How to Install Windows Server 2022 Step by Step

Initial Configuration of Windows Server 2022 After Installation

After completing a fresh installation of Windows Server 2022, the out-of-box state is not production-ready. The default configuration leaves many settings unconfigured, security hardening incomplete, and essential services disabled. This guide walks through every critical post-installation step, from renaming the machine to installing updates, so your server is secure and ready for its intended role.

First Login and Server Manager Overview

When you log in for the first time, Windows Server 2022 launches Server Manager automatically. Server Manager is your central dashboard for managing roles, features, and server health. Before closing it, take note of the notifications panel — it will often flag items like IE Enhanced Security Configuration being enabled or the Windows Firewall status. For now, leave Server Manager open as a reference while working through these steps.

The default Administrator account is active after a clean install. The first thing you should do before anything else is open an elevated PowerShell session. Right-click the Start button and select “Windows PowerShell (Admin)” or “Terminal (Admin)” on Server 2022 with Desktop Experience. All commands in this guide assume you are running in an elevated session.

Renaming the Computer

The default computer name assigned during installation is randomly generated and meaningless. Rename it immediately to match your naming convention. The Rename-Computer cmdlet handles this cleanly and supports an immediate restart flag.

Rename-Computer -NewName "WEB-SRV-01" -Restart

If you want to rename without restarting immediately, omit the -Restart flag and restart manually later. The name change does not take effect until after a reboot. For domain-joined machines, use the -DomainCredential parameter to authenticate against the domain controller.

Rename-Computer -NewName "WEB-SRV-01" -DomainCredential (Get-Credential) -Force

Configuring a Static IP Address

Servers should never rely on DHCP for their IP addresses. A static IP ensures that DNS records, firewall rules, and client connections remain stable. Use Get-NetAdapter to identify your network interface name first.

Get-NetAdapter

Note the Name and InterfaceIndex values from the output. Then remove any existing DHCP-assigned address and set a static one using New-NetIPAddress.

# Remove existing DHCP address
Remove-NetIPAddress -InterfaceAlias "Ethernet0" -Confirm:$false

# Remove existing default gateway
Remove-NetRoute -InterfaceAlias "Ethernet0" -DestinationPrefix "0.0.0.0/0" -Confirm:$false

# Set static IP, subnet, and gateway
New-NetIPAddress -InterfaceAlias "Ethernet0" `
    -IPAddress "192.168.1.100" `
    -PrefixLength 24 `
    -DefaultGateway "192.168.1.1"

# Set DNS servers
Set-DnsClientServerAddress -InterfaceAlias "Ethernet0" `
    -ServerAddresses ("192.168.1.10", "8.8.8.8")

Verify the configuration was applied correctly:

Get-NetIPAddress -InterfaceAlias "Ethernet0"
Get-NetRoute -InterfaceAlias "Ethernet0"
Get-DnsClientServerAddress -InterfaceAlias "Ethernet0"

Setting the Time Zone

An incorrect time zone causes problems with event log timestamps, Kerberos authentication (which is time-sensitive), and scheduled tasks. Set the correct time zone before proceeding.

# List available time zones
Get-TimeZone -ListAvailable | Where-Object { $_.Id -like "*Eastern*" }

# Set the time zone
Set-TimeZone -Id "Eastern Standard Time"

# Verify
Get-TimeZone

Enabling and Configuring Windows Firewall

Windows Firewall should be enabled on all three profiles: Domain, Private, and Public. Verify its current state and enable all profiles if any are disabled.

# Check current firewall state
Get-NetFirewallProfile | Select-Object Name, Enabled

# Enable all profiles
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled True

To set default inbound and outbound actions (block inbound, allow outbound is typical):

Set-NetFirewallProfile -Profile Domain,Private,Public `
    -DefaultInboundAction Block `
    -DefaultOutboundAction Allow `
    -NotifyOnListen True

Activating Windows Server 2022

Windows Server 2022 must be activated to function without restrictions. If you have a retail or volume license key, use slmgr from an elevated PowerShell or Command Prompt session.

# Install the product key
slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

# Activate online
slmgr.vbs /ato

# Check activation status
slmgr.vbs /dli

For KMS (Key Management Service) activation used in volume licensing environments:

# Set KMS server address
slmgr.vbs /skms kms-server.yourdomain.com:1688

# Activate against KMS
slmgr.vbs /ato

# Display detailed license information
slmgr.vbs /dlv

Installing Windows Updates

Applying updates immediately after installation patches known vulnerabilities before the server is exposed to any network traffic. Use the PSWindowsUpdate module for scripted update management, or use the built-in Windows Update settings via the GUI. For a command-line approach:

# Install the PSWindowsUpdate module from PSGallery
Install-Module -Name PSWindowsUpdate -Force -AllowClobber

# Import the module
Import-Module PSWindowsUpdate

# Check for available updates
Get-WindowsUpdate

# Install all available updates automatically, accept all, auto-reboot
Install-WindowsUpdate -AcceptAll -AutoReboot

If PSGallery is not accessible, configure Windows Update through the Settings UI: Settings > Windows Update > Check for updates. After updates install, reboot and check again until no updates remain pending.

Enabling Remote Desktop

Remote Desktop Protocol (RDP) is disabled by default on fresh installations. Enable it via PowerShell by modifying the registry key that controls this setting.

# Enable Remote Desktop
Set-ItemProperty -Path "HKLM:SystemCurrentControlSetControlTerminal Server" `
    -Name "fDenyTSConnections" -Value 0

# Enable NLA (Network Level Authentication) — strongly recommended
Set-ItemProperty -Path "HKLM:SystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" `
    -Name "UserAuthentication" -Value 1

# Allow RDP through Windows Firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Verify the registry change was applied:

Get-ItemProperty -Path "HKLM:SystemCurrentControlSetControlTerminal Server" `
    -Name "fDenyTSConnections"

A value of 0 means RDP is enabled. A value of 1 means it is disabled.

Creating an Administrative User Account

Using the built-in Administrator account for day-to-day work is a poor security practice. Create a dedicated named admin account and optionally disable the built-in Administrator after confirming the new account works.

# Create a secure password
$SecurePass = ConvertTo-SecureString "P@ssw0rd123!" -AsPlainText -Force

# Create the new local user
New-LocalUser -Name "sysadmin" `
    -Password $SecurePass `
    -FullName "System Administrator" `
    -Description "Primary admin account" `
    -PasswordNeverExpires $false `
    -UserMayNotChangePassword $false

# Add to Administrators group
Add-LocalGroupMember -Group "Administrators" -Member "sysadmin"

# Optionally disable the built-in Administrator
Disable-LocalUser -Name "Administrator"

Basic PowerShell Configuration

Configure PowerShell to make administrative work more efficient. Set the execution policy to allow signed scripts and set up a basic profile.

# Set execution policy for the local machine
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine -Force

# Check current execution policy
Get-ExecutionPolicy -List

Enable PowerShell script block logging for auditing purposes — this is particularly important on servers:

# Enable script block logging via registry
$LogPath = "HKLM:SOFTWAREPoliciesMicrosoftWindowsPowerShellScriptBlockLogging"
If (!(Test-Path $LogPath)) { New-Item -Path $LogPath -Force }
Set-ItemProperty -Path $LogPath -Name "EnableScriptBlockLogging" -Value 1

Checking System Information

After completing initial configuration, document the server’s configuration using Get-ComputerInfo. This cmdlet returns a comprehensive snapshot of the system.

# Full system information
Get-ComputerInfo

# Specific properties only
Get-ComputerInfo -Property CsName, OsName, OsVersion, OsBuildNumber, `
    CsProcessors, CsTotalPhysicalMemory, OsArchitecture, WindowsProductName

# Quick OS version check
[System.Environment]::OSVersion
$PSVersionTable

Additionally, verify your network configuration is correct after all changes:

# Check IP configuration (equivalent of ipconfig /all)
Get-NetIPConfiguration -Detailed

# Test internet connectivity
Test-NetConnection -ComputerName "8.8.8.8" -InformationLevel Quiet
Test-NetConnection -ComputerName "google.com" -Port 443

Setting the Page File

For production servers, manage the page file manually rather than leaving it on automatic. The recommended size depends on workload, but a common baseline is 1.5x physical RAM for the initial size and 3x for maximum.

# Disable automatic page file management
$CS = Get-WmiObject -Class Win32_ComputerSystem
$CS.AutomaticManagedPagefile = $false
$CS.Put()

# Set page file on C: drive (initial 4096MB, max 8192MB)
$PF = Get-WmiObject -Class Win32_PageFileSetting
If ($PF -eq $null) {
    Set-WmiInstance -Class Win32_PageFileSetting `
        -Arguments @{Name="C:pagefile.sys"; InitialSize=4096; MaximumSize=8192}
} Else {
    $PF.InitialSize = 4096
    $PF.MaximumSize = 8192
    $PF.Put()
}

Final Verification Checklist

Before putting the server into service, run through this verification checklist from PowerShell:

# Computer name
$env:COMPUTERNAME

# IP address
(Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.InterfaceAlias -ne "Loopback Pseudo-Interface 1" }).IPAddress

# Firewall status
(Get-NetFirewallProfile).Enabled

# Windows activation status
(Get-WmiObject SoftwareLicensingProduct | Where-Object { $_.PartialProductKey }).LicenseStatus

# Remote Desktop status
(Get-ItemProperty "HKLM:SystemCurrentControlSetControlTerminal Server").fDenyTSConnections

# Time zone
(Get-TimeZone).Id

# OS build
(Get-ComputerInfo).OsBuildNumber

With all these steps complete, your Windows Server 2022 installation is properly configured with a unique name, static network settings, firewall protection, an activated license, current patches, Remote Desktop access, a named administrator account, and PowerShell ready for management. This baseline configuration is the foundation for any server role you deploy next, whether that is Active Directory, IIS, SQL Server, or a file server.