How to Configure Initial Settings on Windows Server 2016

How to Configure Windows Server 2016 Initial Settings

After installing Windows Server 2016, a series of initial configuration tasks should be completed before placing the server into production. These tasks include setting the hostname, configuring the time zone, assigning a static IP address, enabling Remote Desktop, configuring Windows Update, and joining an Active Directory domain if applicable. This guide covers each of these steps using both Server Manager and PowerShell.

Step 1: Set the Computer Name

By default, Windows Server 2016 assigns a randomly generated hostname. Change it to something meaningful before configuring other services, as the hostname is used in certificates, DNS records, and domain membership.

# Rename the computer (restart required)
Rename-Computer -NewName "WS2016-SRV01" -Restart -Force

After the server restarts, log in again to continue configuration.

Step 2: Set the Time Zone

Accurate time is critical for Kerberos authentication, logging, and scheduled tasks. Set the correct time zone using PowerShell:

# List available time zones
Get-TimeZone -ListAvailable | Select-Object Id, DisplayName | Sort-Object DisplayName

# Set time zone (example: Eastern Standard Time)
Set-TimeZone -Id "Eastern Standard Time"

# Verify
Get-TimeZone

Step 3: Configure a Static IP Address

Servers should use static IP addresses rather than DHCP to ensure consistent connectivity. Identify the network adapter name first, then assign a static address:

# List network adapters
Get-NetAdapter

# Assign static IP, subnet mask, and default gateway
New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress 192.168.1.10 -PrefixLength 24 -DefaultGateway 192.168.1.1

# Set DNS server addresses
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses ("192.168.1.1","8.8.8.8")

# Verify configuration
Get-NetIPAddress -InterfaceAlias "Ethernet"
Get-DnsClientServerAddress -InterfaceAlias "Ethernet"

Step 4: Configure Windows Update Settings

Configure Windows Update to use automatic updates or integrate with Windows Server Update Services (WSUS) in your environment. For standalone servers, enable automatic updates via PowerShell:

# Set Windows Update to automatic (using registry)
$WUPath = "HKLM:SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU"
New-Item -Path $WUPath -Force | Out-Null
Set-ItemProperty -Path $WUPath -Name "NoAutoUpdate" -Value 0
Set-ItemProperty -Path $WUPath -Name "AUOptions" -Value 4

# Trigger an immediate update check
wuauclt.exe /detectnow

Step 5: Enable Windows Remote Management (WinRM)

WinRM allows remote PowerShell administration. Enable and configure it on the server:

# Enable WinRM and configure listener
Enable-PSRemoting -Force

# Verify WinRM is listening
Get-WSManInstance -ResourceURI winrm/config/listener -SelectorSet @{Address="*"; Transport="HTTP"}

# Test local connectivity
Test-WSMan localhost

Step 6: Configure Windows Firewall

Ensure the Windows Firewall is enabled and that management profiles are correctly set. Check the current firewall profile status:

# Check firewall profile status
Get-NetFirewallProfile | Select-Object Name, Enabled

# Enable all profiles if disabled
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

Step 7: Join an Active Directory Domain

If this server will be part of an existing Active Directory environment, join it to the domain. The server must be able to resolve the domain name via DNS before joining:

# Verify DNS resolution for the domain
Resolve-DnsName "corp.example.com"

# Join the domain (will prompt for credentials)
Add-Computer -DomainName "corp.example.com" -Restart

# Or specify credentials inline (use with caution in scripts)
$cred = Get-Credential
Add-Computer -DomainName "corp.example.com" -Credential $cred -OUPath "OU=Servers,DC=corp,DC=example,DC=com" -Restart

Step 8: Enable Remote Desktop

Enable Remote Desktop Protocol (RDP) so administrators can manage the server remotely:

# Enable Remote Desktop
Set-ItemProperty -Path "HKLM:SystemCurrentControlSetControlTerminal Server" -Name "fDenyTSConnections" -Value 0

# Allow RDP through Windows Firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

# Verify RDP is enabled
(Get-ItemProperty -Path "HKLM:SystemCurrentControlSetControlTerminal Server").fDenyTSConnections

Step 9: Configure Server Roles via Server Manager

Open Server Manager from the Start menu or taskbar. The dashboard provides a centralized view of all installed roles and features. Use the “Add Roles and Features” wizard to install server roles such as DNS Server, DHCP Server, Web Server (IIS), or File and Storage Services.

To add roles via PowerShell, use the Install-WindowsFeature cmdlet:

# Install Web Server (IIS) as an example
Install-WindowsFeature -Name Web-Server -IncludeManagementTools

# List all installed roles and features
Get-WindowsFeature | Where-Object { $_.InstallState -eq 'Installed' } | Select-Object Name, DisplayName

Step 10: Configure Event Log Retention

Configure the event logs to retain sufficient history for auditing and troubleshooting:

# Set System log maximum size to 64 MB
wevtutil sl System /ms:67108864

# Set Security log maximum size to 128 MB
wevtutil sl Security /ms:134217728

# Set retention policy to overwrite as needed
wevtutil sl System /rt:false
wevtutil sl Security /rt:false

Step 11: Configure Power Settings for Server Performance

Servers should run on the High Performance power plan to ensure consistent processing speed:

# Set High Performance power plan
powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c

# Verify active power plan
powercfg -getactivescheme

With these initial settings configured, Windows Server 2016 is ready for its intended role. Subsequent configuration steps will depend on the server’s purpose — whether it serves as a domain controller, file server, web server, or another role within your infrastructure.