[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Windows Server 2012





Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Share tech news, updates, or what's on your mind.

Sign up to Post

i have three session hosts servrr with one rds license
if ihave a remote app on server 1 and other one in server 2
and i have a user that want to connect to both applixation in same time do i have to get two lic per user ? or one is ok ?
my license is per user
Rowby Goren Makes an Impact on Screen and Online
LVL 12
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

I have a domain with an 03 server and 2012 (r2 I think) server.  The 2012 box is GC and has all the roles, but the 2k3 server is still a member of the domain etc - the domain function level is obv 2003.  Glad the 03 box wasn't decommissioned yet as the 2012 box got hit with ransomware.  Unfortunately their usb backup drive was also encrypted and they had no offsite setup.  I need to reload the OS as I can't get SQL running again - cant uninstall it, cant install it, cant repair...its all kind of jacked.  Whats the best process to get it reloaded and back as the GC of the domain? Do I need to assign the roles to the 03 box first, then dcpromo, then reinstall OS and probably with a different name then before for good measure?
I have taken over the admin responsibility of a root CA. I got some knowledge after reading several posts na experts comments to my previous question.
Our server is windows 2012 R2 and cryptographic provider is KSP. In this case,  I only need two steps below,

1- certutil -setreg ca\csp\CNGHashAlgorithm SHA256
2- Renew the CA's certificate with new key.
My understanding is that  the server will have both SHA1 and SHA256 root certs and new certificates for devices will be issued with SHA256 if any device request. And,  there will not be any issue with our  RADIUS/ NPS, Printers, WI-FI, PC etc since they are using the SHA1 certificates until their renewal period reaches next year.
My confusion is that  what would happen when i install a new PC?,
The new PC is going to have certificate with SHA256, but NPS server still has certificate with SHA1.
Does the HASH algo matter?
I need some ideas on finding Group Policy -- and where things might be coming from.

We recently implemented a new Password Policy.  The issue is, it is not being applied to the users!

- We implemented complex passwords, can't reuse 3 passwords and only have to change every 365 days.
- I placed the policy in the OU in which the users live (because we want to have different policies per OU in the future)
- It is still forcing people to change them every 60 or 90 days (whatever they were previously made to do).
- I have removed that setting or changed in every policy I can find it.
- Other polices I have applied work.
- I have also tried doing it in the Win2012R2 console as Microsoft suggests for more granular password policies via groups -- no good.

Environment: Windows 2012R2 Active Directory Domain in Native Mode, 2 Domain Controllers

I am going to attach a screenshot of one of the OUs for reference.

What is the best way to find where this policy is being applied in a way that is not allowing me to even apply it when I put the policy at the top in the OU?  Help would be appreciated!  Thank you in advance!
I have a server with roaming profiles and folder redirection. The roaming pointing to a roaming folder on the server and the redirecting [desktop and my documents] to a user folder.

1 – Not on all computers the folders are redirected.

2 – Now I have a computer that already was redirected and now the desktop location when back to the roaming folder but without the desktop information, [the desktop is empty].
I am trying to run the set-dnsserverresourceset cmdlet on a list of servers in a text file.  The command below works for reading and listing all records in the file.

$l = Get-content C:\Records.txt | Get-DnsServerResourceRecord -name $_ -ZoneName company.biz -RRType A 
$i = foreach ( $r in $l) { Get-DnsServerResourceRecord -name $r -ZoneName company.biz -RRType

Open in new window

The problem is when I try to run

Set-DnsServerResourceRecord -NewInputObject $R -OldInputObject $R -ZoneName company.biz -whatif

newinput and oldinput do not seem to like reading data in from list. Any suggestions on how I can address this. Also how can I set the update PTR record  to auto update as well using this command?
Getting ready to update certificate for AD FS running on Windows Server 2012, IIS 7.5. (Yes-I know updating this configuration is preferable, but  it's not an option at this point)

Most documentation out there now is on updating certificates for AD FS is for server 2012 R2 and is very similar to 2012. However, documentation for 2012 R2 includes updating the SSL certificate using the set-adfssslcertificate Powershell cmdlet and the set-webapplicationproxycertificate Powershell cmdlet if you are running the Web application to extend ADFS to the internet.
Source: How to Update Certificates in AD FS and Server 2012 R2

For both 2012 and 2012 R2 the token-decrypting and token signing certificate can be self-signed and auto-generating. Currently we have both set to autogenerate.
For both 2012 and 2012 R2 the service communications certificate has to come from a trusted 3rd party CA and can be updated the same way in both; via the certificates interface in AD FS Management.
ADFS Certificates
Are there similar functions to update the SSL and web application proxy certificates for Server 2012 that work in place of the Powershell cmdlets that aren't supported in Server 2012? (The set-adfssslcertificate Powershell cmdlet and the set-webapplicationproxycertificate Powershell cmdlets.)
is there any method to get a list of AD users who are using weak passwords for windows 2012R2 domain.
I have setup a remote access server to replace an existing one.  Both are running Server 2012.  I am having trouble getting apps to run on the new server from outside my domain.  Inside my domain works fine.  I believe I have found the problem, but I can't find where to fix it.  The wrong Gateway server is being used and I think that is the root of my problems.  I have attached two images.  They are both from the same remote computer, but the "Working" one is connected to the old server , the "Not Working" one is connected to the new server..  The Gateway server on the new server is rd.xxxxxxxx.com, but the client is using PRRD.xxxxxxxx.com.  My question is, where do I set that value?
Hello all,

I'm curious if anyone has had a situation similar to this and if so what you did to resolve it.

So we have a domain that is air-gaped from the internet for security reasons. That works fine. However, we also have a "field network" that they take out to another site and run various tests. This network must have domain authentication and function successfully standing on it's own. How we have historically done this is we created a "Field DC" that we keep connected to the network so it's updated and synced with the Home DCs then when they leave the office for a few weeks do their thing and come back then we reconnect the server to the network to sync back and forth. For the most part this has worked pretty successfully.

Recently though they had to have the Field DC out of the office for a couple of months (which seems to be happening more often) and when it returned it was unfortunately tombstoned. I'm working on recovering that and that's not what I'm asking help with. I understand that this, and other sync issues can arise from this setup that we currently have.

What I'm wondering is: Has anyone here been in a similar situation where an air-gaped network has an additional portion of the network that will leave the office periodically and if so how did you solve this? Is there a better way to accomplish AD/DNS services with this field network that can then sync with our home domain when it returns?

Any expertise you can offer would be appreciated, …
The Five Tenets of the Most Secure Backup
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

Hi Expert,

I am currently self-learning windows server 2012 using Hyper V in Windows 10.

I have installed AD in windows server(Hyper V) and created the domain, but I would like to know what else do I need to do to allow my windows 10(Hyper V) to join to a domain? I wanted to build like in a company environment because I want to learn skill like pushing down GPO, share resources and etc in the server. I did some google but not much information.

Appreciate if any expert here has a guide, link or experience that can share with me?

Is it possible to load Server Manager within Windows 10 so Server 2016 serves can be administered using a domain admin account within Windows 10?

If so how can Server Manager be loaded within Windows 10?
We are running Windows 2012 Server Domain Controller and users are running windows 10 pro on their computers.
I have one user who I had to rename which I did through AD but later to find out her logon account name did not change.
I went to AD again,  right clicked the user and changed their logon name but not their pre windows 2000 name( just added an extra "e" to their name).
I changed it and waited for replication over night but I still cannot log their Windows 10 machine with the new logon name. but can continue to use the old logon name.
Any ideas?
I'm using manage-bde.exe to allow some power user to encrypt their USB Stick.
I have a DC (Windows Server 2012 R2) with 100 hunder windows 10 pro laptpos.
The users don't have admin privlege on their machines.
I found that changing  WMI privilege manually  (ROOT>CIMV2>Security>MicrofostVolumeEncryption) and adding manually the specif account and giving him  "execute method" privilege allow the user to run the encryption without possessing admin rights.

I'm trying to create a script that I'm going to push via GPO to apply the needed changes.
I tried using this method  without success.
I can dump the privlege. Applying them give no errors but no changes are done.
Both operations are done with local admin account.
I would like to remove one of our 2012r2 servers that is a DFS server. The DFS shares are setup so all the namespaces are the same. I other words, the namespaces are the same on all namespace servers. I would like to remove one of them. It is a Windows 2012r2 server. It's been a long time since I've worked with DFS so I wanted to verify the steps.

Do I simply go into DFS Management and under namespaces, select the Namespace Servers tab and delete it.. or should I disable it first? Then remove the File and iScsI Services roles.

We are planning an Exchange 2013 hybrid deployment with Office 365.

Current infrastructure:
4 Exchange 2013 servers, 3 of them in a DAG, 1 Separate for another domain.
All mail servers are in my mail domain.

The issue I am having with research is our current deployment doesn't match any of the hybrid deployment guides.
Our AD Forest has 6 sub domains one of them being our mail domain where our mail servers reside.
The department that wants to go to the hybrid deployment is setup differently than all other departments.
They have their own forest/domain with a two way trust with the mail domain.
All of their accounts are on a separate server that is not part of the DAG and a separate database that is only on this one server.
All of their accounts are linked accounts to their separate forest/domain.
Our initial plan is to only migrate 35 users then get the other 900 moved once the deployment is successful.

Any advice is much appreciated
Dear EE,

Remote Desktop has been disabled after i perform following settings on Microsoft Windows 2012 R2.


Please see attached error

How can I set 4 static DNS server addresses within a Server 2016 Core OS?

Two of these will be internal DNS servers and the other two will be external (ISP) DNS server addresses.

I have tried doing this using the sconfig.cmd menu but this appears to only let me set two static DNS server addresses.
I will be working in an environment that has a lot of Server 2016 Core installations (that doesn't have a GUI interface).

What are some good guides on using & navigating Server 2016 Core installations so I will be able to perform all necessary administration just like if I had a GUI interface?
OWASP: Avoiding Hacker Tricks
LVL 12
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Hello. I was wondering if anyone might have any ideas on restoring modified and created dates to a set of files. We had a share go down and worked off of a backup for about a week. That backup wasn't restored with the correct dates and when the server came back online we used the backup set to continue working and left the original set alone.

Long story short, the files that we're working with now all have the modified and created dates of the date the backup was restored. The original share still exists. How do I get the dates from the original set of files to the restored set of files that we're working with.

Thank you.

Variety of performance problems after dcpromo out a 2008 r2 dc. General slownes of apps edms - some scripts run slower.
Very hard to pinpoint cause. ran dcdiag all clear - all DNS reference to old dc gone - no legacy mapped drives or any connection to old dc to be found'
raised functional level of domain to 2012 r2  - we have 2 dcs very simple single site domain. now just 2 2012 dcs

the fsmo roles all accross to 2012 r2 dc. - 1 thing that did happen is the fsmo holder server had many patches applied not the wannacry patch that causes slowness.
the point is is that the 2012 r2 dc is just that just a dc with dns - its not used for anything else. i dont see how it could cause slowness accross applications
I have read that SMB signing can cause slowness - when you run 2012 - thing is the 2012 dc/s have been in place for years no issue.

before we dcpromoed out the 2008 rs server we turned it off for 2 weeks - and had no issues. Its only post the dcpromo and 2012 functional level up and perhaps the patching of the dc that the weird sslowness in some apps has raised its head.

what can raising the functional level and dcpromo do to slow the network. ?? thanks
I have an issue with an remote desktop services server. The issue i'm having is with the screen timeout.

We want the user's local computer to have a timeout of 5 minutes for the screen lock. But we want the server they are remoting into to not have a screen lock.  Currenty, the remote desktop session locks after 5 minutes of inactivity. So when the user goes pee they have login to their local PC as well as re-type their password in remote desktop.

Is this because I'm putting the server (computer object)  in an OU and the screen lock settings are user policies so the policy is being passed to the remote desktop session from the local PC because the user account is already logged in on the local PC?

There is a GPO at the domain level that set the screen lock for 5 minutes for all users.
These settings are in "User config > Policies > Admin templates > Control Panel/Personalization"
Enable Screen saver = Enabled
Password protect screen saver = Enabled
Screen saver timeout = Enableed & 300 seconds

I've setup an OU that has a GPO screenlock policy with disabled screen lock and placed the server in it and have disable GPO inheritance on that OU.
Here are the settings for this GPO
 "User config > Policies > Admin templates > Control Panel/Personalization"
Enable Screen saver = Disabled
Password protect screen saver = Disabled
Screen saver timeout = Disabled
We have a Windows 2012 R2 Hyper-V Host with 2 Windows 2012 R2 Guests. One of the Hyper-V guest is Domain Controller.
We need to change the Subnet and IP of Hyper-V Guests and Host from Class C to Class B. How do I change Hyper-V Guest IP's without loosing connectivity and locking myself out with Host?
I do have an understanding of possible issues relating to changing DC IP. I do not know best approach/practice to do this in Hyper-V environment. Any insight would be much appreciated.
Thank you!
What is the process to set the order in which Server 2016 domain controllers authenticate Active Directory accounts?
Is there a way I can create a package of all security updates for windows server 2012 r2 and deploy it manually. I am not comfortable deploying updates using sccm on the severs and want to create a sort of an offline package of the downloaded updates and copy it to the server and run it manually as one msi.

Windows Server 2012





Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.