ICT in Windows Server 2008
Probably one of the first features you will run into when working with Windows Server 2008 it’s the Initial Configuration task list ICT for short. This tool provides server administrators with some of the answers the question some server administrators had the past couple of years with Windows Server 2003. What must I do to configure my Windows Server 2003 install on this server? to answer this Microsoft in 2003 had a set of tools available for us but since they where all over the place made this task somewhat difficult, in Windows Server 2008 Microsoft provided us with Initial Configuration Wizard (ICT) a tool that allows us to:
- Set the timezone (previously done in the setup portion of Windows Server 2003)
- Configure networking (also done in the setup portion of 2003)
- Provide computer name and domain (commonly done post setup right-clicking the my computer icon)
- Enable automatic updates and feedback (done in the Post-setup security updates wizard)
- Download and install updates
- Add roles (previously done thru Manager your server or Add/Remove Windows components)
- Add features (done in Add/Remove Windows components)
- Enable remote desktop (done by right-clicking my computer)
- Configure Windows Firewall (done in Security Configuration Wizard or messing with the properties of each network adapter card.
This screen takes a page of the To-do list some of you might have seen in Windows Server 2003 Small Business Server installs which helped the SBS server user to easily configure some very complex tasks in a simple manner.
This screen will appear every single time you turn on your Windows Server 2008 install, but can be disabled by clicking the “Do not show this window at logon box”, if you would like to go back to it simply run the command oobe in the run command box.
At this point I would like to stop and make note of the default behavior of these options after setup in Windows Server 2008, please pay special attention to the firewall section.
| Setting | Defaultvalue |
| Time zone | Pacific Time (GMT-8) |
| Computer name | The computer name is randomly assigned during installation. |
| Domain membership | The computer is not joined to a domain by default; it is joined to a workgroup named WORKGROUP. |
| Windows Update | Windows Update is turned off by default. |
| Network connections | All network connections are set to obtain IP addresses automatically by using DHCP, for both IPv4 and IPv6 |
| Windows Firewall | Windows Firewall is turned on by default. |
| Roles/Features installed | No role or features are installed by default. |
Yes the firewall is now enabled out of the box so when you enable remote desktop make sure you review the firewall setting in server manager to ensure you are allowed to remotely manage your server. Also you might notice that no role or feature is installed by default this will minimize the effective attack surface for your Windows Server 2008 box as it does not have any service running by default like in previous instances of Windows that could lead to an attack due to an unpatched security vulnerability or improperly configured services.
Before closing this post I would just like to remind everyone that this screen is not available in the Windows Server 2008 core install.
In my next post tomorrow I will talk a bit about server manager and how to make sure your remote desktop connection is allowed thru with the firewall enabled out of the box, see you then!