I had 2 500Gb HDDs. I wanted to mirror the hidden system partition and the C: drive. I wanted the C: drive to only consume 200Gb on each drive and the remaining space was to be striped:
- System: 350Mb, mirrored on Disk 1 & 2
- C: 250Gb, mirrored on Disk 1 & 2
- D: 500Gb, striped across Disk 1 (250Gb) & 2 (250Gb)
During installation, i installed to only 1 hard drive, leaving the other unformatted.
After installation, using the disk management console, I resized C: to half the disk. Right click and choose "Add Mirror", put the mirror on the other drive.
I couldn't create a stripe set for the remaining disk space via the GUI, so i used diskpart.exe:
C:\> diskpart
DISKPART> list disk
...
DISKPART> create volume stripe disk=1,2
The nVidia GeForce 5xx was not recognised. I installed the Windows 8.1 driver from nVidia.
I have only 1 network adapter, the IP is assigned via DHCP but the reservation is locked perpetually. The same IP is always issued to this server.
Later i created an Internal network switch via Hyper-V (a host & VM only network).
I also renamed the server.
I enabled Microsoft update in addition to Windows Update. I then installed all updates.
I didn't enable the Windows Client role (adds various Windows 8.1 features), instead I created a shortcut to This Computer on the desktop.
I configured the start menu (right click taskbar -> properties) to open on the apps screen with desktop apps listed first.
In the Local Server view of Server Manager, i set IE Enhanced Security Configuration to "Off" in my test lab environment.
I added the following roles:
- Active Directory Domain Services
- DHCP Server (for use on the Hyper-V network)
- DNS Server
- Hyper-V
- Windows Deployment Services
Always use a single forest. Multiple forests are only useful when working through the merging of 2 companies infrastructure.
The root domain, craigjperry.com, holds no site configuration so that if sites change they can be removed without impact.
The subdomain, tayloravenue.craigjperry.com, holds all the actual config for the site.
A wide OU hierarchy is faster than a deep one. I created a HOME OU structure:
- HOME (My Organisation Name) ->
- Groups
- Users (with sub-OUs: Standard, Service, Roaming, Power)
- Servers (Application, Mail, Monitoring, Database, Middleware, File ...)
- Workstations (Standard, Roaming, VDI)
I created a "User Profile$" share on the C: (mirrored) drive. I overrode the permissions not to inherit leaving only Admins, System & Creator Owner. I added the "Roaming User Profiles Users and Computers" group and assigned the advanced permissions "List Folder / Read Data" and "Create Folder / Append Data". I set these to this folder only. I enabled access based enumeration and encrypted data access.
I created a "Users$" share with the same settings.
I created security groups:
- Folder Redirection Users
- Roaming User Profiles Users and Computers
GPOs can be linked in several locations, be careful. When creating a new GPO it's good practice to immediately right click it in the taxonomy and uncheck the "Linked" item until you've fully defined the GPO. This prevents it being applied prematurely.
I created a "Folder Redirection Settings" GPO in the HOME -> Users scope with security filtering set to only "Folder Redirection Users", i.e. removing "Authenticated Users". I set:
- User Configuration
- Windows Settings
- Folder Redirection
- Desktop, Documents, Favourites, Links & Searches
- Folder Redirection
- Windows Settings
Each was configured as "Basic" with a Path, e.g. for Desktop:
\\s3.home.craigjperry.com\Users$\%USERNAME%\Desktop
I also defined a "Roaming User Profile Settings" GPO to enforce roaming profiles on VDI machines. This was linked at HOME -> Workstations -> VDI Workstations and it sets:
- Computer Configuration
- Administrative Templates
- System/User Profiles
- Set roaming path for all users logging onto this computer
- System/User Profiles
- Administrative Templates
\\s3.home.craigjperry.com\User Profile$\%username%
Since i configured roaming profiles, and profiles are not compatable across OS versions, i defined the following registry key:
- HKEY_LOCAL_MACHINESystemCurrentControlsetServicesProfSvcParameters
- UseProfilePathExtensionVersion
- (DWORD) 1
- UseProfilePathExtensionVersion
This ensures user profile folders are named with a suffix, e.g. ".v3" for Server 2012 and Windows 8 machines. While Server 2008 and Windows 7 machines use ".v2".
I defined enduser, developer & support user accounts. In each, i set the profile path:
\\s3.home.craigjperry.com\User Profile$\support
I configured a DHCP Server, to serve only my Hyper-V clients and WDS deployment server. The DHCP server isn't strictly necessary though since WDS can supply its own DHCP server if necessary.
I configured the reverse lookup zone for 10.0.1 (home lan) and 10.0.2 (hyper-v lan).
I configured the WDS server to serve any hosts. I would have preferred only to service pre-staged hosts since that better approximates my favoured configuration with unix hosts but i couldn't quickly figure out how to get Hyper-V to give up the required Client ID.
I added the boot and install images from the sources\
subdir of the Server 2012 R2 install DVD. I used the name Default for my image group name.
I relocated virtual harddisks and virtual machines under the striped drive. I didn't enable any enhanced session, GPU or migrations features. I reassigned the mouse release shortcut from the default Ctrl+Alt+Left Arrow since this is a commonly used shortcut on my Linux guests.
I installed the ADK with Windows 8.1 update to get the SIM tool for creating unattended installation answer files.