Remote installation of Windows 2003

[Will]

Guys,

How can I remotely install Windows 2003 (web edition) onto a Linux box over the internet?

I've created an ISO image and am currently uploading it to the server. I assume I have to mount the ISO image and point the server to boot from that mount. If so, step 1 is pretty straightforward.

My worry is that, yes, OK, the CD will boot but only into a setup program. How can I automate the setup so it sets the server up and formats the disk with NTFS? Do I need to specify the product key prior to install or can I install and then enter this via remote desktop?

Please help, need answers pretty quick.

 

[Will]

Right - OK, got it done.

Now, what are your recommendations for securing a web-facing Windows 2003 server? I need a firewall, what would you suggest? Anti-virus recommendations?

 

[Matthew]

Nice one! Where did you get the server(s) from in the end?


Security ...
I use a McAfee firewall although if money permits then a Cisco PIX or ASA might be worth looking in to. When you install a software version you need to make sure you leave open the ports needed for remote control (or what ever way you are connecting). Once you have those rules in place you can then
start the firewall service. You dont want to go locking your self out

Virus scanner... It's best to set these not to scan all files as they land and leave the server. I have seen harddrives dead when a heavy scan is done constantly. I believe I am correct in thinking virus's are not a problem unless you actually click on the file in Windows.


You need to also think about permissions. I take permissions right back to just admin and system groups which breaks everything. I then just add the required users and groups on to the needed directories. If you like I can PM you a copy of the setup I use.

The permissions is another part which can break remote control... so make sure you have them correct before rebooting or you wont get back in with out help from the datacenter's support.

Once perms are all in place then you can look at securing IIS and getting rid of app paths that you dont need.

Let me know if you need any other information.

 

[Will]

For a bit of extra security can I set my Remote Desktop Connection to listen on a different port? (If it's simple!)

I went with fasthosts - they were cheap enough!

 

[Matthew]

The link below might help you, but I have not tested this my self... so it's up to you if you risk it It does look simple though and shouldnt cause a problem.

http://www.sanx.org/tipShow.asp?index=80

 

[Matthew]

I might have some free time tomorrow evening to look over and help with the config if you like. Just drop me a PM.