributed Transaction Coordinator Service Properties
92. Double click IPSEC Policy Agent Service
93. Change startup Type for IPSEC Policy Agent Service to Manual
94. Select OK to IPSEC Policy Agent Service Properties
95. Double click License Logging Service
96. Change startup Type for License Logging Service to Disable.
97. Select OK to License Logging Service Properties
98. Double click Print Spooler Service
99. Change startup Type for Print Spooler Service to Manual
100.Select OK to Print Spooler Service Properties
101.Double click Removable Storage Service
102. Change startup Type for Removable Storage Service to Manual
103.Select OK to Removable Storage Service Properties
104.Double click System Event Notification Service
105. Change startup Type for System Event Notification Service to Manual
106.Select OK to System Event Notification Service Properties
107.Double click Telnet Service
108. Change startup Type for Telnet Service to Disable
109.Select OK to Telnet Properties
110.Close Services
111.Open Notepad
112.Type “This file is used to skip the SMS Logon Script”
113.Save file as C:\skip.flg
114.Close Notepad
115.From Start/Programs/Administrative Tools – Select Computer Management
116.Under System Tools double click on Local Users and Groups
117.Double click on Users
118.Right click on TSInternetUser account – Select Disable
119.Set TSInternetUser Account Password (Auditing requirement)
120.Set Guest Account Password (Auditing requirement)
121.Right click on the Administrator account and select Rename
122.Rename Administrator account to snoitarepo
123.Close Computer Management

Security Settings
124.From Start/Programs/Administrative Tools – Select Local Security Policy
125.Select Account Policies
126.Select Password Policy

2/10/08 3
/var/www/apps/collegelist/repos/collegelist/trunk/collegelist/tmp/scratch7/931842.doc
IT NT Server Services Windows 2000 Installation .010

127.Set Enforce Password History to 5

128.Set Maximum Password Age to 90
129.Set Minimum Password Age to 1
130.Set Minimum Password Length to 8
131.Set Password must meet Complexity Requirements to Enable
132.Select Account Lockout Policy
133.Set Account Lockout Duration to 0
134.OK to suggested settings
135.Set Reset Account Lockout Counter After to 60 minutes
136.Select Local Policies
137.Select Audit Policy
138.Select Audit Logon Events
139.Check Success and Failure – OK
140.Select Audit Policy Change
141.Check Success and Failure – OK
142.Select Audit System Events
143.Check Success and Failure - OK
144.Close Local Security Policies
145.From Start/Programs/Administrative Tools – Select Terminal Services Configuration
146.Select Connections
147.Double Click RDP-TCP
148.Select Sessions Tab
149.Check Override User Settings – Set End a disconnected Session to 5 minutes
150.Select OK to RDP-TCP Properties
151.Select Server Settings
152.Double Click Active Desktop
153.Check Disable Active Desktop
154.Select OK to Active Desktop
155.Close Terminal Services Configuration
156.Right Click My Computer - Select Properties
157.Select Network Identification Tab
158.Select Properties button
159.Select More button
160.Enter mmm.com for Primary DNS Suffix of this Computer
161.Select OK to DNS Suffix and NetBIOS Computer Name
162.Select OK to Identification Changes
163.Select OK to Reboot Required
164.Select OK to System Properties
165.Select Yes to Restart Computer

Windows Time Service

166. From Start/Run - Type Net time /Setsntp:ntptime

Configuring SNMP
167.From Start/Programs/Administrative Tools – Select Services
168.Double click SNMP Service
169.Select Agent Tab
170.Enter IT Operations for Contact
171.Enter BLDG 224 Bank ? Rack ? for Location
172.Select Traps Tab

2/10/08 4
/var/www/apps/collegelist/repos/collegelist/trunk/collegelist/tmp/scratch7/931842.doc
IT NT Server Services Windows 2000 Installation .010

173.Enter sniw-wins for Community Name – Select Add to List

174.Enter compaqhdm03 for the trap destination
175.Select Security Tab
176.Select Edit
177.Enter sniw-wins for Community Name
178.Set Community rights to Read Write
179.Select OK to SNMP Service Configuration
180.DeSelect “Send Authentication Trap”
181.Select OK to SNMP Service Properties (Local Machine)
182.Close SNMP Services

Installing Resource Kit

183. Map a network drive to \\integration\Windows 2000 – Use your WINS logon
184.Open folder “ReskitSupplement1”
185.Run “Setup.exe”
186.Select Next to Microsoft Windows 2000 Resource Kit Setup Wizard
187.Select I Agree to End User License Agreement – Select Next
188.Select Next to User information
189.Select Typical to Installation Type– Select Next
190.Select Next to begin Install
191.Select Yes to Install Active Perl
192.Select Next to Active Perl Welcome
193.Select Yes to Active Perl License Agreement
194.Select Yes to Active Perl Installation Notes
195.Select Next to Destination Location
196.Select Next to Active Perl Components
197.Select Next to Active Perl Options
198.Select Next to Active Perl IIS Options
199.Select Next to Active Perl Program Folder
200.Select Next to Start Copying files
201.Select No to Review Release Notes
202.Select Finish
203.Run “ircmd”

Installing Support Tools

204.Select Back to return to Windows 2000 directory on Integration server
205.Open folder “SUPPORT”
206.Open folder “TOOLS”
207.Run Setup.exe
208.Select Next to Windows 2000 Support Tools Setup Wizard
209.Select Next to User Information
210.Select Typical to Installation type – Select Next
211.Select Next to begin Installation
212.Select Finish

RCMD Server Install

213.From Start/Progarms/Administrative Tools – Select Services
214.Double click Remote Command Service
215.Select Automatic for Startup Type
216.Select OK to Remote Command Service Properties
217.Close Services

2/10/08 5
/var/www/apps/collegelist/repos/collegelist/trunk/collegelist/tmp/scratch7/931842.doc
IT NT Server Services Windows 2000 Installation .010

Installing Recovery Console

218.Insert your Windows 2000 Server or Advanced Server CD.
219.From Start/Run - Type D:\I386\WINNT32 /CMDCONS
220.Select Yes to install the Recovery Console.
221.Select OK to Recovery Console successfully Installed

Creating Server name on screen

222.From Start/Programs/accessories – Select paint
223.Open file c:\winnt\prairie wind
224.Select A button for text
225.Create rectangle across bottom of prairie wind image for server name location
226.Set font to Impact, point size to 26 and type to italic
227.Set cursor in lower left of rectangle and type in server name
228.Select File then save
229.Close Paint
230.Right click on the desktop – select properties
231.Background tab – select Prairie Wind
232.Select Picture Display - Stretch
233.Select OK

Drive Configuration
234.Right Click My Network Places - Select Properties
235.Right Click Local Area Connection – Select Properties
236.Select Configure button
237.Select Advanced Tab
238.Highlight Link Speed and Duplex
239.Set to Appropriate speed/Duplex (100Mbps/Full Duplex Datacenter)
240.Select OK to LAN Adapter Properties
241.Select OK to Local Area Connection Properites
242.Right Click Local Area Connection – Select Rename
243.Type in Appropriate name (Corporate ip or Backup ip) - Enter
244.Right Click Second Local Area Connection if Backup NIC is used - Repeat steps (59-66)
245.Close Network Dial-up Connections
246.Right click My Computer– Select Manage
247.Select Disk Management located under Storage
248.Select Next to Write Signature and Upgrade Disk Wizard
249.Check all disk
250.Select Next to write signature to disks
251.Select Next to Disks to want to upgrade
252.Select Finish
253.Highlight Disk you want to create
254.Right Click – Select Create Volume
255.Select Next to Create Volume Wizard Welcome
256.Select Simple Volume - Next
257.Select Next to Selected Disks for Volume
258.Select Next to Drive Letter
259.Check Perform Quick Format
260.Select Next
261.Select Finish
262.Repeat for all additional disks

2/10/08 6
/var/www/apps/collegelist/repos/collegelist/trunk/collegelist/tmp/scratch7/931842.doc
IT NT Server Services Windows 2000 Installation .010

263.Exit out of Computer Management

Securing Drives
264.Double click on My Computer
265.Right Click on E: Select Properties – Security tab - remove everyone from the
permissions on e: drive and add the Local Administrator’s Group, full control
266.Select OK to Exit E: Properties
267.Repeat for all additional data drive letters
268.Close My Computer

Diskperf Setup
269.From Start/Run enter CMD to get a Dos command prompt.
270.At the command prompt type DISKPERF -y and press enter.
271.A prompt comes up that all physical and logical disk performance tools are set to start at
boot.

IE 6.0 Upgrade
272.Right click Internet Explorer – Select Properties
273.Select Connection tab
274.Select LAN Settings button
275.Uncheck - Automatically detect settings
276. Check “Use automatic configuration script” Address:http://dawn.mmm.com/proxy.pac
277.Check “Use a proxy server” Address:corpproxy1.mmm.com, Port:3128
278.Check “Bypass proxy server for local addresses” – OK
279.Select OK to Local Area Network (LAN) Settings
280.OK to Internet Properties
281. Map a network drive to \\integration\Software – Use your WINS logon
282.Open folder “IE 6.0sp1”
283.Run “ie6setip.exe”
284.Accept the License Agreement – Next
285.Select Next to Windows Update: Internet Explorer and Internet Tools
286.Select Finish when setup is complete
287.Server will reboot

MDAC Upgrade
288. Map a network drive to \\integration\Software – Use your WINS logon
289.Open folder “MDAC”
290.Open Folder “MDAC 2.7 SP1”
291.Run “mdac_typ.exe”
292.Accept the License Agreement – Next
293.Select Finish to begin installation
294.Select Close to exit MDAC setup

Service Pack and Hotfixes

295.Double click on My Computer
296. Open \\Integration\Windows 2000
297.Open Folder “Service Packs”
298.Install Service Pack 3
299. Server will reboot.

2/10/08 7
/var/www/apps/collegelist/repos/collegelist/trunk/collegelist/tmp/scratch7/931842.doc
IT NT Server Services Windows 2000 Installation .010

300. From \\Integration\Windows 2000 Open Folder “Hotfixes”

301.Double click on the file SP3HF-Q3-03
302. Install latest Perl Script BASE, located at \\Integration\Windows 2000\Base Script
303.Reboot the server.

HP ProLiant Agents and Drivers

202. Install latest HP ProLiant Agents and Drivers located at \\integration\ntcsp
W2K = \\integration\ntcsp\6_20a_W2K\bp000128.cmd
203. Reboot Server.

Install NAV - Set Live Update time to 3:00am

Install Backup software as required

Have Tivoli installed

You have now completed the Default NTSPAS install, all other instructions are
defined in “Windows 2000 Master Document.doc” located in
\\integration\windows 2000

2/10/08 8
/var/www/apps/collegelist/repos/collegelist/trunk/collegelist/tmp/scratch7/931842.doc