Recommended Firsts for Windows
After creating a Windows pre-install, we recommend you follow these steps to patch and secure your newly deployed Windows server:
Specify at Least 4GB of RAM:
By default, servers are created with 1GB of RAM. Windows requires more than that; we’ve found 4GB to be sufficient for standard use.
Specify at Least 2 Cores:
We’ve found that Windows gets happier with more cores, and we recommend at least two. While the server is shut down, navigate to the server configuration page to explicitly set the number of cores.
Boot and Connect for the First Time:
There are two layers of security, VNC and Windows. VNC will ask for a password, which is found on the dashboard. (In the below example, the password is tH58Sf7T.) For Windows, the username is Administrator. You will be prompted to set a password before you can go further.
Pre-install images created post 5.22.12 include network and disk virtIO drivers. While this is still somewhat experimental, we recommend you connect your disk by virtIO instead of IDE (via the control panel). Experiments show it’s less resource hungry, up to 50% faster for cached data, and won’t have fallback errors if the disk were to become contended.
Enable Remote Desktop:
We’ve already enabled Remote Desktop by default (at higher security). VNC is very useful for diagnosing a sick server that won’t boot (and therefore, won’t run Remote Desktop) and it is very useful for configuring a new server. But, it can’t compare to Microsoft’s Remote Desktop for everyday usability.
Resize the Partition:
From within Windows, it is very important to increase the partition size. Your Open Hosting disk might be 200GB, but by default Windows sees only 10GB. And, while 10GB is enough to boot Windows, it isn’t enough space to run Windows Update.
Do the prudent thing and run Windows Update before using your server. This might take a while, and require a few reboots. Don’t worry if after rebooting an hour or more passes before the server is again accessible by Remote Desktop. Remember that many of the updates are applied during boot. To monitor Windows during this time, you can use VNC to observe the console.
Enable a Firewall:
By default, Windows Server 2008 has its firewall enabled. We also recommending purchasing and configuring one of our simple and highly effective platform firewalls. With the server shut down, go to the server’s configuration page, click “Enabled” in the firewall section, and specify the ports to open in a space-separated list as “[transport]/[port number]“. For our purposes, you’ll enter “tcp/3389? to open TCP port 3389, which is the default port for Remote Desktop Protocol.
Consider Disabling ESC:
You’ll probably want to disable Internet Explorer Enhanced Security Configuration or install Firefox.
Turn on paging file:
Right-click My Computer, Properties, Advanced System Settings, Advanced tab, click Settings under Performance, click Change under Advanced, and select Automatically manage paging file size for all drives.
Now that you’ve patched, hardened, and configured your Windows Server, you might want to save a copy of your work.
When prompted to active Windows, click Next without entering a product key. Say Yes to the prompt to activate, and you should get a successful activation. If not, please email support.