With Windows Server 2016, Microsoft integrated the Microsoft Defender service into the operating system. This built-in antivirus is now running constantly but it does not have the Defender GUI installed by default. If you want to activate the graphical user interface on the server, this can be done using Windows Server Manager or Powershell cmdlet.
Windows Defender GUI
Let’s see how to activate or disable the Windows Defender Graphical interface:
In order to reorganize an Active Directory forest, with multiple child domains into a single domain, I used the ADMT (Active Directory Migration Tool) 3.2 from Microsoft. This modification is an intraforest migration because all domains are in the same forest.
While ADMT supports an intraforest migration, I encountered a specific issue for migrated computers from a child domain to the parent domain: “The security database on the server does not have a computer account for this workstation trust relationship“
Security database trust relationship
Well, I was very perplex by this error, because the ADMT agent reported an successfully operation, and the computer account existed in the new Active Directory domain.
In fact, you will get this error each time you want to migrate a computer with an intraforest and the target operating system is Windows Server 2012 R2. Let’s see why and how to resolve this issue.
For each product, like Windows or Office, Microsoft introduces new features or new configuration options. All of these can be managed using Group Policy Object (GPO) but you must get the latest policy definitions if you want set the new options. For exemple, with Windows Server 2012 R2, you need to import Windows 10 ADMX in order to manage it by GPO.
Windows 10 ADMX with Server 2012
Let’s see how to import ADMX file for Group Policy Object.
If you manage one or several file servers in your infrastructure, you may have the will to customize the Access Denied error message displayed to users. This feature can be used since Windows 8 and Windows Server 2012. It is called Access-Denied Assistance.
Access Denied Custom Message
Access-Denied Assistance can be useful if you want to simplify the process to grant folder permissions to users. Sometime, the user does not know the full path, neither rights needed.
With Access-Denied Assistance, shared folder administrator will receive an email with all information required. No more call for user access.
If you manage one or several file servers in your infrastructure, you may have the will to prevent users to paste files with specific extensions. This behavior can be motivated because you don’t have enough storage for big files or for security reasons. Moreover, if you use DFSR to replicate shared folder to another site, you don’t want to block the bandwidth with a movie replication.
Microsoft Windows Server included a role which provide us the ability to manage files on shared folder: File Server Resource Manager (FSRM).
File Server Resource Manager FSRM
In order to block, deny some file extensions, we need to install and configure this role. Let’s see how to do that with Server 2012 R2.
If you are testing Windows Server Technical Preview 2, you probably noticed that the Graphical interface is no more enabled by default.
In fact, in Windows Server Technical Preview, you have two choices at the installation: Core and Core With Local Admin Tools. The second choice, Local Admin Tools lets you configure your server with Server Manager.
Technical Preview Installation
Server Technical Preview no GUI
Like Windows Server 2012, GUI will be enabled by using Server Manager.
Go to Server Manager and Select Roles and Features.
On the Features Page, check Server Graphical Shell under User Interface and Infrastructure.
Server Preview Enable GUI
Start the installation and reboot.
After the reboot, GUI is available:
Technical Preview GUI
You can download Windows Server Technical Preview 2 here.