# Server: SERVER

## General Info
- Hostname: SERVER
- IP Address: 10.0.0.5
- Subnet Mask: 255.255.255.0 (/24)
- Default Gateway: 10.0.0.1
- DNS Servers: 127.0.0.1 (itself — correct for DC)
- OS: Microsoft Windows Server 2025 Standard **EVALUATION**
- OS Version: Build 26100
- OS Configuration: **Primary Domain Controller**
- Domain: kittle.lan
- Physical / Virtual: Physical
- Location: Office

## Hardware
- Make/Model: HPE ProLiant MicroServer Gen11
- BIOS: HPE 2.22 (5/16/2025)
- CPU: Intel Xeon E-2414 (4 cores)
- RAM: 80 GB

## Storage

| Drive | Label | Filesystem | Size | Notes |
|-------|-------|------------|------|-------|
| C: | (OS) | NTFS | ~11 TB | Primary volume |
| (secondary) | Server2 2022_03_31 | — | ~2 TB | Secondary storage — possibly old server backup or migration data |

## Network Interfaces
- 4x Embedded LOM ports (Port 1-4)
- Only Port 1 is active
- 3 ports unused

## Roles and Services (Installed)
- [x] **Active Directory Domain Services** (Primary DC)
- [x] **DNS Server**
- [x] **DHCP Server** (installed but scopes are empty — DHCP runs on ISP router)
- [x] **File Server** (C:\Shares)
- [x] **Print Server**
- [x] Group Policy Management

## SMB File Shares

| Share Name | Path | Notes |
|-----------|------|-------|
| Home | C:\Shares\Home | User home folders |
| QBooks | C:\Shares\Home\QBooks | QuickBooks data files |
| NETLOGON | (default) | AD logon scripts |
| SYSVOL | (default) | Group Policy store |

## Installed Software

| Software | Version | Notes |
|----------|---------|-------|
| **QuickBooks Pro 2024** | 34 | **Should NOT be on a DC** — migrate to workstation |
| ScreenConnect | — | Remote access agent |
| Microsoft Edge | — | Browser |

## Listening Ports (Key Services)

| Port | Protocol | Service | Notes |
|------|----------|---------|-------|
| 53 | TCP | DNS | AD DNS server |
| 88 | TCP | Kerberos | AD authentication |
| 135 | TCP | RPC | Endpoint Mapper |
| 139 | TCP | NetBIOS | Legacy name service |
| 389 | TCP | LDAP | AD directory |
| 445 | TCP | SMB | File shares |
| 464 | TCP | Kerberos kpasswd | Password changes |
| 636 | TCP | LDAPS | LDAP over SSL |
| 3268 | TCP | Global Catalog | AD GC |
| 3269 | TCP | GC SSL | AD GC over SSL |
| 5985 | TCP | WinRM | PowerShell remoting |
| 8019 | TCP | **Unknown** | Needs identification |
| 9389 | TCP | AD Web Services | AD management |

## DNS Configuration
- DNS Forwarders: 10.0.0.1 (ISP router)
- DNS Zones: kittle.lan, _msdcs.kittle.lan
- No reverse lookup zone for 10.0.0.x

## Group Policy Objects

| GPO Name | Modified | Notes |
|----------|----------|-------|
| Default Domain Policy | 12/23/2025 | |
| Default Domain Controllers Policy | 2/9/2026 | |
| HomeFolder | 2/9/2026 | Maps home folders |
| Intranet Zone - File Server | 3/20/2026 | Adds \\\\SERVER + \\\\10.0.0.5 to Local Intranet zone for PDF preview on shares |

## Backup
- **NONE — NO BACKUP EXISTS FOR THIS SERVER**
- This server is the ONLY domain controller
- If this server dies, Active Directory, DNS, file shares, and QuickBooks data are ALL lost

## CRITICAL ISSUES

### 1. EVALUATION LICENSE — Time Bomb
Windows Server 2025 Standard is running as an **EVALUATION** install. Evaluation licenses expire after 180 days, after which the server will shut down every hour. A full license must be purchased and applied immediately.

### 2. QuickBooks on the Domain Controller
QuickBooks Pro 2024 is installed directly on the DC. Business applications increase attack surface and resource contention on the DC. Should be migrated to a dedicated workstation.

### 3. No Backup
No backup solution is configured. Total data loss if the server fails.

### 4. DHCP Role Installed But Not Used
Windows DHCP role is installed but all scopes are empty. DHCP is handled by the ISP router at 10.0.0.1. The DHCP role could be uninstalled to reduce confusion, or properly configured to take over from the ISP router (recommended).

### 5. Unknown Port 8019
An unidentified service is listening on port 8019. Needs investigation.

## TODO (Priority Order)
- [ ] **IMMEDIATE: Activate full Windows Server license** — Evaluation will expire
- [ ] **IMMEDIATE: Set up backup** — No backup exists
- [ ] **HIGH: Migrate QuickBooks off the DC** — Install on a workstation instead
- [ ] Create reverse DNS zone for 10.0.0.x
- [ ] Investigate port 8019
- [ ] Consider moving DHCP from ISP router to server for better control
- [ ] Identify purpose of "Server2 2022_03_31" secondary volume