Baseline Registry Settings for new Domain Controllers

I have a list of baseline registry settings which I put on any new domain controller. I thought I’d share the VB Script below which sets all these as well as enables some performance counters. Many of the settings are applicable outside of a Domain Controller.

Note: These settings have been tested countless times with Windows Server 2003 domain controllers. I indicated where possible which settings do not apply to a Windows Server 2008 (or better) domain controller. I’ve used these on Windows Server 2008 domain controllers however not nearly as many times as prior versions.

Feel free to use this and leave a comment if you have any suggestions for additions, etc.

' NAME: Baseline Registry Settings for new Domain Controllers
' AUTHOR: Brian Desmond,
' DATE  : 8/1/2009
'	Version		Date		Author			Note
'	-----------------------------------------------------------------
'	1.0			01Aug09		Brian Desmond	Initial Release	

Option Explicit

Dim shl
Set shl = WScript.CreateObject("WScript.Shell")

' Enable Remote Desktop
WriteRegistry "HKLM\System\CurrentControlSet\Control\Terminal Server\fDenyTSConnections", 0, "REG_DWORD"

' Set crash config settings
WriteRegistry "HKLM\SYSTEM\CurrentControlSet\CrashControl\NMICrashDump", 1, "REG_DWORD"
WriteRegistry "HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters\CrashOnCtrlScroll", 1, "REG_DWORD"
' WS03 pre SP2 requires KB244139 for the following to be effective
' WS08 pre SP2 requires KB971284 for the following to be effective
WriteRegistry "HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters\CrashOnCtrlScroll", 1, "REG_DWORD"

' log DIT whitespace info
WriteRegistry "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\6 Garbage Collection", 1, "REG_DWORD"
' Expensive/inefficient queries
WriteRegistry "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\15 Field Engineering", 5, "REG_DWORD"

' JET Perf counters
WriteRegistry "HKLM\system\currentcontrolset\Services\ESENT\Performance\Open", "OpenPerformanceData", "REG_SZ"
WriteRegistry "HKLM\system\currentcontrolset\Services\ESENT\Performance\Collect", "CollectPerformanceData", "REG_SZ"
WriteRegistry "HKLM\system\currentcontrolset\Services\ESENT\Performance\Close", "ClosePerformanceData", "REG_SZ"
WriteRegistry "HKLM\system\currentcontrolset\Services\ESENT\Performance\Library", "%systemroot%\system32\esentprf.dll", "REG_SZ"
WriteRegistry "HKLM\system\currentcontrolset\Services\ESENT\Performance\Squeaky Lobster", 1, "REG_DWORD"

' === Shouldn't be necessary on WS08
' set the path to the install binaries
WriteRegistry "HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\SourcePath", "C:\", "REG_SZ"
WriteRegistry "HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath", "C:\", "REG_SZ"

' Import JET perf counters
shl.Run(shl.ExpandEnvironmentStrings("%SystemRoot%\System32\lodctr.exe %SystemRoot%\System32\esentprf.ini"))

' === Shouldn't be necessary on WS08
' Disable manage server wizard
WriteRegistry "HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Setup\Welcome\srvwiz", 0, "REG_DWORD"
WriteRegistry "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Setup\Welcome\srvwiz", 0, "REG_DWORD"

' === Shouldn't be necessary on WS08
' Disable SP2 SNP stuff
WriteRegistry "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableTCPChimney", 0, "REG_DWORD"
WriteRegistry "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableTCPA", 0, "REG_DWORD"
WriteRegistry "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableRSS", 0, "REG_DWORD"

' writes a given value to a given registry path
' use readregistry to validate success
' this function will throw an error up the stack
Sub WriteRegistry(path, value, regType)
	Dim sbShl
	Set sbShl = WScript.CreateObject("WScript.Shell")

	sbShl.RegWrite path, value, regType

	Set sbShl = Nothing 
End Sub 

Leave a Reply

Your email address will not be published. Required fields are marked *