With Windows Server 2016, Microsoft integrated the Microsoft Defender service into the operating system. This built-in antivirus is now running constantly but it does not have the Defender GUI installed by default. If you want to activate the graphical user interface on the server, this can be done using Windows Server Manager or Powershell cmdlet.
Windows Defender GUI
Let’s see how to activate or disable the Windows Defender Graphical interface:
In order to reorganize an Active Directory forest, with multiple child domains into a single domain, I used the ADMT (Active Directory Migration Tool) 3.2 from Microsoft. This modification is an intraforest migration because all domains are in the same forest.
While ADMT supports an intraforest migration, I encountered a specific issue for migrated computers from a child domain to the parent domain: “The security database on the server does not have a computer account for this workstation trust relationship“
Security database trust relationship
Well, I was very perplex by this error, because the ADMT agent reported an successfully operation, and the computer account existed in the new Active Directory domain.
In fact, you will get this error each time you want to migrate a computer with an intraforest and the target operating system is Windows Server 2012 R2. Let’s see why and how to resolve this issue.
For each product, like Windows or Office, Microsoft introduces new features or new configuration options. All of these can be managed using Group Policy Object (GPO) but you must get the latest policy definitions if you want set the new options. For exemple, with Windows Server 2012 R2, you need to import Windows 10 ADMX in order to manage it by GPO.
Windows 10 ADMX with Server 2012
Let’s see how to import ADMX file for Group Policy Object.
If you manage one or several file servers in your infrastructure, you may have the will to customize the Access Denied error message displayed to users. This feature can be used since Windows 8 and Windows Server 2012. It is called Access-Denied Assistance.
Access Denied Custom Message
Access-Denied Assistance can be useful if you want to simplify the process to grant folder permissions to users. Sometime, the user does not know the full path, neither rights needed.
With Access-Denied Assistance, shared folder administrator will receive an email with all information required. No more call for user access.
Let’s see how to do that with Server 2012 R2.
If you manage one or several file servers in your infrastructure, you may have the will to prevent users to paste files with specific extensions. This behavior can be motivated because you don’t have enough storage for big files or for security reasons. Moreover, if you use DFSR to replicate shared folder to another site, you don’t want to block the bandwidth with a movie replication.
Microsoft Windows Server included a role which provide us the ability to manage files on shared folder: File Server Resource Manager (FSRM).
File Server Resource Manager FSRM
In order to block, deny some file extensions, we need to install and configure this role. Let’s see how to do that with Server 2012 R2.
If you try to setup IPAM, you can get an error during the provisioning IPAM server step.
“Provisioning IPAM has failed. Check inner exception for more details. Some or all identity references could not be translated”
IPAM Provisioning failed
This error is raised because you try to provision it on a Domain Controller. By design IPAM can not be installed on a DC.
On Technet, Microsoft writes:
An IPAM server is a domain member computer.
|You cannot install the IPAM feature on an Active Directory domain controller.
You could get more information here.
I had a issue with Windows System Image Manager (WSIM) when I tried to create a catalog from Windows 8.1 WIM file. Even if it was start with full Administrator rights, I got this error:
“Cannot obtain read/write access for … In order to generate a catalog file, you must have read/write access to the Windows image file and its containing folder.”
WSIM Cannot obtain read/write access
Windows Server 2012 introduced a new feature with the DHCP Service: the built-in DHCP Failover Cluster. This function was requested for a long time.
Before Server 2012, if you want to failover your DHCP, two possibilities:
- Create a real cluster, and add the DHCP role.
- Split the scope between two servers. With Server 2008, a Wizard simplifies this task.
In Windows Server 2012, it is really simple to add High Availability for DHCP Service. Each server can release lease to client and the information is synchronised between all failover members.
Let’s see how to implement the Failover Configuration:
Do you know that you can force a remote bulk gpupdate since Windows Server 2012.
It is really simple and we can do it using :
- Group Policy Management Console, GPMC
If you are testing Windows Server Technical Preview 2, you probably noticed that the Graphical interface is no more enabled by default.
In fact, in Windows Server Technical Preview, you have two choices at the installation: Core and Core With Local Admin Tools. The second choice, Local Admin Tools lets you configure your server with Server Manager.
Technical Preview Installation
Server Technical Preview no GUI
Like Windows Server 2012, GUI will be enabled by using Server Manager.
- Go to Server Manager and Select Roles and Features.
- On the Features Page, check Server Graphical Shell under User Interface and Infrastructure.
Server Preview Enable GUI
- Start the installation and reboot.
- After the reboot, GUI is available:
Technical Preview GUI
You can download Windows Server Technical Preview 2 here.