Windows Server 2022 Basic Setup Guide for Small Business
Windows Server 2022 is the current version of Microsoft’s server operating system. For small Malaysian businesses, it is most commonly deployed as a file server, print server or application server. This guide covers the essential initial configuration steps that should be completed immediately after installing Windows Server 2022. All steps apply to both physical servers and virtual machines.
Never put a server into production use with default settings. An unconfigured server with default admin credentials, pending Windows updates and no firewall rules is a significant security risk. Complete all steps in this guide before connecting the server to your production network.
Step 1: Set the Server Name
Rename the Server
Open Server Manager (launches automatically on login). Click Local Server in the left panel. Click the current computer name (usually something like WIN-XXXXXXXX).
In System Properties, click Change next to the computer name. Enter a descriptive server name that follows a naming convention:
- SRV-FILE-01 – first file server
- SRV-APP-01 – application server
- SRV-DC-01 – domain controller (if Active Directory)
- OFFICESERVER – simple naming for single-server environments
Click OK and restart the server. After restart, the server appears on the network with the new name.
Step 2: Set a Static IP Address
Configure Static IP on Server NIC
A server must have a static IP address. DHCP addresses change, which would break all client connections every time the server restarts. In Server Manager > Local Server, click the link next to Ethernet. Right-click the network adapter > Properties. Double-click Internet Protocol Version 4 (TCP/IPv4).
Select Use the following IP address and enter:
- IP address: Choose an IP outside the DHCP range (e.g. 192.168.1.10 for a file server)
- Subnet mask: 255.255.255.0
- Default gateway: Your router IP
- Preferred DNS server: For standalone servers – 8.8.8.8 or your router IP. For domain controllers – 127.0.0.1 (loopback) as primary
Click OK twice. Verify internet connectivity by pinging 8.8.8.8 from Command Prompt.
Step 3: Run Windows Update
Install All Pending Updates
Go to Settings > Windows Update > Check for updates. Install all available updates. Windows Server 2022 RTM (the version on the installation media) may be many cumulative updates behind. The update process may take 1 to 3 hours and require multiple restarts.
After updates complete, run Check for updates again and repeat until no more updates are available. This is a critical step – unpatched servers are the primary target for ransomware and network attacks.
Running an unpatched server is one of the most common causes of ransomware infections in Malaysian SMEs. Attackers scan the internet for vulnerable servers and exploit known vulnerabilities within hours of a server being exposed. Patch before connecting to any external-facing network.
Step 4: Enable Remote Desktop
Configure Remote Desktop for Administration
In Server Manager > Local Server, click Disabled next to Remote Desktop. In System Properties, under the Remote tab, select Allow remote connections to this computer. Select Allow connections only from computers running Remote Desktop with Network Level Authentication.
Click Select Users to add any additional accounts that need RDP access beyond the default Administrator account. Click OK.
RDP on port 3389 is the most targeted service on the internet. If this server will be accessible from outside the office, use a VPN (such as FortiGate SSL VPN) and connect to the internal network before using Remote Desktop. Direct internet-facing RDP is a near-certain path to ransomware infection.
Step 5: Configure Windows Firewall
Enable and Configure Windows Firewall
Windows Server 2022 has Windows Defender Firewall enabled by default. Verify it is active: open Windows Defender Firewall with Advanced Security (search in Start menu). All three profiles (Domain, Private, Public) should show as On.
The default rules allow basic operation. For a file server, the following inbound rules are typically needed:
- File and Printer Sharing – allows SMB (\\server\share access)
- Remote Desktop – if RDP is needed
- Remote Server Administration Tools – if managing remotely via Server Manager
Block all other inbound connections. Limit management ports to specific admin IP addresses where possible.
Step 6: Create Shared Folders
Create and Share Folders
Create folders on a data drive (not the C: system drive) for shared data. Example: D:\Shares\Company, D:\Shares\Finance, D:\Shares\HR.
Right-click each folder > Properties > Sharing tab > Advanced Sharing. Check Share this folder. Set the share name. Click Permissions – remove Everyone and add specific groups (Finance, HR) with Read or Read/Write access.
Then go to the Security tab (NTFS permissions). Set appropriate NTFS permissions for each group. NTFS permissions apply whether users access via network share or locally – always configure both Share and NTFS permissions.
Users access the share from their PCs via: \\SERVERNAME\ShareName or by mapping a network drive.
Step 7: Configure Automatic Backup
Enable Windows Server Backup
Install the Windows Server Backup feature: open Server Manager > Manage > Add Roles and Features. Add Windows Server Backup under Features.
After installation, open Windows Server Backup from Administrative Tools. Click Backup Schedule. Select Full server backup. Schedule daily at 2:00am. Choose a backup destination – an external USB drive, a network share, or another disk volume.
For critical data, also configure an offsite or cloud backup using Azure Backup, Acronis or Veeam Cloud Connect.
Need IT Help in Malaysia?
Cybergate provides managed IT support for businesses across Malaysia. Our team is available Monday to Saturday, 9am to 6pm.