Home / Server / Business Server / How to Set Up Windows Server for Small Business: Step-by-Step Guide (2026)

How to Set Up Windows Server for Small Business: Step-by-Step Guide (2026)

Table of Contents

1. 1. Pre-Installation Checklist
2. Hardware Requirements
3. Things to Decide Before You Start
4. 2. Installation Walkthrough
5. Creating the Installation USB
6. Booting and Initial Screens
7. Selecting the Edition
8. Partition Setup
9. 3. First Steps After Installation
10. Rename the Server
11. Set a Static IP Address
12. Activate Windows
13. Run Windows Update
14. 4. Installing Active Directory Domain Services (AD DS)
15. Adding the AD DS Role
16. Promoting to Domain Controller
17. 5. Setting Up DNS and DHCP
18. DNS
19. Installing and Configuring DHCP
20. 6. Creating User Accounts and Organisational Units
21. Designing Your OU Structure
22. Creating OUs
23. Creating User Accounts
24. Setting a Default Password Policy
25. 7. Setting Up a File Server
26. Adding the File Services Role
27. Creating Shared Folders
28. Mapping Drives via Group Policy
29. 8. Remote Desktop Services
30. Enabling Remote Desktop on the Server
31. Firewall Rules
32. 9. Joining Client PCs to the Domain
33. 10. Basic Group Policy Configuration
34. Recommended Policies for a Small Business
35. 11. Setting Up Backup
36. Installing Windows Server Backup
37. Scheduling a Backup
38. 12. Security Basics
39. Rename or Disable the Built-in Administrator Account
40. Verify Windows Firewall Is Active
41. Verify Windows Defender Is Running
42. Disable SMBv1
43. Final Checklist Before Going Live





How to Set Up Windows Server for Small Business: Step-by-Step Guide (2026)

How to Set Up Windows Server for Small Business: Step-by-Step Guide (2026)

Setting up Windows Server for the first time can feel overwhelming. Between Active Directory, DNS, DHCP, Group Policy, and file sharing, there is a lot of ground to cover before your first user can log in. The good news is that for a typical small business the setup process is well-defined and repeatable. This guide walks you through everything, from booting the installation USB right through to your first Group Policy Object and a working backup schedule.

This guide targets Windows Server 2022 with references to Windows Server 2025 where the steps differ. Both releases follow the same setup flow through Server Manager, so the instructions below apply to either version unless noted.

1. Pre-Installation Checklist

Before you touch the installation media, work through this checklist. Skipping these steps causes problems that are painful to fix after the server is live.

Hardware Requirements

Component Minimum Recommended (SMB)
CPU 1.4 GHz 64-bit Quad-core 2.0 GHz+
RAM 512 MB (2 GB with Desktop Experience) 16 GB
System disk 32 GB 120 GB SSD (OS only)
Data disk Separate volume for shared files
Network Gigabit Ethernet Gigabit Ethernet

Things to Decide Before You Start

  • Server name: pick something meaningful and short, e.g. SRV-DC01. You cannot easily rename a domain controller after it is promoted.
  • Static IP address: decide the IP before installation. Example: 192.168.1.10 with subnet 255.255.255.0, gateway 192.168.1.1.
  • Internal domain name: choose an Active Directory domain name now. Common choices are company.local or a subdomain of a real domain you own, such as ad.yourcompany.co.uk. Avoid using a public TLD you do not own.
  • CALs purchased: Windows Server requires Client Access Licences (CALs) for every user or device that connects. For most SMBs, User CALs are simpler. Make sure these are in hand before going live.
  • Product key ready: have your Windows Server licence key available.

2. Installation Walkthrough

Creating the Installation USB

Download the ISO from the Microsoft Volume Licensing Service Centre (VLSC) or your reseller. Use Rufus (Windows) or dd (Linux/macOS) to write the ISO to a USB drive of at least 8 GB. Set the partition scheme to GPT for modern UEFI hardware.

Booting and Initial Screens

  1. Insert the USB, boot the server and enter the BIOS/UEFI boot menu (usually F11 or F12). Select the USB drive.
  2. The Windows Setup screen loads. Choose your language, time format, and keyboard layout, then click Next.
  3. Click Install now.
  4. Enter your product key, or click I don’t have a product key to enter it after installation.

Selecting the Edition

You will be presented with edition choices. For a small business server with a graphical interface, select:

  • Windows Server 2022 Standard (Desktop Experience)

Desktop Experience gives you the familiar Windows graphical shell. Server Core (no GUI) is more secure and lighter on resources, but significantly harder to manage for first-time admins.

Partition Setup

  1. Accept the licence agreement and choose Custom: Install Windows only (advanced).
  2. If your drives are blank, click New to create a partition on the system disk. Windows will automatically create a small System Reserved partition alongside your OS partition.
  3. Select the primary OS partition and click Next. Installation takes 15–30 minutes.
  4. The server will reboot into the initial setup (OOBE) and prompt you to set the built-in Administrator password. Use a strong password — at least 14 characters, mixed case, numbers, and symbols. Store it in a password manager.

3. First Steps After Installation

Before installing any roles, get the basics right. Open Server Manager — it launches automatically at login.

Rename the Server

  1. In Server Manager, click Local Server in the left pane.
  2. Click the current computer name (e.g. WIN-ABC123DEF) next to Computer name.
  3. In System Properties, click Change, enter your chosen server name (e.g. SRV-DC01), and click OK.
  4. Restart when prompted.

Set a Static IP Address

  1. In Server Manager → Local Server, click the link next to Ethernet.
  2. Right-click your network adapter and choose Properties.
  3. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
  4. Enter your planned static IP, subnet mask, and default gateway. For DNS, temporarily point to 127.0.0.1 (this server will become its own DNS server once AD DS is installed).
  5. Click OK.

Activate Windows

Open Settings → System → Activation and enter your product key if you did not do so during installation. Activation requires internet access.

Run Windows Update

Before installing any roles, fully patch the server. Open Settings → Windows Update, check for updates, install all available patches, and reboot. Repeat until no further updates are pending. This can take several reboots on a freshly installed system.

4. Installing Active Directory Domain Services (AD DS)

Active Directory is the foundation of a Windows domain network. It handles authentication, authorisation, and policy for every machine and user account.

Adding the AD DS Role

  1. In Server Manager, click Manage → Add Roles and Features.
  2. Select Role-based or feature-based installation, then click Next.
  3. Select your server from the server pool and click Next.
  4. In the Roles list, tick Active Directory Domain Services. A dialog will appear asking to add required features — click Add Features.
  5. Click Next through the Features and AD DS information screens, then click Install. Do not tick “Restart the destination server automatically” for this step.
  6. Once installation completes, you will see a yellow warning flag in Server Manager. Click it and choose Promote this server to a domain controller.

Promoting to Domain Controller

  1. In the AD DS Configuration Wizard, select Add a new forest and enter your root domain name, e.g. company.local.
  2. On the Domain Controller Options screen, set both the Forest functional level and Domain functional level to Windows Server 2016 (compatible with all current Windows clients). Leave Domain Name System (DNS) server ticked — this installs DNS automatically.
  3. Set a strong DSRM (Directory Services Restore Mode) password. This is separate from the Administrator account and is used only for AD recovery. Store it securely.
  4. Click through the DNS Delegation, Additional Options, and Paths screens, accepting the defaults (AD database, logs, and SYSVOL will go to C:\Windows\NTDS and C:\Windows\SYSVOL).
  5. Review the Summary screen, then click Install. The server will reboot automatically.
  6. After reboot, log in as COMPANY\Administrator (replace COMPANY with your domain’s NetBIOS name).

5. Setting Up DNS and DHCP

DNS

DNS was installed as part of the AD DS promotion. Open DNS Manager from Server Manager → Tools. You should see your domain’s forward lookup zone already created (e.g. company.local). Verify that an A record for your server exists. Add a reverse lookup zone if one was not created automatically: right-click Reverse Lookup Zones → New Zone and enter your network address (e.g. 192.168.1.x).

Installing and Configuring DHCP

  1. In Server Manager, go to Manage → Add Roles and Features and add the DHCP Server role.
  2. After installation, click the yellow warning flag and complete DHCP Post-Install Configuration to authorise the DHCP server in Active Directory.
  3. Open DHCP Manager from Tools. Expand your server name, right-click IPv4 → New Scope.
  4. Give the scope a name (e.g. LAN Scope), enter the IP range (e.g. 192.168.1.100 to 192.168.1.200), and set the subnet mask to 255.255.255.0.
  5. Add any exclusions (e.g. reserve 192.168.1.1192.168.1.20 for static devices).
  6. Set the lease duration (8 hours for office environments is reasonable).
  7. Configure scope options: set 003 Router to your gateway IP, 006 DNS Servers to your server’s IP (192.168.1.10), and 015 DNS Domain Name to company.local.
  8. Activate the scope.

6. Creating User Accounts and Organisational Units

Designing Your OU Structure

Organisational Units (OUs) are containers in Active Directory that let you apply Group Policy and delegate administration to specific groups of users or computers. A simple structure for an SMB might look like this:

\
company.local\
├── Staff\
│   ├── Management\
│   └── General\
└── Computers\
    ├── Workstations\
    └── Laptops\

Creating OUs

  1. Open Active Directory Users and Computers from Server Manager → Tools.
  2. Right-click your domain name → New → Organizational Unit. Name it Staff.
  3. Repeat to create Computers at the domain root, then create child OUs beneath Staff (right-click the Staff OU → New → Organizational Unit).

Creating User Accounts

  1. Right-click the appropriate OU (e.g. Staff\General) → New → User.
  2. Enter the user’s first name, last name, and set the User logon name (e.g. jsmith).
  3. Set an initial password. Tick User must change password at next logon.
  4. Click Finish.

For bulk user creation, PowerShell is far more efficient. Here is an example that creates a single user:

New-ADUser `\
  -Name "Jane Smith" `\
  -GivenName "Jane" `\
  -Surname "Smith" `\
  -SamAccountName "jsmith" `\
  -UserPrincipalName "[email protected]" `\
  -Path "OU=General,OU=Staff,DC=company,DC=local" `\
  -AccountPassword (ConvertTo-SecureString "TempP@ssw0rd!" -AsPlainText -Force) `\
  -ChangePasswordAtLogon $true `\
  -Enabled $true\

Setting a Default Password Policy

Open Group Policy Management from Tools. Edit the Default Domain Policy and navigate to:

Computer Configuration → Policies → Windows Settings → Security Settings → Account Policies → Password Policy

Recommended settings for an SMB:

  • Minimum password length: 12 characters
  • Password must meet complexity requirements: Enabled
  • Maximum password age: 90 days
  • Enforce password history: 10 passwords

7. Setting Up a File Server

Adding the File Services Role

  1. In Server Manager, add the File and Storage Services role. Specifically, ensure File Server and File Server Resource Manager are ticked under File and iSCSI Services.

Creating Shared Folders

  1. Create a folder on your data volume, e.g. D:\Shares\Company.
  2. Right-click the folder → Properties → Sharing tab → Advanced Sharing.
  3. Tick Share this folder, give it a share name (e.g. Company), and click Permissions.
  4. For share permissions, grant Everyone – Full Control at the share level — NTFS permissions on the folder itself provide the real security.
  5. On the Security tab (NTFS permissions), remove unnecessary entries and add your AD security groups with appropriate permissions. For example, a Staff-ReadWrite group gets Modify, a Staff-ReadOnly group gets Read & Execute.

Mapping Drives via Group Policy

  1. In Group Policy Management, create a new GPO linked to your Staff OU. Name it Drive Mappings.
  2. Edit the GPO and navigate to: User Configuration → Preferences → Windows Settings → Drive Maps.
  3. Right-click → New → Mapped Drive. Set the action to Create, enter the UNC path (e.g. \SRV-DC01\Company), choose a drive letter (e.g. S:), and click OK.
  4. Use Item-Level Targeting if you want the drive to appear only for specific groups.

8. Remote Desktop Services

Remote Desktop lets users connect to the server from home or while travelling. Standard RDP (two concurrent admin sessions) is included without additional licencing. For multiple users running applications on the server simultaneously, Remote Desktop Services (RDS) CALs are required separately.

Enabling Remote Desktop on the Server

  1. In Server Manager → Local Server, click Disabled next to Remote Desktop.
  2. In the System Properties dialog, select Allow remote connections to this computer. Leave Allow connections only from computers running Remote Desktop with Network Level Authentication ticked.
  3. Click Select Users to add specific user accounts to the Remote Desktop Users local group — domain administrators can already connect by default.

Firewall Rules

Windows Firewall should automatically create an inbound rule for RDP (TCP 3389) when you enable it. Verify this in Windows Defender Firewall with Advanced Security → Inbound Rules. Look for Remote Desktop – User Mode (TCP-In) — it should show as Enabled.

If you need to restrict RDP access to specific source IP addresses (strongly recommended), edit the rule’s Scope settings to allow connections only from your office IP range.

9. Joining Client PCs to the Domain

With the domain controller live and DHCP running, joining Windows 10/11 clients is straightforward.

  1. On the client PC, ensure it is connected to the LAN and has received a DHCP address. Confirm it is using the server’s IP as its DNS server (ipconfig /all in Command Prompt).
  2. Open Settings → System → About → Domain or workgroup (Windows 10) or Settings → System → About → Advanced system settings (Windows 11).
  3. Click Change, select Domain, and enter your domain name (e.g. company.local).
  4. When prompted, enter domain administrator credentials.
  5. Restart the PC. After reboot, log in as a domain user: COMPANY\jsmith or just [email protected].

Move the newly joined computer object from the default Computers container in AD Users and Computers into your Computers\Workstations OU so that GPOs linked to that OU apply.

10. Basic Group Policy Configuration

Group Policy is how you enforce settings across all domain machines and users. Create a new GPO for each logical area rather than cramming everything into the Default Domain Policy.

Policy GPO Path Setting
Screen lock User Config → Admin Templates → Control Panel → Personalisation Screen saver timeout: 600 seconds; Password protect: Enabled
Windows Update Computer Config → Admin Templates → Windows Components → Windows Update Configure automatic updates: Auto download and schedule, daily at 03:00
Restrict Control Panel User Config → Admin Templates → Control Panel Prohibit access to Control Panel: Enabled (for general staff)
Audit logon events Computer Config → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy Audit account logon events: Success and Failure

After linking a GPO, force an immediate refresh on a client with gpupdate /force in an elevated Command Prompt.

11. Setting Up Backup

No server setup is complete without a working backup. Windows Server Backup is included in the operating system at no extra cost and is adequate for most small businesses.

Installing Windows Server Backup

  1. In Server Manager, go to Manage → Add Roles and Features → Features.
  2. Scroll down and tick Windows Server Backup. Click Install.

Scheduling a Backup

  1. Open Windows Server Backup from Server Manager → Tools.
  2. In the Actions pane, click Backup Schedule.
  3. Choose Custom to specify what to back up. At minimum, include the System State (which captures AD, DNS, and DHCP) and your data volumes.
  4. Set the schedule — once daily at a time when the server is under light load (e.g. 02:00).
  5. Choose your backup destination. Options include a dedicated internal disk, an external USB drive, or a shared network folder (NAS). A dedicated local disk is simplest to set up; backing up to a NAS or offsite location is more resilient.

Test your backup by running one manual backup immediately after setup and confirming the backup catalogue shows a completed job.

12. Security Basics

A freshly set-up server needs a few security housekeeping steps before users connect to it.

Rename or Disable the Built-in Administrator Account

The built-in Administrator account is a well-known target for brute-force attacks. Rename it to something non-obvious and create a separate named account for day-to-day admin work.

In Active Directory Users and Computers, find Administrator in the Users container, right-click it and choose Rename. Alternatively, set this via Group Policy:

Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Security Options → Accounts: Rename administrator account

To disable the local Administrator account on domain-joined workstations (where users should always log in with domain accounts), use a startup script or the following PowerShell one-liner deployed via GPO:

Disable-LocalUser -Name "Administrator"\

Verify Windows Firewall Is Active

Run the following in PowerShell to confirm all firewall profiles are enabled:

Get-NetFirewallProfile | Select-Object Name, Enabled\

All three profiles (Domain, Private, Public) should show Enabled : True. If any profile is off, enable it:

Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled True\

Verify Windows Defender Is Running

Windows Defender Antivirus is included in Windows Server 2022 and 2025. Confirm its status:

Get-MpComputerStatus | Select-Object AMRunningMode, RealTimeProtectionEnabled\

You should see RealTimeProtectionEnabled : True. If you have deployed a third-party endpoint protection product, ensure it is fully operational before disabling Defender.

Disable SMBv1

SMBv1 is an outdated protocol that was exploited by the WannaCry and NotPetya ransomware attacks. It is disabled by default in Windows Server 2022 and 2025, but verify this:

Get-SmbServerConfiguration | Select-Object EnableSMB1Protocol\

If the output is True, disable it immediately:

Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force\

Final Checklist Before Going Live

  • Server renamed and static IP set
  • Windows fully updated and activated
  • AD DS installed, domain created, domain controller promoted
  • DNS resolving internal names correctly (nslookup company.local from a client)
  • DHCP scope active and handing out addresses
  • OU structure created, user accounts added
  • Shared folders accessible from a domain-joined client
  • At least one client PC joined to the domain and GPOs applying (gpresult /r)
  • RDP access tested
  • Backup scheduled and first backup completed successfully
  • Windows Firewall active on all profiles
  • SMBv1 disabled
  • Administrator account renamed

With all of the above in place, you have a functional small business Windows Server environment. From here you can add a second domain controller for redundancy, integrate with Microsoft 365 via Azure AD Connect, or configure VPN access for remote workers. The foundation covered in this guide is what everything else builds on — get it right and the rest follows naturally.


Sign Up For Daily Newsletter

Stay updated with our weekly newsletter. Subscribe now to never miss an update!

[mc4wp_form]

Leave a Reply

Your email address will not be published. Required fields are marked *