Use ntdsutil to create IFM media on an existing healthy Domain Controller, copy it to a target server at a remote site, and promote that server with the Install from media option to skip full WAN replication.
A full walkthrough of installing Windows Admin Center on a domain-joined Windows 11 PC and using it to remotely manage a Windows Server 2022 domain controller — MSI install, Express Setup, port 6516, self-signed certificate, adding DC.smart.local, and exploring Roles, Events, Performance Monitor, and PowerShell.
A full walkthrough of configuring Folder Redirection via Group Policy in Windows Server 2022 — OU and group setup, hidden SMB share, NTFS permissions, GPO security filtering with delegated Read for Authenticated Users, and a Windows 10 client test — plus a deep dive on why Folder Redirection still needs Authenticated Users to have Read on the GPO.
How to install the Data Deduplication role on Windows Server 2022, configure the General Purpose File Server profile with weekday and weekend Throughput Optimization schedules, and verify savings with Get-DedupStatus.
Default Windows 10/11 PowerShell policy is Restricted - .ps1 files are blocked, only interactive commands run. The right way to change that fleet-wide is one GPO at Computer Configuration / Administrative Templates / Windows Components / Windows PowerShell / Turn on Script Execution. Walks the round trip end to end on Windows Server 2022 + a Win10 client: verify the default Restricted state, create the GPO and set RemoteSigned (Allow local scripts and remote signed scripts), link to a pilot Test Computers OU, gpupdate /force + reboot on the client, confirm Get-ExecutionPolicy now reports RemoteSigned, then flip the GPO to Disabled to demonstrate rollback (returns to Restricted). Includes the five execution policies (Restricted / AllSigned / RemoteSigned / Unrestricted / Bypass), Get-ExecutionPolicy -List interpretation (MachinePolicy beats everything when the GPO is in effect), and the six common pitfalls (computer-vs-user OU link, missed reboot, Unrestricted-as-default, Not-Configured-vs-Disabled rollback semantics, mixed user+computer policies, and the powershell.exe -ExecutionPolicy Bypass admin-bypass that means execution policy is a safety not a security boundary - pair with AppLocker or WDAC for real restriction).
A roaming profile follows the user across machines - sign into PC-A, then PC-B, and the same desktop, files, and app settings appear. Five-step setup on Windows Server 2022: AD security group (Roaming Profiles Users), hidden SMB share (profiles$ with access-based enumeration and a custom ACL granting only Create-Folders to the security group on This folder only), user profile path attribute set to \\\\\\profiles$\\%username%, GPO 'Add the Administrators security group to roaming user profiles' linked to the client OU (must be in place BEFORE first roaming logon - not retroactive), then verify on a Windows 10/11 client (gpupdate, sign in, drop a Test folder on the desktop, sign out / in, browse the share, confirm sysdm.cpl reports profile Type: Roaming). Includes the .V6 profile-version suffix explainer (different OSes get separate folders), the logon/logoff lifecycle, and the seven common pitfalls (path-before-share trap, forgotten Admins GPO, caching-on-the-share, mixed-OS .V6 collisions, profile bloat without limits).
The minimum hardware floor for Windows Server 2022, with the technical reasoning behind each spec. CPU: 1.4 GHz x64 with DEP/NX/SLAT (use systeminfo to verify Hyper-V Requirements). RAM: 512 MB for Server Core, 2 GB for Server with Desktop Experience; ECC strongly recommended on physical hardware. Disk: 32 GB base, +4 GB for GUI; RAM > 16 GB scales pagefile.sys / hiberfil.sys / dump files (powercfg -h off reclaims hibernation space on servers that do not need it). Network: 1 Gbps PCIe-compliant Ethernet. TPM: optional in general, required for BitLocker, UEFI Secure Boot measurement, Credential Guard, and VBS - TPM 2.0 standard on modern servers. Includes the practical-vs-documented-minimum comparison table - the documented numbers are install-floors, real production sizing is several times higher on every dimension.
