Windows Server 2012





Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Share tech news, updates, or what's on your mind.

Sign up to Post


I'm troubleshooting bat files from the IT guy who just retired.  

It uses XCACLS.EXE to set permissions to folders and subfolders.

It seems not to be working and some preliminary research suggests that tool is old-school and not meant for 2012/2016.

The old bat file contains statements like these:
xcacls.exe %1\01_DOCS\01_CONFID /T    /G ADMN_PH:C /Y
xcacls.exe %1\01_DOCS\01_CONFID /T /E /G PM_GROUP:C /Y
xcacls.exe %1\01_DOCS\01_CONFID /T /E /G SVCS_PH:F /Y

I see references to: icacls.exe  but wasn't sure it there's even a newer technique / tool that should be used.

For icacls.exe, I see references to SID's but we only want to apply permissions to security groups.

I see that icalcls.exe is built into 2016 so I guess that's the best.


Angular Fundamentals
LVL 12
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Hello EE,

I have a script to add ips to a blacklist in IIS , which works great . Thing is , I cannot locate the config file where the ip address that i denied in /system.webServer/security/ipSecurity > i is . I thought it was the applicationhost.config  in C:\Windows\System32\inetsrv\config\ but it is not there . The ip address shows in the IIS interface . This is windows server 2012 R2 , IIS 8.5

Invoke-Command -computername $node1 -credential $cred -scriptblock {
	add-webconfiguration /system.webServer/security/ipSecurity -location "IIS:\Sites\" -value @{ipAddress=$ip; allowed="false"} -pspath IIS:\
} -ArgumentList $ip

Open in new window

How do I move from using a conditional forwarder to a forward lookup zone for a limited number of host records?

To expand, I host AD integrated DNS for our domain (, but we also need to lookup addresses for our parent company ( I currently have a conditional forwarder for them pointing to their internal DNS servers, which works fine. They now need me to add a A record for a service that has both an internal and external IP address (i.e. internal and external). When my users resolve the address, they get the internal IP address of the server, but we want them to connect to the external IP address.

I was thinking of just deleting the conditional forwarder reference and adding a forward lookup zone for, and then adding the A record for that server with the external address, but I am concerned that it will stop all other resolution for other services (due to the loss of the conditional forwarders pointing to their internal DNS server). Do I resolve this problem by adding their internal DNS server to the Forward lookup zone>Properties>Name Servers tab?
My Hyper-V Host is running Windows Server 2012 R2 Datacenter, and on here I have about 15 VMs.

I just purchased a Windows Server 2019 Datacenter license. I'm ready to start creating 2019 VMs but I am not ready to rebuild the host with Server 2019. Is that a requirement for activating VMs running Server 2019? I believe best practice is to install Server 2019 Datacenter on the host, activate it using the unique activation key; then, any VMs I create on that host are activated using AVMA (Automatic Virtual Machine Activation)

But in my scenario, the host is running Datacenter 2012 R2. My plan was to (one at a time) start creating VMs running 2019 to replace the older VMs running 2012. (For example, I have a file server VM running 2012. I am going to create a new VM running 2019, configure it the same was as my 2012 VM and then decommission (delete) the 2012 VM). The end result is that one at a time, the VMs get replaced with new VMs. But the host (at least for now) will continue running 2012.

Is there another way to activate the VMs when the host is not running the first 2019 Datacenter instance? Can I create my first 2019 server as a VM and use that VM as the 'server' from where all of the other VMs are activated using AVMA? Or does AVMA only work if it can authenticate (activate) against a host that is ALREADY running (and activated) with 2019 datacenter? I am probably…
We are running WSUS on a WindowsServer 2012 R2 VM, on a very limited satellite link. While our updates are downloading (every first Tuesday). I can view the download start date, file size and the amount of data downloaded on the Summary screen. Once the download is complete, I don't have this information on that screen. Where can I find a log that shows when downloads from Microsoft started and finished, and the file size downloaded?
We are having an issue with an app that allows users to work on their timesheet in the accounting software remotely from their phones.

 It used to work fine until there were OS updates to the phones.

I was told by the accounting program's support that I had to do the following for the phone app to work.

Customer will need to do the following for the SSL certificate on their server:
Disable SSL2, SSL3, TLS1
Enable TLS 1.1 and 1.2:

What I do not understand is where to make these changes.  I tried using a program called Crypto which allows you to enable and disable protocols on the server from a GUI but when I made the suggested changes we could not login to the accounting software from our desktops, and the app still did not work.

My question: Is there a difference with disabling the listed protocols in Server 2012 vs. doing it in the SSL certificate that is installed for the app?

If so, where do I go to make the protocol changes in the SSL certificate?

The server running the accounting program and the SSL certificate is a 2012 R2 server.

Any help is appreciated.
I upgraded from Windows Server 2012 R2 to Windows Server 2016. Now I get "System error 58 has occurred" when I use the" net use" command to connect to a SUSE server.  The SMB 1.0 is already enabled on the 2016 server, but it still fails to connect.  I need to be able to read\write\execute  to the same servers as I did with my Server 2012.
Is there any way to get my 2016 server to use SMB1.0  to connect? If not, is there a workaround I can use to perform the same task without updated my SUSE servers?
we have been asked to implement a skype for business server for one of our clients.

I will confess straight away that I have no experience with skype at all, so my initial request will be somewhat fundamental!

Having looked at a few videos of the installation and setup of skype for business server, they all seem to imply that we need a complete new server. My question is therefore, do we need to purchase a complete new server along with windows server OS, or can we add this to an existing server?

The client in question already has 2 servers, one is a windows 2012 server running hyperv, which supports a domain controller / file server, and one additional file server. In addition we have a stand alone exchange 2010 server.

Would skype for business server run on say the lesser used file server, or even our domain controller, or would we need to add additional hardware whit Windows server OS etc to host this facility.

Any advice very much appreciated.

Many thanks.

Trying to deny access to a NAS share by Domain Administrator.
Netgear ReadyNAS 214 os ver. 6.

Active Directory authentication configured on ReadyNAS device.
Server 2012 R2 = DC.

ReadyNAS Share permissions set as:
Network Access= selected domain user R/W, Everyone RO
File Access= Folder Owner of selected Domain User R/W, Folder Group, Domain Admins, Administrator all set at R/O

While logged into the Domain Controller as the Domain Administrator I still have R/W access to the Share on the ReadyNAS device.....I would like to prohibit the ability to R/W to the NAS share by ALL Domain accounts except for the one designated Domain user account.

Thank you.
We are attempting to add permission to an Active Directory service account to read a custom attribute in our Active Directory schema that has the confidential bit set. We attempted to use ldp.exe to add read permission for that attribute but but that didn't work.  Also attempted to use DSACLS to grant a group access to the attribute, and that also didn't work (from  

Environment is Server 2012 R2 with domain functional level of 2008 R2.
Active Protection takes the fight to cryptojacking
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

WE allowed our RDP  license to expire and now cannot get in , it there a way to get in to the server to allow us to apply a license ?
We have a Windows 2012 R2 domain. One client, a laptop running Windows 8.1 , was disconnected from a wired ethernet connection moved to another location then reconnected. Now it can't connect to the servers. It has been tried back in the original and multiple locations so I'm 100% sure it has a working ethernet connection. It can ping the servers, it can browse the network but the only computers it can't see are the servers. It's as if the servers were filtered out. It can browse the internet. I have disconnected the laptop from the domain and tried to add it back to the domain but it says the domain controller can't be found. We have around 80 other clients on this network that are working perfectly. I tried to recreate the TCP/IP stack but that didn't work either. I'm a bit stumped. Ideas anyone?
Do any of you use quotas for user home.drives on your file servers. Can this throw up any specific challenges and what storage quotas do you allow them. I can see benefits in such an approach for capacity planning
Hello All,

I have been running the below command on a lot of Windows 2012 and 2016 domain servers to install a software and it is working fine.  

msiexec /i installer_vista_win7_win8-64- /qn TRANSFORMS=installer_vista_win7_win8-64-

On one domain Windows 2012 server, the above command is run but the software is not installed.  I have tried Run as administrator and run it in a admin CMD prompt.  I have also restarted the server but same result.  

Any one who knows what else I could try, please advise.  

what best practices can you suggest for the following storage dilemma. One of our partners has a windows 2012 R" file server with a data drive of 500 GB. It is used as a file server for the various departments across their organisation. It forever balances somewhere between 95% (20 GB free on a good day) used space and full, leading to service issues, e.g. users being unable to save documents. The IT team who look after the server have reservations that increasing the size of the data drive will just lead to more bad practice on the teams who save data on there, and anything they grant will eventually get filled again and encourage poor records keeping, e.g. not deleting unused historical records. Whereas I can sympathise with this viewpoint, on the flipside its a critical resource for doing business, so if its unavailable it causes major problems. What would you suggest from a strategic viewpoint to resolve this. If you have been in a similar quandary, what decisions were made and by whom. It seems an unhappy truce at present.
2 Windows 2012 R2 Web Server Farm
IIS 8.5
VMware Esxi 6.5
Kemp Load Balancer
SQL 2014

I have 2 Web Farm Servers with shared config.

I am trying to build a web page using PHP all my other pages are HTML & ASP

I can get to

when I enter my userid and password which I stored in a SQL database

I get this error

Server Error
405 - HTTP verb used to access this page is not allowed.
The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access.

I am thinking something in IIS not correctly setup

Any ideas?

Thank you

DB2 10.5 on Windows Server 2012 R2

This question came up in a conversation and I want to make sure my answer is correct.  If you have this query...


Open in new window

Will DB2 get all the orders for last 6 months, sort them by CREATED_TS, and then return the first 1000 rows or will it grab the first 1000 rows  for last 6 months, order them by CREATED_TS and return them?

I would think it has to grab all the orders for last 6 months, sort them and then return the data, otherwise it is not a true sort by CREATED_TS.  

Is that correct?

Thank you!

Is there any form of easy command/test that could be done to check, say from an internal windows & device joined to the same network, to see if the local firewall on windows servers on an internal network is enabled, without having to remote onto each and check the settings. I know you can do port scans but I was perhaps interested in any basic powershell/cmd prompt tests you could run, and how the output of a port scan/command would differ from a server with a local firewall enabled, vs those without would be useful to learn.
I have 4 windows server 2012 R2 servers in my domain which are not getting updated gp policy.  when running gpresults on them they are all showing AD / Sysvol mismatch errors.  They are not DCs.  All DCs do not have this error, and are replicating properly. All other computers in this domain are pulling correct and updated GP.  

I have tried removing them from the domain and readding.  I have installed KB KB2919394.  with no luck.  thanks.
5 Ways Acronis Skyrockets Your Data Protection
5 Ways Acronis Skyrockets Your Data Protection

Risks to data security are risks to business continuity. Businesses need to know what these risks look like – and where they can turn for help.
Check our newest E-Book and learn how you can differentiate your data protection business with advanced cloud solutions Acronis delivers

Do files on a windows/ntfs drive leave any clues on the last time they were backed up and if so what particular attribute would that be - regardless of backup software & solution in operation.
Ok, here goes. I have Windows Server 2012 Standard running on VMWare ESXi 5.5 U3. The disk array in which it was stored was having some problems so I moved the vmdk to a different array and restarted the vm. Now, all I get is a black screen. I can see Windows start to boot (windows logo, spinning dots) and then nothing. Interestingly, some of the software on the server continues to work (file sharing, iis), but some doesn't (rdp, dhcp, logmein). ESXi says it doesn't have VMWare tools installed (or not running) but I know they are installed.

Basically, I am locked out of this server. I have tried automated vmware tools install, but it doesn't appear to be happening. I can't access the registry remotely (access denied).

Did I mention that safe mode exhibits the same behavior?
Hi Experts,

We are planning to demote a server running Windows Server 2012 R2 which is also a Domain controller. (i.e removing AD domain services etc and shutting down the server).

This server is also a Network policy server and was wondering if it’s possible to export then import the network policy server configuration onto another server that is already a network policy server? (IE. So that the network policy / radius clients etc on the server that is due to be de-commissioned will carry on working on the other server so the  service is not disrupted)

Was creating a test group policy but changed permissions and took domain admin, enterprise admin off it etc

Now its telling me that the specified directory service attribute or value does not exist

Any best way to correct this, it won't let me delete the GPO
Hello all,
I am having to migrate a master domain controller from a Windows 2012 R2 server to a Windows 2016 server (both are standard OS) due to a failure on that 2012 R2 and the age of the server.  This server is running AD, DNS, DHCP, and WSUS
When I did a 2008 to 2012 R2 migration I did the following steps:
1)  dcdiag /v /c /e on old server
2)  Fix issue on above.
3)  Ensure AS integrated zones on DNS
4)  Bring new server (with temporary name and IP address) into AD
5)  Copy all folders and files necessary to new server.
6)  Transfer Global Catalog
7)  Transfer FSMO Roles
8)  Transfer DNS
9)  Transfer DHCP
10)  dcpromo (demote) old server
11)  Run metadata cleanup
12)  Change IP address and name of new server
13)  Deal with all shares, etc. on new server.

Are these steps all the same or are there extra steps that I am missing?
Also I have never had to transfer WSUS.  When do I do this in these steps and what are the steps to do this?

Kelly W.
We migrating an entire domain and Exchange environment to a new datacenter.  Two companies exist in this environment.  Only one plans to stay at the new datacenter.  Due to this we need to remove all instances of the old company in the Exchange 2013 environment.  In general what steps do I need to take?  Half of the users are with the old company and may be purged.  I just need to make sure all Exchange references to the old company domain and respective routing are gone.

Windows Server 2012





Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.