Operating System Installation Procedures | Citrix Access Suite 4 for Windows Server 2003: The Official Guide, Third Edition

The following step-by-step instructions are meant to provide a quick reference for installing Windows 2000 Server and Windows Server 2003 with Terminal Services. Included in these instructions are the post-installation changes we recommend to address limitations in the operating system itself. These limitations are often due to insufficient default values, but they can also be settings to work around bugs, or simply changes we think are necessary to the "health and well-being" of an SBC environment. After each recommended change, we provide the setting value or instructions, as well as the reason. Where possible, we have also provided a URL reference with more information on why that change may be necessary.

For the first server build in the farm, document every step in order to create installation procedure documentation. This documentation will be the blue print for all future server builds and serve as a portion of a disaster recovery plan.

The following is an example of the installation procedures needed for Windows 2000 Server:

Step

Description

Install and configure server hardware:

Unpackage and prep hardware
Update the firmware to the latest versions

If hardware like Compaq/Dell servers will be used, run the appropriate configuration software—for example, Smart Start.

Press F6 to install third-party SCSI or RAID driver(s) that are not currently on the Windows 2000 CD-ROM, if needed.

Press ENTER to continue with the installation.

Press F8 to agree with the license agreement.

Follow on screen prompts to create the appropriate partitions.

Select to format the partition using the NTFS file system.

Setup will format the partition and copy installation files. When completed, it will reboot the system and continue to the GUI setup.

Click Next to continue.

Select the regional settings and click Next.

10.

Enter a name and company name and click Next.

11.

Select the appropriate license settings and click Next.

12.

Select a computer name, enter the administrator password, and click Next.

Note

that Windows 2000 allows passwords of up to 127 characters. We recommend that the Administrator account password be at minimum nine characters long and that it includes at least one punctuation mark or non-printing ASCII character in the first seven characters.

13.

The installer will now be prompted to select the Windows 2000 components to be installed. We recommend selecting only what is needed, and to remove the following:

Accessories and Utilities Multimedia, games, and chat. In Communications, we remove Chat and Phone Dialer as well as the accessibility wizards.
Indexing Service
Internet Information Services (IIS) In addition to increasing security risks on a MetaFrame server, if IIS is left checked, the installer will have the option of installing NFuse during the install of MetaFrame, which is not recommended, as NFuse should be separated from the application servers.
Script Debugger

In addition, mark the Terminal Services check box to enable Terminal Services.

14.

Select the Date and Time settings and click Next.

15.

Select Application Server Mode and click Next.

16.

Select the default permissions for application compatibility.

Permissions compatible with Windows 2000 users This setting gives default Terminal Services users the same permissions as a member of the users group and could cause issues with some legacy applications.
Permissions compatible with Terminal Server 4.0 users This setting gives default Terminal Services users full access to critical registry and file system locations, thus enabling support for legacy applications while creating a possible security hole and, more important, giving the end user the ability to affect the stability of the system.

Click Next.

17.

The installer is now prompted to configure the network settings. We highly recommend configuring the network adapter cards now. Select Custom and click Next.

18.

Double-click Internet Protocol (TCP/IP) and enter the appropriate TCP/IP address information documented during the design phase.

Note

We recommend entering the FQDN for the domain the server is a part of in the DNS Suffix for this connection area of the DNS tab, located behind the Advanced button.

Click Next.

19.

The next screen will ask if you would like to join a domain or remain part of a workgroup. Select the appropriate setting and click Next.

Setup continues by copying system files and registering system components.

20.

Click Finish to reboot and log on for the first time.

21.

Install any necessary drivers. The system should be placed into install mode to install any hardware or hardware drivers. Refer to the "Installing and Configuring Applications" section in Chapter 13 for more information on install mode.

Choose Start | Run. In the dialog box that appears, type: change user /install. Then click OK.

When the install of the new hardware is completed, place the system back in Execute mode.

Choose Start | Run. In the dialog box that appears, type: change user /execute. Then click OK.

22.

If the Novell Client is required, install it at this point.

When completed, disable the Novell System Tray Icon.

Disable the Novell System Tray icon by using this key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Network Provider\ Menu Items] "Enable System Icon"=string:YES.

If slow logons are experienced, adjust the network bindings order.

23.

Install Microsoft Service Pack 2. It can be found at http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/default.asp.

Note

As of this writing, we do NOT recommend installing Service Pack 3. Be sure to test all service packs on a non-production server prior to installing them in a production environment.

24.

Install any Microsoft security roll-up hotfixes or patches.

These can be downloaded from http://www.microsoft.com/windows2000/downloads/critical/q311401/default.asp.

For more information check http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/w2ksrp1.asp.

25.

Run Microsoft Windows Update and install all critical updates and service packs, root certificates, and Windows compatibility updates. These can be found at the following web address: http://www.microsoft.com/windowsupdate

Note

Remember to use change user /install mode for any updates. For more information on change user /install mode, please refer to Chapter 13.

26.

Set the media type, duplex setting, and the speed that the NIC is required to use within the environment. Verify that the switch or managed switch is configured to the preferred setting. Never allow the NIC to "auto detect" the settings.

Go to Start | Settings | Control Panel | Network and Dial-Up Connections. Right-click Local Area Network. Choose Properties | Configure. Then click the Advanced Tab.

27.

Disable any additional network interface cards or implement NIC teaming per the supplied vendor installation procedures.

Go to Start | Settings | Control Panel | Network and Dial-Up Connections.

Right-click any additional NICs and click Disable.

28.

Create and format any additional partitions.

29.

Move the page file to another faster drive or the second partition, if available, and set the PAGEFILE to 2.1 (4095MB max) times the total amount of physical RAM installed on the server.

Go to Start | Settings | Control Panel. Double-click the System applet. Select the Advanced tab. Choose Performance Options, then select Change.

30.

Increase the Registry Size. 125MB should be sufficient.

Go to Start | Settings | Control Panel. Double-click the System applet. Select the Advanced tab. Choose Performance Options, then select Change and change the Registry Size (the last field at the bottom of the page).

The following is an example of the installation procedures needed for Windows Server 2003:

Step

Description

If hardware like Compaq/Dell servers will be used, run the appropriate configuration software—for example, Smart Start.

Press F6 to install third-party SCSI or RAID driver(s) that are not currently on the Windows Server 2003 CD-ROM, if needed.

Press ENTER to continue with the installation.

Press F8 to agree with the license agreement.

Follow onscreen prompts to create the appropriate partitions.

Select to format the partition using the NTFS file system.

Setup will format the partition and copy installation files. When completed, it will reboot the system and continue to the GUI setup.

Select the regional settings and click Next.

Enter a name and company name and click Next.

Enter the Product Key and click Next.

10.

Select the appropriate license settings and click Next.

11.

Select a computer name, enter the administrator password, and click Next.

Note

Windows Server 2003 allows passwords of up to 127 characters. We recommend that the Administrator account password be a minimum of nine characters long and that it include at least one punctuation mark or non-printing ASCII character in the first seven characters.

12.

Select the appropriate Date and Time setting and click Next.

13.

The installer is now prompted to configure the network settings. We highly recommend configuring the network adapter cards now. Select Custom and click Next.

14.

Double-click Internet Protocol (TCP/IP) and enter the appropriate TCP/IP address information documented during the design phase.

Note

It is recommended to enter the FQDN for the domain the server is a part of in the DNS Suffix for this connection area of the DNS tab, which is located behind the Advanced button.

Click Next.

15.

The next screen will ask if you would like to join a domain or stay a part of a workgroup. Select the appropriate setting and click Next.

Setup continues by copying system files and registering system components.

16.

Click Finish to reboot and log on for the first time.

17.

The server will display the Manage Server GUI after the initial logon.

Click the Add or Remove a Role link.

18.

Click Next to continue.

19.

Select Terminal Server and click Next.

20.

Click Next to install Terminal Server.

21.

Close all programs and click OK.

22.

The server will reboot and you will need to log on again.

23.

Click Finish in the Configure Your Server Wizard.

24.

For Windows Server 2003, you have to assign the groups that will be allowed to access the terminal server through Terminal Services

Go to Start | All Programs | Administrative Tools | Computer Management. Click Local Users and Groups to expand it. Then click Groups. Double-click Remote Desktop Users, and add the users or groups that are appropriate.

25.

We recommend removing any unnecessary components from Windows.

Go to Start | Control Panel | Add/Remove Programs. Select Add/Remove Windows Components.

We recommend always removing the Accessibility Wizard and Communication Folder from the Accessories and Utilities.

26.

Install any necessary drivers. To do so, the system should be placed in install mode. Refer to the "Installing and Configuring Applications" section in Chapter 13 for more information on install mode.

Choose Start | Run. In the dialog box that appears, type change user /install. Then click OK.

When the install of the new hardware is completed, place the system back in Execute mode.

Choose Start | Run. In the dialog box that appears, type change user /execute. Then click OK.

27.

If the Novell Client is required, install it at this point.

When completed, disable the Novell System Tray icon.

To disable the Novell System Tray icon, use the following key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Network Provider\Menu Items] "Enable System Icon"=string:YES.

If slow logons are experienced, adjust the network bindings order.

28.

Run Microsoft Windows Update and install all critical updates and service packs, root certificates, and Windows compatibility updates.

These can be downloaded from the following web address: http://www.microsoft.com/windowsupdate.

Note

Remember to use change user /install mode for any updates. For more information on change user /install mode, please refer to Chapter 13.

29.

Go to Start | Control Panel | Network Connections. Right-click Local Area Network. Choose Properties | Configure. Then click the Advanced Tab.

30.

Disable any additional Network Interface Cards or implement NIC Teaming per the supplied vendor installation procedures.

Go to Start | Control Panel | Network Connections. Right-click any additional NICs and click Disable.

31.

Create and format any additional partitions.

32.

Move the page file to another faster drive or the second partition if available and set the PAGEFILE to 2.1 (4095MB max) times the total amount of physical RAM installed on the server.

Go to Start | Control Panel. Double-click the System applet. Click the Advanced tab. Click Settings under Performance, then select the Advanced tab and choose Change.

Service Packs and Hotfixes

The Golden Rule for loading post-release service packs and hotfixes is "Don't Unless You Have To." Unfortunately, critical applications or hardware issues often require service packs or hotfixes to correct critical problems or install the latest releases. Microsoft periodically releases service packs that are the culmination of fixes to problems discovered by customers and Microsoft technical support. Customers with an urgent need for a fix that was created after a service pack can often receive it in the form of a hotfix from Microsoft technical support. Citrix also releases periodic service packs in order to reduce the number of interim hotfixes.

The following list shows the current recommended service packs as of this writing:

Windows NT Server 4.0, Terminal Server Edition Service Pack 6 and security roll up, found at http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q317636/default.asp.
Windows 2000 Server Service Pack 3
Windows Server 2003 No service packs as of this writing, only post-release hotfixes.

We strongly recommend checking the Citrix and Microsoft web sites for the current level of service packs and related issues to evaluate whether they apply.

Note

Windows 2000 and 2003 use a "Windows Update" feature similar to Windows 98 that allows hotfixes to be automatically downloaded from the Internet. We strongly recommend against allowing automatic update on production servers. It does not provide the level of testing rigor that is required to maintain a stable and robust server farm.