Desktop PC as a Server — Windows 10 / 11 Setup Guide

Prepared by: Pacific Northwest Computers (PNWC) Applies to: Windows 10 Pro / Windows 11 Pro (22H2 and later) Purpose: Configure a standard desktop computer to reliably serve files, printers, and business applications (QuickBooks, Peachtree, Sage, etc.) without sleeping, disconnecting, or degrading network availability.

Table of Contents

• 1. Important Pre-Setup Notes
• 2. BIOS / UEFI Power Settings
• 3. Windows Power Plan Configuration
  • 3a. Activate High Performance or Ultimate Performance
  • 3b. Configure Advanced Power Plan Settings
• 4. Disable Sleep, Hibernate, and Fast Startup
  • 4a. Disable Sleep and Screen Timeout via Settings
  • 4b. Disable Hibernation via Command Line
  • 4c. Disable Fast Startup
• 5. Device Manager — Disable Power Saving on Network & USB Devices
  • 5a. Network Adapter (Wired/Ethernet)
  • 5b. Wireless Network Adapter (if present)
  • 5c. USB Root Hubs and Controllers
  • 5d. Other Devices to Check
• 6. Disable Wake Timers & Automatic Maintenance Wake
  • 6a. Disable Wake Timers in Power Plan
  • 6b. Disable Automatic Maintenance Wake
• 7. Network Location & File and Print Sharing
  • 7a. Set Network Location to Private
  • 7b. Enable File and Printer Sharing via Control Panel
• 8. Advanced Sharing Settings
  • 8a. Full Advanced Sharing Configuration
  • 8b. Share a Folder
  • 8c. Set NTFS Security Permissions
• 9. Creating a Standard User Account for File Access
  • 9a. Create the Account
  • 9b. Verify Account Type is Standard User
  • 9c. Assign the Account to Shared Folder Permissions
• 10. Setting a Static IP Address
  • Method A — Static IP via Windows (Local Assignment)
  • Method B — DHCP Reservation via Router (Recommended)
• 11. Windows Firewall — Program Allowances
  • 11a. Allow a Program Through Windows Firewall
  • 11b. Common Business Application Firewall Rules
  • 11c. Creating Manual Firewall Port Rules (Advanced)
• 12. Additional Recommended Server-Role Settings
  • 12a. Disable Automatic Windows Updates Restart
  • 12b. Disable Display Screensaver and Lock Screen
  • 12c. Set Services to Automatic Start
  • 12d. Disable SMB v1 (Security Hardening)
  • 12e. Enable Network Discovery Firewall Rules
  • 12f. Configure Automatic Sign-in (Optional)
  • 12g. Map the Server Share from Client PCs
  • 12h. Antivirus Exclusions for Shared Data Folders
  • 12i. Disk Health and Maintenance
  • 12j. Backup Strategy
  • 12k. UPS (Uninterruptible Power Supply)
  • 12l. Remote Management
• 13. Verification Checklist

1. Important Pre-Setup Notes

Before beginning, confirm the following:

• The PC has a wired (Ethernet) connection to the local network. Wi-Fi is strongly discouraged for a server role due to reliability and performance limitations.
• Windows is fully updated — go to Settings > Windows Update and install all pending updates, including optional driver updates.
• The machine has adequate hardware: minimum 8 GB RAM, a multi-core processor, and sufficient storage for the shared data.
• The account performing setup has local administrator privileges.
• If this PC will host accounting software (QuickBooks, Sage, Peachtree), confirm the software vendor’s system requirements for a host/server installation before proceeding.

Note: Windows 10/11 Home editions have limited sharing and networking features. Windows 10/11 Pro is required for all steps in this guide.

2. BIOS / UEFI Power Settings

These settings prevent the hardware from powering down regardless of what Windows is configured to do.

1. Restart the PC and enter the BIOS/UEFI setup (commonly DEL, F2, F10, or ESC during POST — check your motherboard or OEM documentation).
2. Navigate to the Power Management section (may also be labeled APM Configuration, Advanced Power Management, or similar).
3. Make the following changes:

1. Save and Exit (typically F10).

Why this matters: Even with Windows sleep disabled, the BIOS can still put hardware into a low-power state independently. Setting AC Recovery to “Power On” ensures the server automatically restarts after any power outage.

3. Windows Power Plan Configuration

3a. Activate High Performance or Ultimate Performance

Option A — Using Control Panel (recommended):

1. Open Control Panel > Hardware and Sound > Power Options.
2. Click Show additional plans if visible.
3. Select High Performance.

Option B — Enable Ultimate Performance (Windows 10/11 Pro):

Ultimate Performance is hidden by default. To unlock it:

1. Open Command Prompt as Administrator.
2. Run the following command:

powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61

1. Return to Control Panel > Power Options — Ultimate Performance will now appear. Select it.

3b. Configure Advanced Power Plan Settings

With your chosen plan selected:

1. In Power Options, click Change plan settings next to your active plan.
2. Click Change advanced power settings.
3. Configure the following settings in the Advanced dialog:

Hard Disk:

Sleep:

USB Settings:

PCI Express:

Processor Power Management:

Display:

1. Click Apply, then OK.

4. Disable Sleep, Hibernate, and Fast Startup

4a. Disable Sleep and Screen Timeout via Settings

1. Open Settings > System > Power & Sleep (Win 10) or Settings > System > Power (Win 11).
2. Set Screen to Never.
3. Set Sleep to Never (for both On battery and Plugged in if options appear).

4b. Disable Hibernation via Command Line

1. Open Command Prompt as Administrator.
2. Run:

powercfg /h off

This disables hibernation entirely and removes the hiberfil.sys file, freeing disk space.

4c. Disable Fast Startup

Fast Startup (also called “Hybrid Shutdown”) can cause issues with network shares and driver state on next boot.

1. Go to Control Panel > Power Options > Choose what the power buttons do.
2. Click Change settings that are currently unavailable.
3. Uncheck “Turn on fast startup (recommended)”.
4. Click Save changes.

5. Device Manager — Disable Power Saving on Network & USB Devices

Windows allows individual devices to power down when idle. This must be disabled on all network adapters and USB hubs serving the server role.

5a. Network Adapter (Wired/Ethernet)

1. Right-click Start > Device Manager.
2. Expand Network Adapters.
3. Right-click your Ethernet adapter (e.g., “Intel I219-V”, “Realtek PCIe GbE”) > Properties.
4. Go to the Power Management tab.
5. Uncheck “Allow the computer to turn off this device to save power”.
6. Uncheck “Allow this device to wake the computer” (unless you want Wake-on-LAN functionality — leave checked if so).
7. Click OK.

5b. Wireless Network Adapter (if present)

Repeat the same steps above for any Wi-Fi adapter listed under Network Adapters, even if Wi-Fi is not the primary connection.

Additionally, for Wi-Fi adapters:

1. With the adapter Properties open, go to the Advanced tab.
2. Locate and set the following properties if present:

5c. USB Root Hubs and Controllers

1. In Device Manager, expand Universal Serial Bus controllers.
2. For each “USB Root Hub” and “USB 3.0/3.1/3.2 Root Hub” listed:
   • Right-click > Properties > Power Management tab.
   • Uncheck “Allow the computer to turn off this device to save power”.
   • Click OK.

5d. Other Devices to Check

Check the Power Management tab on any other device that handles shared resources:

• Storage controllers (if using an add-in RAID/HBA card)
• Bluetooth adapters (disable or set to no power saving)
• Hubs or docks connected via USB

6. Disable Wake Timers & Automatic Maintenance Wake

Even with sleep disabled, residual wake timers or automatic maintenance settings can interfere. These should be cleaned up.

6a. Disable Wake Timers in Power Plan

Already covered in Section 3b — confirm “Allow wake timers” is set to Disable in Advanced Power Settings.

You can also verify via Command Prompt (Admin):

powercfg -waketimers

If no active wake timers are listed, the setting is working correctly.

6b. Disable Automatic Maintenance Wake

1. Open Control Panel > System and Security > Security and Maintenance.
2. Expand the Maintenance section.
3. Click Change maintenance settings.
4. Uncheck “Allow scheduled maintenance to wake up my computer at the scheduled time”.
5. Click OK.

7. Network Location & File and Print Sharing

7a. Set Network Location to Private

The server’s network connection must be set to Private for File and Printer Sharing to function correctly.

Windows 11:

1. Open Settings > Network & Internet.
2. Click on your active connection (e.g., “Ethernet”).
3. Under Network profile type, select Private network.

Windows 10:

1. Click the network icon in the system tray.
2. Click on your active connection, then click Properties.
3. Set Network profile to Private.

Important: If the network is set to Public, Windows Firewall will block most sharing traffic, and the network discovery settings will not take effect properly.

7b. Enable File and Printer Sharing via Control Panel

1. Open Control Panel > Network and Internet > Network and Sharing Center.
2. Click Change advanced sharing settings in the left panel.
3. Under Private (current profile):
   • Set Network discovery to Turn on network discovery — also check “Turn on automatic setup of network connected devices” if present.
   • Set File and printer sharing to Turn on file and printer sharing.
4. Click Save changes.

8. Advanced Sharing Settings

8a. Full Advanced Sharing Configuration

1. Return to Control Panel > Network and Sharing Center > Change advanced sharing settings.
2. Expand All Networks at the bottom:
   • Set Public folder sharing to Turn on sharing so anyone with network access can read and write files in the Public folders (if applicable).
   • Set File sharing connections to Use 128-bit encryption to help protect file sharing connections (recommended).
   • Set Password protected sharing to Turn on password protected sharing — this ensures only accounts with passwords can access shares.
3. Click Save changes.

8b. Share a Folder

1. Navigate to the folder you want to share.
2. Right-click the folder > Properties > Sharing tab.
3. Click Advanced Sharing.
4. Check Share this folder.
5. Give the share a name (e.g., CompanyData).
6. Click Permissions.
7. Remove Everyone (if present).
8. Click Add and type the standard user account name (see Section 9) or a user group.
9. Set permissions:
   • Read — checked
   • Change (Write) — checked
   • Full Control — leave unchecked (do not grant Full Control unless explicitly required)
10. Click OK through all dialogs.

8c. Set NTFS Security Permissions

Share permissions alone are not sufficient — NTFS permissions on the folder itself also apply and must match.

1. On the same folder, go to Properties > Security tab.
2. Click Edit > Add and enter the user account or group.
3. Grant:
   • Read & Execute — checked
   • List Folder Contents — checked
   • Read — checked
   • Write — checked
   • Modify — checked (required for applications like QuickBooks that need to update files)
   • Full Control — leave unchecked
4. Click Apply > OK.

Best Practice: Never share an entire drive (e.g., C:\ or D:\). Always share a specific folder. Never use Everyone as a permission target — always assign named user accounts or groups.

9. Creating a Standard User Account for File Access

A dedicated, non-administrative user account should be used for network file access. This limits exposure if credentials are ever compromised.

9a. Create the Account

Via Settings:

1. Open Settings > Accounts > Other users (Win 10) or Family & other users (Win 11).
2. Click Add someone else to this PC (Win 10) or Add account (Win 11).
3. Click I don’t have this person’s sign-in information.
4. Click Add a user without a Microsoft account.
5. Enter a username (e.g., fileserver_user or a client-specific name) and a strong password.
6. Click Next > Finish.

Via Computer Management (alternative):

1. Right-click Start > Computer Management.
2. Expand Local Users and Groups > Users.
3. Right-click in the right pane > New User.
4. Fill in the username, full name, and password.
5. Uncheck “User must change password at next logon”.
6. Check “Password never expires” (for a service account on an internal-only machine).
7. Click Create > Close.

9b. Verify Account Type is Standard User

1. Open Settings > Accounts > Other users.
2. Click on the new account.
3. Confirm the account type shows Standard User — not Administrator.
4. If it shows Administrator, click Change account type and set it to Standard User.

9c. Assign the Account to Shared Folder Permissions

Follow the steps in Section 8b and Section 8c using this account name when adding permissions to shared folders.

Security Note: Do not use the built-in Administrator account for routine network access. Do not use your personal admin account as the shared folder access account. Keep them separate.

10. Setting a Static IP Address

A server must have a consistent IP address so client computers can reliably connect to it. There are two methods.

Method A — Static IP via Windows (Local Assignment)

This assigns a fixed IP directly on the server PC.

1. Open Control Panel > Network and Sharing Center > Change adapter settings.
2. Right-click your active Ethernet adapter > Properties.
3. Double-click Internet Protocol Version 4 (TCP/IPv4).
4. Select Use the following IP address and enter:

1. Click OK > Close.

Tip: Before assigning, log into your router and check what DHCP range it assigns (e.g., .100 to .200). Choose an IP outside that range (e.g., .50) to prevent IP conflicts.

Method B — DHCP Reservation via Router (Recommended)

This is the preferred method for small business environments. The IP is assigned by the router based on the PC’s MAC address, so it is always consistent even if the network adapter or OS changes.

1. Find the server’s MAC address: Open Command Prompt and run:

ipconfig /all

Look for the Physical Address under your Ethernet adapter (format: 00-1A-2B-3C-4D-5E).

1. Log into your router/firewall (commonly 192.168.1.1 or 192.168.0.1 in a browser).
2. Navigate to DHCP Reservations, Static Leases, or Address Reservation (terminology varies by router brand).
3. Add a new reservation:
   • MAC Address: Enter the MAC address from step 1
   • IP Address: Enter the desired static IP (e.g., 192.168.1.50)
   • Description/Hostname: Something like PNWC-Server or the machine name
4. Save and apply. The PC will receive this IP on its next DHCP renewal or reboot.

Note for UniFi users: This is set under Network > DHCP > Fixed IP in the UniFi Network console.

11. Windows Firewall — Program Allowances

By default, Windows Firewall blocks inbound connections to programs unless explicitly allowed. The following programs commonly used in small business environments require firewall exceptions.

11a. Allow a Program Through Windows Firewall

1. Open Control Panel > System and Security > Windows Defender Firewall.
2. Click Allow an app or feature through Windows Defender Firewall (left panel).
3. Click Change settings (requires admin).
4. To add a program not listed: click Allow another app… > Browse and locate the executable.
5. Check both Private and Public columns as needed (at minimum, check Private).
6. Click OK.

11b. Common Business Application Firewall Rules

The following programs and services should be verified or added:

File Sharing (Windows Built-in):

QuickBooks (Intuit):

QuickBooks also uses TCP ports 8019, 56728, 55378–55382 (varies by version). If the automatic allowance does not work, create manual inbound rules for these ports in Windows Defender Firewall with Advanced Security (run wf.msc).

Sage 50 / Peachtree:

Sage 50 uses TCP port 3351 for the Pervasive database engine. Add an inbound rule for this port on the Private profile.

Sage 100 / 300 / 500:

These products use an IIS-based or SQL Server-based backend. Ensure the following are allowed:

Other Common Small Business Applications:

11c. Creating Manual Firewall Port Rules (Advanced)

For port-specific rules:

1. Run Windows Defender Firewall with Advanced Security (wf.msc).
2. Click Inbound Rules > New Rule (right panel).
3. Select Port > Next.
4. Choose TCP or UDP, enter the port number(s) > Next.
5. Select Allow the connection > Next.
6. Check Private and optionally Domain (uncheck Public) > Next.
7. Name the rule (e.g., “Sage 50 - Pervasive DB Port 3351”) > Finish.

12. Additional Recommended Server-Role Settings

The following are additional settings and modifications that are recommended or in some cases required to ensure the desktop PC reliably functions in a server role.

12a. Disable Automatic Windows Updates Restart

Windows Update can restart the PC during business hours, interrupting connected users.

1. Open Settings > Windows Update > Advanced options.
2. Set Active hours to cover your business hours (e.g., 7 AM – 10 PM). Windows will not restart automatically during these hours.
3. Alternatively, open Group Policy Editor (gpedit.msc) and navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows Update Set “Configure Automatic Updates” to “Auto download and schedule the install” and set a maintenance window outside business hours (e.g., 2 AM Sunday).

12b. Disable Display Screensaver and Lock Screen

A screensaver or lock screen will not prevent file sharing, but it can interfere with remote access and some application licensing checks.

1. Right-click the desktop > Personalize > Lock screen > Screen saver settings.
2. Set screensaver to None.
3. Uncheck “On resume, display logon screen” if present.

12c. Set Services to Automatic Start

Verify that the following Windows services are set to Automatic and are Running:

1. Open Services (services.msc).
2. Locate and verify each of the following:

Right-click any service and choose Properties to change its startup type. Click Start to start it immediately if it is stopped.

12d. Disable SMB v1 (Security Hardening)

SMB v1 is a legacy file-sharing protocol that is highly vulnerable to ransomware and exploitation. It should be disabled unless a specific legacy device requires it.

Run in PowerShell (Admin):

Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force

Verify with:

Get-SmbServerConfiguration | Select EnableSMB1Protocol

The result should show False.

12e. Enable Network Discovery Firewall Rules

If network discovery is not showing this PC on the network:

1. Open Windows Defender Firewall with Advanced Security (wf.msc).
2. In Inbound Rules, search for “Network Discovery” rules.
3. Enable all “Network Discovery” rules for the Private profile.

12f. Configure Automatic Sign-in (Optional)

For applications that must run under a user session (e.g., some QuickBooks or Peachtree installations that require a logged-in session to serve files), automatic login ensures the session is available after a reboot.

1. Run netplwiz (from the Run dialog or Start menu).
2. Select the service account or user account.
3. Uncheck “Users must enter a user name and password to use this computer”.
4. Enter and confirm the password when prompted.
5. Click OK.

Security Warning: Automatic sign-in bypasses the login screen. Use only on machines that are physically secured (locked server closet, locked office). Do not use on machines accessible to the public.

12g. Map the Server Share from Client PCs

On each client PC that needs access to the shared server folder:

1. Open File Explorer > right-click This PC > Map network drive.
2. Choose a drive letter (e.g., Z:).
3. In the Folder field, enter the UNC path: \\[server-name-or-IP]\[ShareName] Example: \\192.168.1.50\CompanyData
4. Check “Reconnect at sign-in”.
5. Check “Connect using different credentials” if the client uses a different user account.
6. Click Finish and enter the fileserver_user credentials when prompted.

12h. Antivirus Exclusions for Shared Data Folders

Real-time antivirus scanning of active accounting or database files can cause file locking errors, corruption, and slowdowns. Configure your antivirus solution to exclude the shared data directory from real-time scanning while still performing scheduled scans.

• Windows Defender exclusion: Settings > Windows Security > Virus & Threat Protection > Manage Settings > Add or remove exclusions. Add the shared folder path (e.g., D:\CompanyData).
• Consult your antivirus vendor’s documentation for third-party AV products.

Do not disable antivirus entirely. Exclusions should target the data folder only — not system directories or the antivirus itself.

12i. Disk Health and Maintenance

For a machine in continuous use, proactive disk health monitoring is important:

• Use CrystalDiskInfo (free) to monitor hard drive S.M.A.R.T. status.
• Run chkdsk /f on data volumes periodically during off-hours.
• If the PC uses a spinning HDD, consider migrating shared data to an SSD for significantly improved multi-user access times.
• Schedule Windows Disk Optimization (defrag for HDDs, TRIM for SSDs) during off-peak hours via the built-in Optimize Drives tool.

12j. Backup Strategy

A machine serving as a file server stores business-critical data and must have a backup plan:

• On-site backup: Use Windows Server Backup (available in Win 10/11 via optional features) or Veeam Agent Free to back up to a separate drive or NAS.
• Off-site/cloud backup: Consider Backblaze, Acronis, or IDrive for encrypted cloud backup of shared data folders.
• Test restores periodically — a backup that has never been tested is an assumption, not a guarantee.

12k. UPS (Uninterruptible Power Supply)

A desktop PC acting as a server should be connected to a UPS to:

• Prevent data corruption from sudden power loss
• Provide time for a graceful shutdown if power is not restored
• Protect against power surges and sags

Recommended: At minimum, a 600VA–1500VA line-interactive UPS with USB management interface. APC, CyberPower, and Eaton all make suitable units for small business use. Configure the UPS software (e.g., APC PowerChute) to trigger a graceful Windows shutdown after several minutes of battery power.

12l. Remote Management

For support and administration purposes, enable Remote Desktop so IT staff can manage the server without being physically present:

1. Right-click Start > System > Remote Desktop (or Settings > System > Remote Desktop).
2. Toggle Enable Remote Desktop to On.
3. Click Confirm.
4. Add the administrator account under Remote Desktop Users if needed.

Ensure the Remote Desktop - User Mode (TCP-In) firewall rule is enabled for the Private profile only.

13. Verification Checklist

Use this checklist after completing setup to confirm the server is properly configured.

Power & Sleep

• BIOS: AC Power Recovery set to Power On
• BIOS: ErP/EuP disabled
• Windows: High Performance or Ultimate Performance plan active
• Power Plan Advanced: Hard disk — Never
• Power Plan Advanced: Sleep — Never
• Power Plan Advanced: Hibernate — Never (or powercfg /h off run)
• Power Plan Advanced: USB Selective Suspend — Disabled
• Power Plan Advanced: PCI-E Link State Power Management — Off
• Power Plan Advanced: Processor min/max — 100%/100%
• Fast Startup disabled
• Automatic Maintenance Wake disabled

Device Manager

• Ethernet adapter: Power Management — “Allow computer to turn off” unchecked
• Wi-Fi adapter (if present): Power saving disabled in Advanced tab
• All USB Root Hubs: Power Management unchecked

Network & Sharing

• Network location set to Private
• Network Discovery enabled (Private profile)
• File and Printer Sharing enabled (Private profile)
• Password protected sharing enabled
• Shared folders created with appropriate NTFS and Share permissions
• SMB v1 disabled

User Account

• Dedicated standard (non-admin) user account created for network access
• Account has a strong password with “password never expires” set
• Account added to shared folder permissions with Read/Write (not Full Control)

IP Address

• Static IP assigned — either via Windows TCP/IP settings or DHCP reservation in router
• IP confirmed reachable from a client PC (ping [server-ip])

Firewall

• File and Printer Sharing rules enabled (Private)
• Business application executables allowed through firewall (QuickBooks, Sage, etc.)
• Custom port rules created where needed
• Remote Desktop allowed on Private profile (if needed)

Services

• Server (LanmanServer) — Running / Automatic
• Function Discovery Resource Publication — Running / Automatic
• Print Spooler — Running / Automatic (if sharing a printer)

Additional

• Windows Update active hours configured
• Antivirus exclusions set for shared data folder
• UPS connected and software configured
• Backup solution in place and tested
• Shared drive mapped on at least one client PC and confirmed accessible

Document prepared by Pacific Northwest Computers (PNWC) — Vancouver, WA jon@pnwcomputers.com | 360-624-7379 | pnwcomputers.com