Configuration of Server 2003

=OS Installation=
 * 1) Press the delete key and enter the BIOS. Set the BIOS to boot from the CD.
 * 2) Boot computer off a Standard Server CD
 * 3) “Welcome to Setup” – To setup Windows now, press Enter
 * 4) Press “C” to create a partition
 * 5) If the hard drive 120GB, make the first partition 10GB
 * 6) Make sure the 10GB partition is highlighted, press Enter to install Windows on this partition. Note: Only setup one partition, the second partition will be created after Windows is installed.
 * 7) Choose “Format the partition using the NTFS file system (Quick). The system will now format and copy files to the hard drive
 * 8) The system will automatically reboot after it finishes copying files.
 * 9) When the computer reboots, do not boot from the CD but leave the CD in the CD-ROM.
 * 10) The installation will continue. Eventually it will ask for a name, use: “GTZ-SACCO”  and enter the license key,
 * 11) When selecting Licensing Modes, choose “Per Device or Per User”
 * 12) Name the computer and set the administrative password
 * 13) Use the default values when configuring the network settings
 * 14) Choose “Typical Settings”
 * 15) Choose “No, this computer is not on a network, or is on a network without a domain.” Use the default “WORKGROUP”
 * 16) Once the computer finishes installation, it will automatically reboot. Again, do not boot from the CD-ROM.  You can now remove the CD
 * 17) When the server reboots, it will ask for Disk 2 of MS Windows Server 2003 R2 Standard Edition.
 * 18) Once it copies the remaining files, the installation will be complete

=Updates and Drivers=

Driver and Utility Installation

 * 1) Install the audio driver (6.21MB).
 * 2) Install My Guard (4.78MB), a utility to monitor CPU temperature.
 * 3) Install ProduKey, which tells you the Windows Key. If the key is misplaced, you can use this program to retrieve it.
 * 4) Download Sysprep (1.82MB) and unzip the folder to the top level of the C:\ drive. This is not an installation, only copying the sysprep folder to C:\

Updates
To run updates, the computer must be connected to the Internet.


 * 1) Click > Start > All Programs > Windows Update
 * 2) Follow the on-screen instructions to install on necessary updates.

=Creating Shared Files and Backup Folders=

Format and Sharing the Drives

 * 1) Start > Administration Tools > Computer Management > Disk Management
 * 2) In the window on lower right side, right click the device and choose Change Drive Letter and Paths. Do this for each of the following devices:
 * 3) *Change the drive letter for the CD-ROM to F:\
 * 4) *Format the remaining space on the primary hard drive. Make it drive letter D:\ and name it MBWinDB
 * 5) *Format the second drive. Make it drive E:\ and name it MBWinBackup.
 * 6) Close Computer Management
 * 7) Start > My Computer > MBWinDB D:\
 * 8) *Create a new folder named  MBWin.
 * 9) *Inside the MBWin folder, create a folder named DataFiles
 * 10) *Right click the DataFiles folder > select Properties
 * 11) *Under the General tab, in the Attributes section, make sure the Read-only box is NOT checked/ticked.
 * 12) *Under the Security tab, click Users > Remove > OK
 * 13) Click the up arrow to go up a level to see all the drives
 * 14) Double click MBWinBackup E:\ [[Image:Term-13.gif|frame|right|The structure of the E:\ drive.]]
 * 15) *Create a folder named shared_docs in MBWinBackup E:\
 * 16) *Right click shared_docs, select Properties
 * 17) *Click the Sharing tab > Choose Share the folder
 * 18) *Click Permissions
 * 19) *Check/Tic Full Control for the group Everyone, click OK, click OK
 * 20) In the shared_docs folder, create 3 folders
 * 21) *Manger Files
 * 22) *MBWinBackups
 * 23) *WYSEUnits

=Configuring Terminal Services= The server must be connected to the Internet to complete this process.


 * 1) During the installation of Server 2003, in the screen called Licensing Modes – Select Per Device or Per User[[Image:RAID-1.gif|frame|none]]
 * 2) After the installation of Server 2003 finishes, Start > Control Panel > Add or Remove Programs > Add/Remove Windows Components > Check Terminal Server and Terminal Server Licensing > Next[[Image:Term-1.gif|frame|none]]
 * 3) Choose "Full Security"
 * 4) Choose "I will specify a license server within 120 days."
 * 5) Choose "Per User licensing mode"
 * 6) Use the default domain.
 * 7) It will then install components. It may ask for the Server 2003 CD to complete the installation.  (Insert the CD).  When it finishes installing the components > Click Finish
 * 8) It will ask "Do you want to restart your computer now?" click Yes
 * 9) Start > Administrative Tools > Terminal Server Licensing (NOT Terminal Services Configuration)
 * 10) You need to activate the server. Right click the server name > Activate Server[[Image:Term-2.gif|frame|none]]
 * 11) This will launch the Terminal Server License Server Activation Wizard > Next
 * 12) Connection Activation Method > Automatic > Next
 * 13) The server will connect to Microsoft to verify. Then it will ask for First name, Last name, company and country/region.  After entering this information > Next
 * 14) It will then ask for email and address > Next
 * 15) The terminal server license server is activated. Now you need to active terminal services for the clients.  Make sure the “start terminal server client licensing wizard now” box is checked > Next[[Image:Term-3.gif|frame|none]]
 * 16) Now you will see “Welcome to the Terminal Server CAL Installation Wizard” > Next. The server will then connect to the Microsoft
 * 17) Now choose the type of Licensing Program. The type of license depends on what kind you purchased from Microsoft.  If you are unsure of which kind of license you have, look at the sample number.  Each license has a different numbering style.  Select different licensing options, until the sample shows your license numbering format.  In this example, we are using an open license.  Select Open License > Next[[Image:Term-4.gif|frame|none]]
 * 18) Enter the agreement and license Number > Next [[Image:Term-5.gif|frame|none]]
 * 19) Now you need to enter the type of terminal license. It VERY important.  Under product type choose per User, NOT per device.  The server will connect to Microsoft [[Image:Term-6.gif|frame|none]]
 * 20) The terminal server CAL wizard is now complete > Finish. Terminal services is now activated.
 * 21) Double check that the licensing type is correct. Start > Administrative Tools > Terminal Services Configuration > Server Settings
 * 22) Make sure Licensing is set to Per User, not Per Device[[Image:Term-7.gif|frame|none]]

=Creating Users= All but two users will be in the Remote Desktop Users group. These two users, default and WYSEUnits, will only be used to create shared folders on the client machines. People will not sign in any computers or remote desktop sessions as either default of WYSEUnits.

Creating Two Special Accounts

 * 1) Start > Administrative Tools > Computer Management > Local Users and Groups > Users
 * 2) Right click Users > New User
 * 3) Set the User name: to default > set the password to 1nvene0
 * 4) Uncheck "User must change password". Check "user cannot change password" and "password never expires" > click Create
 * 5) Create another user named WYSEUnits > set the password to WYSEUnits
 * 6) Uncheck User must change password. Check user cannot change password and password never expires > click Create > click Close

Creating Remote Desktop Users
These users will access MBWin via a remote desktop session.
 * 1) Right click Users > New User<
 * 2) Enter the user name and password. Since all of these users will have the same permissions, simply name the users user01, user02, user03, etc.  The password should be the same as the user name.  The password for user01 is user01.  Uncheck User must change password.  Check user cannot change password and password never expires.[[Image:Term-9.gif|frame|none]]
 * 3) Create as many users as needed. Then click close.
 * 4) Double click the user.
 * 5) The user needs to be part of the Remote Desktop Users Group. Click the Member of tab.  Click Add. Type Remote Desktop Users in the object names box[[Image:Term-10.gif|frame|none]]
 * 6) Click Environment tab. Check/tic the Start the following programs at login: box.  Under Program file name: type C:\MBWin\MBWin.exe[[Image:Term-11.gif|frame|none]]
 * 7) Click the Sessions tab. Under End a disconnected session, choose 1 minute.  Set Idle session limit: to 1 hour.  Under When a session limit is reached or connection is broken, click End Session.  Click OK[[Image:Term-12.gif|frame|none]]

=Setting up DHCP on the Network= The DNS server is not configured. This server should never be connected to the Internet. As an extra security measure to prevent spyware and malware from attacking the computer running MBWin, this server is not intended for networks with Internet access shared by the server.

Set the IP Address of the Server

 * 1) Start > Control Panel > Network Options > Local Area Connection
 * 2) Click Properties
 * 3) Click Internet Protocol (TCP/IP) > Properties
 * 4) Click Use the following IP Address
 * 5) *Set the IP address to 192.168.100.1.
 * 6) *Set the Subnet Mask to 255.255.255.0.
 * 7) *Leave the Default Gateway empty.
 * 8) Click OK > OK > Close

Configuring the DHCP Server

 * 1) Start > All Programs > Administrative Tools > Manage Your Server > Add or remove a role > Next
 * 2) Choose Custom Configuration > Next
 * 3) Click DHCP server (it will be marked as No) > Next > Next > Next
 * 4) In the New Scope Wizard, type the name SACCO-DHCP in the Name field > Next
 * 5) Start the IP address range at 192.168.100.100
 * 6) End the IP address range at 192.168.100.199
 * 7) There are no excluded IP address > Next
 * 8) Set Lease Duration to 8 days > Next
 * 9) Under Configure DHCP options, select No, I will configure these options later > Next > Finish > Finish
 * 10) To verify the setting in the DHCP server, click Start > Administrative Tools > DHCP
 * 11) In the box/pane on the left, under DHCP, the server name and the IP address 192.168.100.1
 * 12) Make sure there is a green arrow pointing up next the server. If there is a red arrow pointing down, click the green arrow pointing up in the toolbar.  This will activate the DHCP server.

=MBWin=

Install MBWin

 * 1) Insert MBWin into the CD. This will auto-launch a menu to a list of some of the programs on the CD.  You must first install Framework; however, Framework is not listed on the auto-launched main menu.
 * 2) Right Click on the CD-ROM drive > Explore
 * 3) Install Framework
 * 4) On the auto-launched main menu, click
 * 5) Click on Microsoft SQL Express 2005 with Advanced Tools and install
 * 6) Click on Microsoft SQL 2005 Backward Compatibility Components and install
 * 7) Click on Install Full MBWin on this machine and install
 * 8) Click on Install Blank Database.
 * 9) *Note: The database will be installed on the C:\ drive. It must manually be moved to D:\MBWin\Datafiles
 * 10) Go SQL Server Management Studio Express > Use SQL Server Authentication
 * 11) Sign into Microbanker
 * 12) Remove Data Execution Prevention under Server Settings.

Configuring New Users

 * 1) Log from the client machines using each of the Remote Desktop Users (user01, user02, etc).
 * 2) After logging in, a window will pop up MBWin cannot find the Microbanker shared Directory. Would you like to locate it yourself? > OK
 * 3) Browse to C:\MBWin > OK

=Installing a Printer= Many SACCOs use the HP 460 printer, so we will use the HP 460 as an example in the instructions, both for configuring the server and the client machines. If you are not installing an HP 460, these instructions still apply.


 * 1) Use the installation CD that came with the printer. If you do not have the installation CD, download the drivers from the Internet.
 * 2) Once the printer is installed, Start > Printers and Faxes
 * 3) Right click the newly installed printer > Sharing
 * 4) In the Sharing tab, select Share this printer and name the printer HP460

=Security Restrictions=
 * 1) Start > Administrative Tools > Local Security Policy > Local Policies
 * 2) Click User Rights Assignment
 * 3) *Double click Allow on locally, remove Users, Power Users and Backup Operators
 * 4) Click Security Options in the frame on the left
 * 5) *Click Devices:Restrict CD-ROM access to locally logged-on users only, select Enabled
 * 6) *Click Devices:Restrict floppy access to locally logged-on users only, select Enabled
 * 7) *Click Shutdown:Allow system to be shut down without having to log on, select Enabled
 * 8) Close the Local Security Policy Window
 * 9) Start > Run > gpedit.msc
 * 10) Computer Configuration > Administrative Templates > System
 * 11) *Click Display Shutdown Event Tracker, select Disabled
 * 12) *Click Turn off Autoplay, select Disabled

=Installing Anti-Virus=
 * 1) Double click the install program
 * 2) Choose custom installation
 * 3) Enter the license number
 * 4) Install AVG in the default directory
 * 5) Under Module Selection, uncheck Web Shield, Additional installed languages and E-mail scanner > Next > Next
 * 6) After AVG is installed, the "First Run Wizard" will automatically launch.
 * 7) Configure updates to run once a day and to run a scan once a day at 12:00pm > Next > Next > Next > Finish
 * 8) After installation completes, click on the AVG icon on the desktop
 * 9) Computer Scanner > click on Scheduled Scan [date], 12:00:00pm > Edit scheduled scan
 * 10) Click What to scan tab
 * 11) Click Scan specific files or folders, check/tick D:\ and E:\ drive. Since Deep Freeze keeps the C:\ drive protected, running a scan on the C: drive is not necessary and will make the virus scan take much longer, causing the server to slow down for a longer period of time.
 * 12) Click Save

=Deep Freeze=
 * 1) Double click on the install program
 * 2) Under Volumes to Freeze, uncheck/untick D: and E:
 * 3) Click Install
 * 4) Click I accept > Next > Finish
 * 5) The computer will automatically reboot
 * 6) Would you like to set up a password for Deep Freeze? click Yes
 * 7) Set the password as 1nvene0
 * 8) The system is now frozen, the system needs to be thawed (or unfrozen) to run SysPrep. To thaw Deep Freeze, hold down the shift key while double clicking the bear icon in the systems tray in the lower right corner.
 * 9) Enter the password 1nvene0
 * 10) Select Boot Thawed on next
 * 11) Change the number 1 to 2 restarts > Click OK
 * 12) Reboot the computer. The bear in the lower right corner will now blink and have an X on his face.  The computer is thawed and ready for sysprep.

=Sysprep=  Return to GTZ SACCO Uganda
 * 1) Start > All Programs > Accessories > System Tools > Disk Defragmenter
 * 2) Run a defragmentation on the C:\, D:\ and E:\ drives
 * 3) Open C:\sysprep
 * 4) Double click setupmgr.exe > Next
 * 5) Choose Create new > Next
 * 6) Double click Sysprep setup > Next [[Image:Sysprep01.gif|frame|right]]
 * 7) Click Windows Server 2003, Standard Edition > Next
 * 8) Click No, do not fully automate the installation > Next
 * 9) Do NOT enter a name or organization. Only click Next
 * 10) Use the default display settings. Only click Next
 * 11) For time zone, set it to (GMT +3:00) Nairobi if the computers will be deployed in Uganda > Next
 * 12) Leave the Product Key field blank > Next
 * 13) For Licensing Mode, choose Per Device or Per User > Next
 * 14) Choose Use the following computer name. Set the computer name to GTZ-AB4251720D1 > Next
 * 15) Under Administrative Password, select Use the following Administrator password
 * 16) *Set the password to: 1nvene0
 * 17) *That is one-n-v-e-n-e-zero
 * 18) *Enter the password twice
 * 19) *Click Next
 * 20) Under Networking Components, use Typical settings > Next
 * 21) Set the Workgroup to WORKGROUP > Next
 * 22) For telephony, use the default settings > Next
 * 23) For Regional Settings, click Use the default regional settings for the Windows version you are installing > Next
 * 24) Under Languages, do not select any languages. Only click Next[[Image:Sysprep02.gif|frame|right]]
 * 25) Under Install Printers, click Next
 * 26) Under Run Once, do not add anything > Next
 * 27) Under Additional Commands, do not add anything > Next
 * 28) Under Identification String, do not add anything > Finish
 * 29) This will open a window stating that file has been created at C:\sysprep\sysprep.inf > OK
 * 30) The file C:\sysprep\sysprep.inf already exists. Do you want to overwrite it > Yes
 * 31) Once you see You have successfully completed Setup Manger and created the following files: C:\sysprep\sysprep.inf > Cancel
 * 32) In the sysprep folder, double click sysprep.exe > Next
 * 33) A window warning that Sysyprep can modify a computer's security settings will pop up, click OK
 * 34) Under System Preparation Tool, click Reseal
 * 35) A window will pop up about creating SIDs. Click 'OK to regenerate SIDs.
 * 36) Sysprep will prepare the machine and shutdown when it finishes.