Improve company productivity with a Business Account.Sign Up


Re-installing Windows Server 2012 Essentials - the best way?

Posted on 2016-10-19
Medium Priority
Last Modified: 2016-10-24
A have a Server running Windows 2012 R2 Essentials. It has been likely struck with some software that has turned it into a Zombie as it is uploading vast amounts of data.

I have not been able to solve this issue and have therefore made the decision to re-install the Server. (See my other question for further details regarding this )

Can anyone please advise the best way to do this to avoid minimal re-configuration?

General Information
1.      The Server has 4TB raid configuration with two partition - a 500GB partition for the OS and all programs. The rest of the data is on the other partition
2.      The server is essentially a Domain controller and file server looking after 10 workstations. All the users are using folder redirection. Email is supplied by Exchange Online.
3.      The backup is done onto external hard drive using the built-in backup of Windows essentials.  I don’t want to use it to fully restore the server as the problem started after the last backup and I am worried it would bring the problem back.

My main concern is the user data and re-logging in of the user. If, for example, I re-install on the OS partition and leave the data partition as is and set folder redirection to point to the folder on this partition, will the user log in OK and pick up their data as before?

Any advice very much appreciated.
Question by:Markieboy1
  • 2
  • 2
LVL 85

Accepted Solution

David Johnson, CD, MVP earned 1000 total points
ID: 41851522
The best solution that I can think of is to create a new server on different hardware (not server essentials) a trial of standard will work for this scenario.make it an additional domain controller, create a DFS share for your user data, let it replicate, change your redirected folders gpo to point to the DFS share
Seize the fsmo roles from essentials to the new server
export the dhcp server and import it into the new server
now you can remove and reinstall the Essentials Server. setup DFS and point it to the redirected folder location(s) you setup now reverse the steps, after the redirected folders are now pointing to the essentials server you can remove the DFS link to the standard server,
Better if you can find the problem.
LVL 26

Assisted Solution

by:Lionel MM
Lionel MM earned 1000 total points
ID: 41851823
Since this is such a small network, 1 server and 10 workstations and because your Server is compromised I would simply
1) copy any user data to an external drive
2) export your GPOs
3) export any printers and
4) make a final full server backup
and then shutdown the compromised server and start over. I would do a full reformat of the drives to make sure that the offending/compromising "whatever" that caused this problem is gone.

In terms of total time this is the quickest and easiest to get yourself operational again. The fact that you say it is compromised and a "zombie" means to me you are much better off to "kill the zombie" as soon as possible so that it doesn't spread to any of your workstations. Essentials is very easy to setup and will take much less time this way.

Author Comment

ID: 41851881
Many thanks for your comments. I was hoping to avoid copying the user data as a couple of the users have masses of data!

However, It seems I may not need to do anything. Since I left yesterday, the problem has gone away and all is looking good.

I have obviously done something but I am keeping an open mind and see how things go for the next few days. I will therefore keep this question open until I am sure all is well.
LVL 26

Expert Comment

by:Lionel MM
ID: 41852275
Well if the server was "doing something" and uploading "masses of data" and you can't find the cause then I would be very, very concerned. Your server may actually be hacked and controlled by a "bot" of some sort. I would still consider reformatting the drives and starting over but at least you should run virus and spyware checkers, use more than 1 of each, 2 or 3 of each--use spybot, malwarebytes and then your virus software and then one other. You may even want to use a USB or DVD boot drive with a virus scanner to be 100% sure, especially if you can't find what was causing the uploading of masses of data.

Author Closing Comment

ID: 41856854
All seems to be working well - as the threat has now removed - so the need to do this is no longer relevant.

If needed in the future - and let's hope not - your comments will be useful.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA:…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question