Windows FE/BE – myCloud

List of steps to setup EC2 testing instances with Windows 2022 servers for the Front-End (FE) and Back-End (BE) in a “test” VPC, peered with the “management” VPC (RDGW and Shared Domain Service – Microsoft AD)

Task	Front-End	Back-End
Create domain user (AD)
Add CAP & RAP
Add domain user to local Administrators group (+ domain RDP group)
AWS Instance termination Protection
AWS EBS volume names
AWS EBS Volume deletion on termination disable
AWS EC2 instance Alarm Status (SNS topic + subscription)
SSL Certificate and IIS https binding
Tag configure = FE-WU and BE-WU (Windows Update)

Desktop customization
Disk D: Initialization and format
Disable IE Enhanced Security Configuration (Admin & Users)
Remove Windows Defender Anti-Virus
Turn Off Windows Defender Firewall (for Domain, Private and Public network)
Disable SmartScreen
Set OS timezone
Set Windows Updates to Download Only
Install IIS
Install MSMQ
Run Windows Updates
Download/Install Office
Download/Install CrowdStrike
Install NewRelic Agent
Re-run Windows Updates
Purchase Reserved instance (region/instance type)
CPM (N2WS) create backup policy and apply

Remove Windows Defender Anti-Virus (PS)

Uninstall-WindowsFeature -Name Windows-Defender

AWS EBS Volume deletion on termination

Drive C:\

aws ec2 modify-instance-attribute --instance-id i-XXXXXXXX --block-device-mappings "[{\"DeviceName\": \"/dev/sda1\",\"Ebs\":{\"DeleteOnTermination\":false}}]"

DRIVE D:\

aws ec2 modify-instance-attribute --instance-id i-YYYYYYYY --block-device-mappings "[{\"DeviceName\": \"/dev/xvdb\",\"Ebs\":{\"DeleteOnTermination\":false}}]"

Set OS timezone

timedate.cpl

Set Windows Updates to Download Only

sconfig (as admin, option 5-2)

Disable SmartScreen

Windows security / App & browser control / Reputation-based protection settings / Check apps and files off

Category: Microsoft