Base-Build Bullet-point List-o-rama

Published Sep 19 2018 02:18 PM 108 Views

First published on TechNet on Mar 21, 2012

 

A lot more goes into a "well managed" base OS build design beyond booting from the OS media and then "Next > Next > Finish."  The content of this post is the outcome of many fruitful whiteboard sessions around Windows base-OS builds.  Some of this applies to physical servers only, some to virtual only but most is applicable to both.  Many customer's build processes were designed/built circa Windows Server 2003 and XP or earlier.  Alot has changed since then. Have a look and see if some of these points don't get you fired up about expanding and/or improving your own base OS build system/processes.

 

Rule #1: Document everything.

 

Consider creating a SharePoint site for build information/documentation

  • How-To Docs
  • Standards
  • Version info
  • Boot disk images (if needed)
  • Contact info
  • Training/PPT
  • Shortcuts to boot images or other paths

 

Specifics

  • Standardize on hdwr mfg/models/components (to minimize the variety)
    • Consider a series of ‘hardware templates’ for VMs (low util, standard util, high util)
    • Consider a series of specs for physcial servers - standard util and high util
    • RAM
    • CPU
    • Local storage
    • USB
    • Optical
    • Standardize on a label/ID process for phys servers
      • Front/rear panel label stickers w/ server name (minimum)

 

  • Create an “Advisory Board” for the build to get input from various elements across the business and IT
    • Ensures a ‘common’ build is developed (where/if possible)
    • Ensures consistency across the business (where/if possible)
    • Get the network team there for buy-off on the network suitability for the build traffic, DHCP/non-DHCP segments, unicast, multicast, etc
    • Talk to the desktop team – they likely have a build mechanism(s) in place and you may be able to integrate with or build off of what they have

 

  • Standardize on hdwr/firmwr/sw/ROM/driver versions and update frequency, testing,

 

  • Use Policy to set/reinforce settings along the 90/10 rule whenever possible
    • Define Local Group Policy settings aligned with corporate policy
    • Define AD GPOs to reinforce settings aligned with corporate policy
    • Use Exception OUs/GPOs for the exceptions
    • Have a solution for getting Local GPO standard settings applied to non-Domain joined systems
      • DMZ
      • LocalGPO tool in MSFT Security Compliance Manager Toolkit

 

  • Use a flexible process to create the builds so they can easily be maintained and modified going forward
    • WDS
    • SCCM w/ OSD
    • Manual
    • VM templates - don't forget SYSPREP!
    • Are most/common reqs met?
      • AD/SQL/EXG/IIS/TS/etc
    • Logs/DB spindles
    • SAN

      • Space capacity?
      • HBA slot(s) avail?
      • iSCSI NIC slots/ports avail?
    • Consider scripted build vs image-based build (WIM-based or block-based)
    • Service Pack, patch, driver updates and other changes should be easily added to the ‘base build’
    • Design/document a policy to update the build at certain time intervals/milestones
      • 1x, 2x per year
      • Every Service Pack
      • ?
    • Consider off-line builds as well as network connected processes
    • Consider DMZ builds/rebuilds
    • Consider remote/branch office builds/rebuilds
    • Consider partnering w/ hdwr vendor to deploy the build prior to ship/delivery for large-scale roll-outs/refreshes
      • Consider security ramifications of doing so
    • Base the process around defaults/common tools – don’t overly customize a system
      • Leads to a single point of failure and a possible bottle neck as the current enviro is reverse-engineered by someone
    • Consider if DHCP is a requirement of the build process or if static NIC entries can be made
    • Develop a numbering/tracking system for build versioning
      • Service Pack levels
      • OS platform (x86/x64)
      • OS version (Standard/Enterprise/Datacenter – 2003/2008/R2)
      • Core or full GUI
    • Consider the workloads/roles
    • Logical/physical drive setup

 

  • Standardize on the various high-level elements of the build
    • Drive config
      • Hdwr-based RAID controller model(s) and settings
      • Logical drive layout
      • Drive letters and sizes
        • How big is C: for W2k8 R2 vs W2k3?
        • Is the data drive D:?
        • What about CD ROM?
          • Consider making it Z:?
        • Where in the cage will the drives be place?
          • How will the logical array chop up those physical slots?
          • Hot spare?
        • Are there multiple channels on the Controller and how will that be set up?
        • What slot will the controller go in?
    • Network config

      • Will there be NIC teaming required?
        • Network/switch port capacity for teaming?
        • Drivers/versions/firmware on NIX
        • Supportability statement reminder
        • Fault toler?  Load balance?  Auto?
        • Speed/duplex settings?
      • What slot will the NIX go in?
      • Consider additional slot use/capacity planning
        • Controller(s)
        • HBA(s)
        • Additional NIX (i.e. VM host server)
      • Naming of the NIX – be consistent and helpful (slot/port/speed//etc)
        • Consider naming them so that based on the name, they can be ‘found’ in the OS on the server – ‘which is which’?
      • Decide to use hdwr vendor drivers or in-box MSFT drivers
      • IPv6 – enabled/disabled/supportability
      • NetBIOS over TCP/IP – enabled/disabled?
      • DNS suffix list?
      • NIC setting standards
        • WINS?  Multiple entries – unless it is a WINS server (in which case, it points to itself only)
        • DNS?  Multiple entries
    • Go through ALL BIOS settings and understand them

      • Consider the various settings/values
      • Define and document the standard
        • See if the hdwr vendor has a way to automate/replicate setting all servers to the spec (HP SmartStart Scripting Tools)
    • Go through ALL Controller settings and understand them

      • Consider the various settings/values
      • Define and document the standard
        • See if the hdwr vendor has a way to automate/replicate setting all servers to the spec (HP SmartStart Scripting Tools)

 

  • Consider server naming standards and flexibility (vs strict adherence) to be entered during the build process

 

  • Consider domain-joins and computer account (pre)creation in AD
    • This also includes OU location within AD to ensure proper OUs are applied and security policy is applied as expected/required/desired
    • Consider rebuilds, too, and/or existing computer accounts needing to be ‘touched’ prior to (re)deploying a build

 

  • Consider time zone settings being configured as part of the build process, if desired

 

  • Consider a ‘post build’ script or manual checklist that will verify/validate items
    • SCCM/DCM/other inventory tools?

 

  • Consider logging during the build to ease troubleshooting what can become a VERY complex collection of tasks

 

  • Consider how complex (and light-touch) you want to design vs how simple (and more-touch)

 

  • Consider asset tracking systems/updates as part of a build process if needed

 

  • Control access to the build images to help control sprawl and casual/undocumented changes

 

  • Consider change mgmt. as required
    • No builds during office hours due to network impact
    • Isolated/insulated/dedicated segment for builds
    • Is a change request needed to build a server?
    • Ensure there is tracking within the build system to answer the common questions - possibly a custom reg key(s)?
      • Who built this system?
      • When was it built?
      • What version of build/components?

 

  • Consider ‘thick’ or ‘thin’ (build type - not to be confused with fixed-size vs dynamically expanding VHDs)
    • Thin = starting with just what’s on the OS install media
    • Thick = complete, fully-loaded end point system
      • 3 rd party agents
      • All settings
      • On-going mgmt. of both options

 

  • Consider aspects of the OS
    • W2k8/R2 are secure out of the box
    • Supportability
      • Will some custom setting revert when a Service Pack is applied?
      • Will some patch install make assumptions that aren’t valid on a highly-customized build?
      • Third party tools/agents/etc
        • Many are developed using the base OS default settings
    • Auditing design - base OS builds and the build system itself
      • Who/What/When/Where
      • What do we want audited and what do we need to answer the questions
      • This is likely bigger than a base build component, but it is part of a base build
    • Local Policy Settings
      • Security Policy
      • Other settings
    • Power Management
      • Often an interaction between this and the hdwr vendor/BIOS settings, drivers, firmware
    • Pagefile details
      • How big?
      • Separate spindle?
    • Desktop layout and “Folder” or view options, BG Info?
    • System failure behavior
      • Full dump
      • Mini-dump
      • Kernel dump
      • Dump file location
        • Lots of RAM might mean huge pagefile
          • Consider disk space requirements
      • Auto-reboot
      • Over-write existing file?
    • Windows Firewall Profiles, Network Location Profiles
    • Backup – either in-box or 3 rd party add-on
    • User Account Control settings
      • During the build – preventing some 3 rd party drivers/utils to install?
      • After the build – define the design of UAC, set via Local GPO; reinforce/manage via AD GPO
    • Remote Desktop – enabled?
    • Services state
      • Auto/Manual/Disable
      • Supportability
    • WinRM?
    • Powershell code signing reqs?
    • Activation/KMS
    • IPv6?
      • Enabled/disabled
      • Supportability reminder
    • 3rd party or add-on Agents
      • Backup
      • Monitoring
      • Management
    • Application ‘platform’ elements
      • App install location/path/folder(s)
      • Permissions req’d for app run/install?
        • NTFS
    • Strongly consider the default settings of current OS versions
%3CLINGO-SUB%20id%3D%22lingo-sub-255539%22%20slang%3D%22en-US%22%3EBase-Build%20Bullet-point%20List-o-rama%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-255539%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%20First%20published%20on%20TechNet%20on%20Mar%2021%2C%202012%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%3EA%20lot%20more%20goes%20into%20a%20%22well%20managed%22%20base%20OS%20build%20design%20beyond%20booting%20from%20the%20OS%20media%20and%20then%26nbsp%3B%22Next%20%26gt%3B%20Next%20%26gt%3B%20Finish.%22%26nbsp%3B%20The%26nbsp%3Bcontent%20of%20this%20post%20is%20the%20outcome%20of%26nbsp%3Bmany%20fruitful%20whiteboard%20sessions%26nbsp%3Baround%26nbsp%3BWindows%20base-OS%20builds.%26nbsp%3B%20Some%20of%20this%20applies%20to%20physical%20servers%26nbsp%3Bonly%2C%20some%20to%26nbsp%3Bvirtual%20only%20but%26nbsp%3Bmost%20is%20applicable%26nbsp%3Bto%20both.%26nbsp%3B%20Many%20customer's%20build%20processes%20were%20designed%2Fbuilt%20circa%20Windows%20Server%202003%20and%20XP%20or%20earlier.%26nbsp%3B%20Alot%20has%20changed%20since%20then.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%20%3CSPAN%3E%20%3CSPAN%3E%20Have%20a%20look%20and%20see%20if%20some%20of%20these%20points%20don't%20get%20you%20fired%20up%20about%20expanding%20and%2For%20improving%20your%20own%20base%20OS%20build%20system%2Fprocesses.%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20%3CSPAN%3E%20Rule%20%231%3A%20Document%20everything.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%3EConsider%20creating%20a%20SharePoint%20site%20for%20build%20information%2Fdocumentation%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20How-To%20Docs%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Standards%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Version%20info%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Boot%20disk%20images%20(if%20needed)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Contact%20info%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Training%2FPPT%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Shortcuts%20to%20boot%20images%20or%20other%20paths%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%3ESpecifics%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Standardize%20on%20hdwr%20mfg%2Fmodels%2Fcomponents%20(to%20minimize%20the%20variety)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%26nbsp%3Ba%20series%20of%20%E2%80%98hardware%20templates%E2%80%99%20for%20VMs%20(low%20util%2C%20standard%20util%2C%20high%20util)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20a%20series%20of%20specs%20for%20physcial%20servers%20-%20standard%20util%20and%26nbsp%3Bhigh%20util%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20RAM%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20CPU%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Local%20storage%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20USB%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Optical%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Standardize%20on%20a%20label%2FID%20process%26nbsp%3Bfor%20phys%20servers%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Front%2Frear%20panel%20label%20stickers%20w%2F%20server%20name%20(minimum)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3ECreate%20an%20%E2%80%9CAdvisory%20Board%E2%80%9D%20for%20the%20build%20to%20get%20input%20from%20various%20elements%20across%20the%20business%20and%20IT%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Ensures%20a%20%E2%80%98common%E2%80%99%20build%20is%20developed%20(where%2Fif%20possible)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Ensures%20consistency%20across%20the%20business%20(where%2Fif%20possible)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Get%20the%20network%20team%20there%20for%20buy-off%20on%20the%20network%20suitability%20for%20the%20build%20traffic%2C%20DHCP%2Fnon-DHCP%20segments%2C%20unicast%2C%20multicast%2C%20etc%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Talk%20to%20the%20desktop%20team%20%E2%80%93%20they%20likely%20have%20a%20build%20mechanism(s)%20in%20place%20and%20you%20may%20be%20able%20to%20integrate%20with%20or%20build%20off%20of%20what%20they%20have%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EStandardize%20on%20hdwr%2Ffirmwr%2Fsw%2FROM%2Fdriver%20versions%20and%20update%20frequency%2C%20testing%2C%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EUse%20Policy%20to%20set%2Freinforce%20settings%20along%20the%2090%2F10%20rule%20whenever%20possible%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Define%20Local%20Group%20Policy%20settings%20aligned%20with%20corporate%20policy%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Define%20AD%20GPOs%20to%20reinforce%20settings%20aligned%20with%20corporate%20policy%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Use%20Exception%20OUs%2FGPOs%20for%20the%20exceptions%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Have%20a%20solution%20for%20getting%20Local%20GPO%20standard%20settings%20applied%20to%20non-Domain%20joined%20systems%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20DMZ%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20LocalGPO%20tool%20in%20MSFT%20Security%20Compliance%20Manager%20Toolkit%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EUse%20a%20flexible%20process%20to%20create%20the%20builds%20so%20they%20can%20easily%20be%20maintained%20and%20modified%20going%20forward%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20WDS%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20SCCM%20w%2F%20OSD%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Manual%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20VM%20templates%20-%20don't%20forget%20SYSPREP!%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Are%26nbsp%3Bmost%2Fcommon%20reqs%20met%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20AD%2FSQL%2FEXG%2FIIS%2FTS%2Fetc%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Logs%2FDB%20spindles%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%3E%20%3CSPAN%3E%20SAN%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Space%20capacity%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20HBA%20slot(s)%20avail%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20iSCSI%20NIC%20slots%2Fports%20avail%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20scripted%20build%20vs%20image-based%20build%20(WIM-based%20or%20block-based)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Service%20Pack%2C%20patch%2C%20driver%20updates%20and%20other%20changes%20should%20be%20easily%20added%20to%20the%20%E2%80%98base%20build%E2%80%99%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Design%2Fdocument%20a%20policy%20to%20update%20the%20build%20at%20certain%20time%20intervals%2Fmilestones%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%201x%2C%202x%20per%20year%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Every%20Service%20Pack%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20off-line%20builds%20as%20well%20as%20network%20connected%20processes%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20DMZ%20builds%2Frebuilds%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20remote%2Fbranch%20office%20builds%2Frebuilds%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20partnering%20w%2F%20hdwr%20vendor%20to%20deploy%20the%20build%20prior%20to%20ship%2Fdelivery%20for%20large-scale%20roll-outs%2Frefreshes%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20security%20ramifications%20of%20doing%20so%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Base%20the%20process%20around%20defaults%2Fcommon%20tools%20%E2%80%93%20don%E2%80%99t%20overly%20customize%20a%20system%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Leads%20to%20a%20single%20point%20of%20failure%20and%20a%20possible%20bottle%20neck%20as%20the%20current%20enviro%20is%20reverse-engineered%20by%20someone%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20if%20DHCP%20is%20a%20requirement%20of%20the%20build%20process%20or%20if%20static%20NIC%20entries%20can%20be%20made%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Develop%20a%20numbering%2Ftracking%20system%20for%20build%20versioning%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Service%20Pack%20levels%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20OS%20platform%20(x86%2Fx64)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20OS%20version%20(Standard%2FEnterprise%2FDatacenter%20%E2%80%93%202003%2F2008%2FR2)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Core%20or%20full%20GUI%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20the%20workloads%2Froles%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%3E%20%3CSPAN%3E%20Logical%2Fphysical%20drive%20setup%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EStandardize%20on%20the%20various%20high-level%20elements%20of%20the%20build%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Drive%20config%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Hdwr-based%20RAID%20controller%20model(s)%20and%20settings%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Logical%20drive%20layout%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Drive%20letters%20and%20sizes%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20How%20big%20is%20C%3A%20for%20W2k8%20R2%20vs%20W2k3%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Is%20the%20data%20drive%20D%3A%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20What%20about%20CD%20ROM%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20making%20it%20Z%3A%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Where%20in%20the%20cage%20will%20the%20drives%20be%20place%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20How%20will%20the%20logical%20array%20chop%20up%20those%20physical%20slots%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Hot%20spare%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Are%20there%20multiple%20channels%20on%20the%20Controller%20and%20how%20will%20that%20be%20set%20up%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20What%20slot%20will%20the%20controller%20go%20in%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CLI%3E%3CP%3E%3CSPAN%3E%20%3CSPAN%3E%20Network%20config%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Will%20there%20be%20NIC%20teaming%20required%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Network%2Fswitch%20port%20capacity%20for%20teaming%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Drivers%2Fversions%2Ffirmware%20on%20NIX%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Supportability%20statement%20reminder%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Fault%20toler%3F%26nbsp%3B%20Load%20balance%3F%26nbsp%3B%20Auto%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Speed%2Fduplex%20settings%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20What%20slot%20will%20the%20NIX%20go%20in%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20additional%20slot%20use%2Fcapacity%20planning%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Controller(s)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20HBA(s)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Additional%20NIX%20(i.e.%20VM%20host%20server)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Naming%20of%20the%20NIX%20%E2%80%93%20be%20consistent%20and%20helpful%20(slot%2Fport%2Fspeed%2F%2Fetc)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20naming%20them%20so%20that%20based%20on%20the%20name%2C%20they%20can%20be%20%E2%80%98found%E2%80%99%20in%20the%20OS%20on%20the%20server%20%E2%80%93%20%E2%80%98which%20is%20which%E2%80%99%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Decide%20to%20use%20hdwr%20vendor%20drivers%20or%20in-box%20MSFT%20drivers%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20IPv6%20%E2%80%93%20enabled%2Fdisabled%2Fsupportability%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20NetBIOS%20over%20TCP%2FIP%20%E2%80%93%20enabled%2Fdisabled%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20DNS%20suffix%20list%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20NIC%20setting%20standards%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20WINS%3F%26nbsp%3B%20Multiple%20entries%20%E2%80%93%20unless%20it%20is%20a%20WINS%20server%20(in%20which%20case%2C%20it%20points%20to%20itself%20only)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20DNS%3F%26nbsp%3B%20Multiple%20entries%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%3E%20%3CSPAN%3E%20Go%20through%20ALL%20BIOS%20settings%20and%20understand%20them%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20the%20various%20settings%2Fvalues%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Define%20and%20document%20the%20standard%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20See%20if%20the%20hdwr%20vendor%20has%20a%20way%20to%20automate%2Freplicate%20setting%20all%20servers%20to%20the%20spec%20(HP%20SmartStart%20Scripting%20Tools)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%3E%20%3CSPAN%3E%20Go%20through%20ALL%20Controller%20settings%20and%20understand%20them%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20the%20various%20settings%2Fvalues%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Define%20and%20document%20the%20standard%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20See%20if%20the%20hdwr%20vendor%20has%20a%20way%20to%20automate%2Freplicate%20setting%20all%20servers%20to%20the%20spec%20(HP%20SmartStart%20Scripting%20Tools)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20server%20naming%20standards%20and%20flexibility%20(vs%20strict%20adherence)%20to%20be%20entered%20during%20the%20build%20process%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20domain-joins%20and%20computer%20account%20(pre)creation%20in%20AD%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20This%20also%20includes%20OU%20location%20within%20AD%20to%20ensure%20proper%20OUs%20are%20applied%20and%20security%20policy%20is%20applied%20as%20expected%2Frequired%2Fdesired%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20rebuilds%2C%20too%2C%20and%2For%20existing%20computer%20accounts%20needing%20to%20be%20%E2%80%98touched%E2%80%99%20prior%20to%20(re)deploying%20a%20build%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20time%20zone%20settings%20being%20configured%20as%20part%20of%20the%20build%20process%2C%20if%20desired%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20a%20%E2%80%98post%20build%E2%80%99%20script%20or%20manual%20checklist%20that%20will%20verify%2Fvalidate%20items%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20SCCM%2FDCM%2Fother%20inventory%20tools%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20logging%20during%20the%20build%20to%20ease%20troubleshooting%20what%20can%20become%20a%20VERY%20complex%20collection%20of%20tasks%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20how%20complex%20(and%20light-touch)%20you%20want%20to%20design%20vs%20how%20simple%20(and%20more-touch)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20asset%20tracking%20systems%2Fupdates%20as%20part%20of%20a%20build%20process%20if%20needed%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EControl%20access%20to%20the%20build%20images%20to%20help%20control%20sprawl%20and%20casual%2Fundocumented%20changes%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20change%20mgmt.%20as%20required%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20No%20builds%20during%20office%20hours%20due%20to%20network%20impact%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Isolated%2Finsulated%2Fdedicated%20segment%20for%20builds%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Is%20a%20change%20request%20needed%20to%20build%20a%20server%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Ensure%20there%20is%20tracking%20within%20the%20build%20system%20to%20answer%20the%20common%20questions%20-%20possibly%20a%20custom%20reg%20key(s)%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Who%20built%20this%20system%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20When%20was%20it%20built%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20What%20version%20of%20build%2Fcomponents%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20%E2%80%98thick%E2%80%99%20or%20%E2%80%98thin%E2%80%99%20(build%20type%20-%20not%20to%20be%20confused%20with%20fixed-size%20vs%20dynamically%20expanding%20VHDs)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Thin%20%3D%20starting%20with%20just%20what%E2%80%99s%20on%20the%20OS%20install%20media%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Thick%20%3D%20complete%2C%20fully-loaded%20end%20point%20system%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%203%20%3CSUP%3E%20rd%20%3C%2FSUP%3E%20party%20agents%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20All%20settings%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20On-going%20mgmt.%20of%20both%20options%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3EConsider%20aspects%20of%20the%20OS%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20W2k8%2FR2%20are%20secure%20out%20of%20the%20box%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Supportability%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Will%20some%20custom%20setting%20revert%20when%20a%20Service%20Pack%20is%20applied%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Will%20some%20patch%20install%20make%20assumptions%20that%20aren%E2%80%99t%20valid%20on%20a%20highly-customized%20build%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Third%20party%20tools%2Fagents%2Fetc%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Many%20are%20developed%20using%20the%20base%20OS%20default%20settings%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Auditing%20design%20-%20base%20OS%20builds%20and%20the%20build%20system%20itself%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Who%2FWhat%2FWhen%2FWhere%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20What%20do%20we%20want%20audited%20and%20what%20do%20we%20need%20to%20answer%20the%20questions%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20This%20is%20likely%20bigger%20than%20a%20base%20build%20component%2C%20but%20it%20is%20part%20of%20a%20base%20build%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Local%20Policy%20Settings%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Security%20Policy%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Other%20settings%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Power%20Management%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Often%20an%20interaction%20between%20this%20and%20the%20hdwr%20vendor%2FBIOS%20settings%2C%20drivers%2C%20firmware%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Pagefile%20details%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20How%20big%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Separate%20spindle%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Desktop%20layout%20and%20%E2%80%9CFolder%E2%80%9D%20or%20view%20options%2C%20BG%20Info%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20System%20failure%20behavior%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Full%20dump%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Mini-dump%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Kernel%20dump%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Dump%20file%20location%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Lots%20of%20RAM%20might%20mean%20huge%20pagefile%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Consider%20disk%20space%20requirements%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Auto-reboot%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Over-write%20existing%20file%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Windows%20Firewall%20Profiles%2C%20Network%20Location%20Profiles%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Backup%20%E2%80%93%20either%20in-box%20or%203%20%3CSUP%3E%20rd%20%3C%2FSUP%3E%20party%20add-on%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20User%20Account%20Control%20settings%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20During%20the%20build%20%E2%80%93%20preventing%20some%203%20%3CSUP%3E%20rd%20%3C%2FSUP%3E%20party%20drivers%2Futils%20to%20install%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20After%20the%20build%20%E2%80%93%20define%20the%20design%20of%20UAC%2C%20set%20via%20Local%20GPO%3B%20reinforce%2Fmanage%20via%20AD%20GPO%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Remote%20Desktop%20%E2%80%93%20enabled%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Services%20state%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Auto%2FManual%2FDisable%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Supportability%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20WinRM%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Powershell%20code%20signing%20reqs%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Activation%2FKMS%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20IPv6%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Enabled%2Fdisabled%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Supportability%20reminder%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%203rd%20party%20or%20add-on%20Agents%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Backup%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Monitoring%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Management%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Application%20%E2%80%98platform%E2%80%99%20elements%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20App%20install%20location%2Fpath%2Ffolder(s)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Permissions%20req%E2%80%99d%20for%20app%20run%2Finstall%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20NTFS%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CSPAN%3E%20Strongly%20consider%20the%20default%20settings%20of%20current%20OS%20versions%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-255539%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20published%20on%20TechNet%20on%20Mar%2021%2C%202012%20Alot%20more%20goes%20into%20a%20%22well%20managed%22%20base%20OS%20build%20design%20beyond%20booting%20from%20the%20OS%20media%20and%20then%26nbsp%3B%22Next%20%26gt%3B%20Next%20%26gt%3B%20Finish.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-255539%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMichael%20Hildebrand%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Feb 07 2020 07:31 AM
Updated by: