Begin by installing the Windows Server 2008 R2 Enterprise Edition as per steps 1-3 in Part 1.
After that...
Initial Configuration
1. Configure TCP/IP as follows - or to your requirements.
- IP: 10.0.0.3
- Subnet: 255.255.255.0
- Primary DNS: 10.0.0.1
- Advanced/DNS: Domain Suffix: dev.tassietech.local
3. After the reboot, log in as User1 that we created earlier.
4. The Initial Configuration Tasks window will appear again, enable remote desktop as before.
5. Select do not show this window at login and click close to get rid of the Initial Configuration tasks window.
6. When the Server Manager opens, select Roles, and Add Role, Add the Web Server (IIS) role and click Next thrice followed by Install, and after a short moment or two, Close.
Create a web based CRL Distribution point
7. Open the IIS Management Console and navigate through the tree to the Default Web Site.
8. Right click this, and select Add Virtual Directory.
9. In the Alias field, type CRLD. In physical path, select the browse button, and open C:\ and make a new folder called CRLDist. Click Ok.
10. In the middle, double click Directory Browsing. Select Enable.
11. In the console tree, click on the CRLD folder. then in the middle pane area, open Configuration Editor.
Click on the down arrow for Section. open the system.webServer\security\requestFiltering
12. In the middle now, double click allowDoubleEscaping to change it to True and click Apply.
Set up HTTPS Security
13. Click back onto Default Web site, in actions, select Bindings.
14. Click Add in Site Bindings, and Add a site binding of the type https. In the SSL cerfificate box, click the name of <servername>.<domainname> and click OK and Close. Close the IIS Management Console.
Configure NTFS Security
15. Open C:\ and then the properties of the CRLDist folder. Click Sharing, then Advanced.
16. Add a $ to the end of the share name. In permissions, add the object type of computers, then select Add your domain controller. Give it FULL CONTROL and click OK.
17. Go to the Security Tab, click Edit, and then Add. Again select the computer object type, and add your Domain controller. Again, give it FULL CONTROL and click OK. Close Explorer.
Get the CRL onto your App Server
18. On your DC, open the Certification Authority Console and expand the console tree.
19 Right Click Revoked Certificates, point to All Tasks, and select Publish.
20. In the Publish CRL dialog, click on New CRL, and then click OK.
22. Browse to the \\<appServer>\CRLDist$ share and you should see the certificates there. Close the CA.
Create a File Sharing Folder
23. Open C:\ and create a new folder - I called mine 'Data'.
24. Share the Files Folder however you like.
That's it, we are done with our Base Configuration. We are now ready to kick on into bigger and better things :)