Helping a friend with Windows Server 22

---

I recently helped a friend set up a home server using his old gaming laptop. His requirements were to have a server that could run continuously to gather data for a work project. He also needed it to be accessible via the internet so clients could periodically check the data. He decided to use an evaluation copy of Windows Server 2022 to see if it met his needs.

To start, I directed him to the Microsoft website to download the Server 2022 ISO, along with Rufus to create a bootable USB drive for a clean install. The first challenge was that his laptop had fast boot enabled, preventing access to the BIOS. After some quick Googling, we disabled fast boot and adjusted the BIOS settings to boot from the USB. With that done, we reformatted the laptop and installed Windows Server 2022.

Initially, I planned to walk him through the setup over the phone, but we ended up using TeamViewer until we could configure Remote Desktop. It worked flawlessly.

The first task was renaming the machine. He chose "BL4CKSN0W." Next, we installed Active Directory by adding roles and configuring the setup for his domain, which he named "blacksnow." We then created a new administrator account for him within Active Directory Users and Computers. For easy access later, we set up an organizational unit called “ActiveUsers,” and followed a naming convention for accounts—first initial followed by surname (e.g., W.Yorke). Once the account was created, we added it to the Domain Admins group, then logged out.

He logged back in under the new domain credentials and we moved on to remote access. We added Remote Access and Remote Desktop Services roles, as well as the Remote Desktop Services installation. At this stage, we were both learning on the go, figuring things out as we went along.

After setting up Remote Desktop and virtualization, I created my own admin account and a test user account. Next, we configured port forwarding on his router to allow me to RDP into the server via his public IPv4 address. We set up port forwarding to route traffic on port 3398 to the server. After restarting the router, I tested the connection from my machine using the RDP client. I logged in with my new admin account, and the server launched a virtual desktop. After a quick test of opening and closing some applications, I disconnected and logged in as the test user to verify limited access, which worked as expected.

The next task was setting up IP whitelisting to ensure only known IP addresses could access the server. His client, who will be accessing the server, has a static IP, which is ideal for this. We found the whitelisting options in Windows Defender Firewall with Advanced Security. We configured whitelisting on any inbound rule affecting port 3389.

This setup is by no means perfect, but it was a valuable learning experience. Over the coming months, we’ll refine it further and continue exploring Windows Server 2022. Our next challenge is solving the issue of his dynamic public IP address, as his ISP periodically changes it. That’s our next step!