Enable and Disable the GUI in Windows Server 2012

I’ve now installed Windows Server 2012 without a GUI a number of times. And I always seem to end up needing that GUI eventually. So, to get Windows as a feature in Windows Server, use the following command to fire up a powershell environment, entering the admin password when prompted: runas /user:administrator powershell.exe Then let’s install all the Windows Features with the word GUI in them: Get-WindowsFeature -Name *gui* | Install-WindowsFeature -Restart The server will then reboot and you’ll be looking at a login window. To remove, you can just enter the following: Get-WindowsFeature -Name *gui* | Remove-WindowsFeature -Restart

Create A Server 2012 VM In VMware Fusion

Our friends at VMware continue to outdo themselves. The latest release of Fusion works so well with Windows Server 2013 that even I can’t screw it up. To create a virtual machine, simply open VMware Fusion and click New from the File menu. Screen Shot 2014-04-06 at 3.43.26 PM Click “Choose a disc or disc image.” Screen Shot 2014-04-06 at 3.43.58 PM Select your iso for Server 2012 and click on Open (if you have actual optical media it should have skipped this step and automatically sensed your installation media). Click Continue back at the New Virtual Machine Assistant screen. Screen Shot 2014-04-06 at 3.45.26 PM Click Continue when the Assistant properly shows the operating system and version. Screen Shot 2014-04-06 at 3.50.07 PM Enter a username, password and serial number for Windows Server if you want Fusion to create these things automatically and just complete an installation. If not, uncheck Easy Install (but seriously, who doesn’t like easy). Also, choose the version of Windows Server (note that there’s no GUI with the Core options). Click Continue. Screen Shot 2014-04-06 at 3.50.55 PM At the Finish screen, you can click Customize Settings if you would like to give the new virtual machine more memory or disk. Otherwise, just click Finish. Screen Shot 2014-04-06 at 3.52.00 PM When prompted, choose where the new virtual machine will live and click Save. The VM then boots into the Setup is starting screen. You will be prompted for a Core vs. a GUI install (I know, you picked that earlier). I choose a GUI, then click Next. Screen Shot 2014-04-06 at 3.53.28 PM When the setup is complete, login, run Software Update and you’re done!

Defragment and Repair Exchange Information Stores

An Exchange Information Store is a database. A Standard Exchange Server can host 3 Information Store databases. Each is a Jet database and can exist at its own file path and will have a .edb file extension. You can manually defrag an Exchange database using a tool called eseutil. In this case, you’ll encounter from 5 to 20 minutes of downtime per gig of the Information Store. You can run eseutil, Eseutil can be run to scan a database to determine whether an offline defragmentation is necessary. You can run eseutil to manually determine the space that could be saved with a defrag. To do so, run eseutil with the /m and /s options: eseutil /MS "D:\database\primary.edb" To run a defrag, specify that you are defragmenting a /d for database and /ds for the directory. You will need enough space on the drive with the edb files on it to make a copy of the database (double-click on an Information Store to see the path). In this example we’ll specify a temporary directory to use for defraging on another volume, as follows: eseutil /d /ds /tc:D:\backup\eseutildefrag.edb /p Note: To use a temporary volume, increase the amount of time per gig to defrag the database. While defrag is something that eseutil can help with, I find that it’s also frequently used for performing recovery operations on a database. To check: eseutil /r “D:\database\primary.edb” To run, use the /P option: eseutil /P "D:\database\primary.edb" If you have a corrupt or missing .stm file (according to the version of Exchange, you can create one using the /CREATESTM flag: eseutil /P /CREATESTM "D:\database\primary.edb" There are tons of other options available in eseutil. But sometimes the tool cannot run because corruption extends beyond tables and indexes. To chase down corruption, you can also use isinteg. To test a folder on the exchange server called exchange.krypted.com, specify the server using the -s option and indicate -test to run tests as well as the specific test to run, which can be indicated with the alltests option: isinteg -s exchange.krypted.com -test alltests You can also specify specific tests, replacing alltests with folder, allacltests, allfoldertests, search, global, etc. These tests all have their own options. To run a repair also add the -fix option. A lot of corruption can be caused by problems with the service, IO or corrupt volumes. To check volumes, use chkdsk. IO issues often correlate to Event IDs of 10025, 10026 and 10027. Problems with the Information Store service can be varied but should be tracked using the Event Logs and debugging options on a per-service basis.

Configure Windows Server 2012 As An NTP Server

When you’re configuring a Mac to leverage an existing Windows infrastructure, having the clocks in sync is an important task. Luckily, Windows Server has been able to act as an NTP server for a long time. In this article, we’ll look at configuring Windows Server to be an NTP server for Mac and Linux clients. Note: Before you get started, or any time you’re hacking around in the registry, make sure to do a backup of your registry/SystemState! To enable NTP on Windows Server, open your favorite registry editor and navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpServer. From here, enter a key called Enabled as a dword with a value of 00000001. The NTP Server should look upstream at another NTP host. To configure this, go ahead and navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpClient and create Enabled as a dword with a value of 0000001 and SpecialPollInterval with a value of 300:
“Enabled”=dword:00000001 “SpecialPollInterval”=”300”
NTP would then need a source, so let’s go ahead and create that in the registry as well. To set that up, navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParameters and then setup the Type key to contain NTP, the Period key to contain freq and the NtpServer key to obtain the IP address of the server followed by ,0x1, as follows (assuming an IP of for the upstream NTP server:
“NtpServer”=,0×1” “Type”=”NTP” “Period”=”freq”
The w32tm service doesn’t start unless your system is on a domain (and should be restarted if the system is already running as a DC). To starts the service automatically (if needed), use the sc command: sc triggerinfo w32time start/networkon stop/networkoff Windows systems can also use an NTP server. To configure the NTP client, navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpClient and create Enabled as a dword with a value of 0000001 and SpecialPollInterval with a value of 300:
“Enabled”=dword:00000001 “SpecialPollInterval”=”300”
NTP would then need a source, so let’s go ahead and create that in the registry as well. To set that up, navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParameters and then setup the Type key to contain NTP, the Period key to contain freq and the NtpServer key to obtain the IP address of the server followed by ,0x1, as follows (assuming an IP of for the upstream NTP server:
“NtpServer”=,0×1” “Type”=”NTP” “Period”=”freq”
Finally, you can invoke the w32tm service directly to query peers and verify that no skew has occurred with the clocks: w32tm /query /peers

Managing Windows Server 2012 Shares From Powershell

SMB cmdlets come in two modules. Before you can really use these in powershell you first need to import them. These are called SmbShare and SmbWitness, so to import the modules: Import-Module SmbShare Import-Module SmbWitness Or for short: Import-Module Smb* Once the SMB modules are imported, we’ll start by looking at what shares you’ve got on your system using Get-SmbShare: Get-SmbShare Next, we can create a new share with the minimum two pieces of information required and adding who get’s FullAccess, which is not required: New-SmbShare -Name BAK -Path E:BAK -FullAccess krypted Then we can provide a little more information if we so choose. Here, I’m going to add a description to the share I just created: Set-SmbShare -Name BAK -Description "To be used for Windows Backup backups." Now that we have this BAK share, we can configure who’s able to access it. To see who can access the share, use Get-SmbShareAccess along with the -Name followed by the name of each share you’re curious about: Get-SmbShareAccess -Name BAK Note that this -Name structure is consistent with all the smb* cmdlets. If we want to grant another user access to our share we can go ahead and do so using the Grant-SmbShareAccess cmdlet: Grant-SmbShareAccess -Name BAK -AccountName krypted1 -AccessRight Full Now that I’ve given the krypted1 user access to a share, I can remove the initial user krypted since I don’t really like him any more. To do so, use the Revoke-SmbShare cmdlet, again identifying the -Name of the Share followed by the account name to remove access for: Revoke-SmbShare -Name BAK -AccountName krypted You can also block a user from accessing a share. If a group is granted access and the user is blocked then the user will stay blocked. To block a user, use the Block-SmbShareAccess cmdlet, identify the -Name of the share and then the users name with the -AccountName option. That krypted user is kinda’ pesky so we’ll go ahead and block him: Block-SmbShareAccess -Name BAK -AccountName krypted But then the krypted user ends up needing access, so we’ll unblock him using the Unblock-SmbShareAccess cmdlet with the same syntax: Unblock-SmbShareAccess -Name -AccountName krypted Permissions are the next most important aspect of managing access to objects. Just because a user can access a share doesn’t mean they should be able to get into that juicy morsel of a payroll directory. CACLS is the command line interface to manage permissions at the file and directory level. CACLS is not a powershell cmdlet. You can see the permissions of a file or folder using the Get-Acl cmdlet. It’s just a cmdlet that you define a location to show the permissions for. Here, we’ll check the c:SharedPayroll directory: Get-Acl c:SharedPayroll Then, there’s the Set-Acl command, which can alter an Acl. As you can imagine, there are a lot of different permissions that can be applied to objects, including the need for recursion and for setting the permissions for recursed objects (OK, OK – I know recursed isn’t really what you might call that, but I’ve always wanted to say it so there ya’ go!). Therefore, instead of taking you through using set-acl I’ll just say, check out the TechNet on it at http://technet.microsoft.com/en-us/library/hh849810.aspx. Finally, many environment just want the users who can access a share to have the Acl to access the data in the shares. To aid in what should be considered a relatively simple task, you can alter an Acl by piping the output of the get-SmbShare into the Set-Acl command. This sets the Acls to be the same as the permissions set in the share itself: (Get-SmbShare -Name Bak).PresetPathAcl | Set-Acl

Use Windows Backup To Back Up Windows Server 2012

WIndows Server’s ntbackup tools have become easier and easier to use over time. But there’s no more ntbackup. Well, there’s wbadmin, which is very similar. You can still restore data by downloading ntbackups restore tool at http://support.microsoft.com/?kbid=974674.  Windows Backup is now capable of backing up a system with the same ease of use that Apple brought to automated backups with Time Machine and Time Machine Server. In fact, providing access to only a few more options Microsoft’s tools provide access to some pretty nice options, easily configured. To get started, you’ll first need to install the Windows Backup Role. To do so, use the Add Roles and Features Wizard in Windows Server 2012 to add the Windows Backup role. Once added, open Server Manager and then click on the Tools menu, selecting Windows Server Backup. Screen Shot 2013-06-08 at 12.02.23 PM From Windows Server backup, you can enter the name of an Azure account to configure cloud based backups. However, in this walkthrough we’re going to choose local backups, which really for us means to a network share rather than the cloud, although we could back up to a USB drive or some other internal drive as well. Click Local Backup, then click Configure. Click on Backup Schedule… to bring up the Backup Schedule Wizard. At the Getting Started screen, click on the Next button. Screen Shot 2013-06-08 at 12.02.56 PM At the Server Backup Configuration screen of the Backup Schedule Wizard, choose whether to back up all the data or perform a custom backup, which allows you to define only certain files to back up. I like to back up all the data for the most part, so we’re going to go with the full server and click Next. Screen Shot 2013-06-08 at 12.03.11 PM At the Specify Backup Time screen, choose the appropriate times of the day to back the server up and click on the Next button. Screen Shot 2013-06-08 at 12.03.52 PM At the Specify Destination Type screen, choose where you’d like to back your data up to and then click on the Next button. As mentioned, we’re going to back data up to a network share. Screen Shot 2013-06-08 at 12.04.07 PM At the Specify Remote Shared Folder screen, provide a path to the network path that you’d like to back your files up to. Screen Shot 2013-06-08 at 12.05.06 PM The backups should then be tested and validated before putting a system into long-term production. The command line tool used to manage backups is wbadmin. The wbadmin has the following verbs available to it:
  • enable backup – modifies existing backups or makes new schedules
  • disable backup – disables a backup schedule
  • start backup – starts a one-time backup job
  • stop job – stops running recovery or backup jobs that are currently in progress
  • get versions – shows the details of backups for recovery
  • get items – lists the contents of a backup
  • start recovery – runs a recovery job
  • get disks – shows online disks
  • get virtualmachines – shows Hyper-V VMs
  • start systemstaterecovery – recovers the system state backup from a valid system state backup
  • start systemstatebackup – makes a system state backup
  • delete systemstatebackup – deletes a system state backup
  • delete backup – deletes a backup
  • delete catalog – used if a catalog gets corrupt usually, to delete a catalog of backups
  • restore catalog – only use this option to attempt to fix corrupted catalogs, restores a catalog
Note: In addition to these options, there are even more commands available to Powershell. These are pretty well documented at http://technet.microsoft.com/en-us/library/ee706683.aspx. So while you will still need a 3rd party tool if you wish to backup to tape or you need very complex features, there’s now a very easy to use tool, that integrates cloud and local storage backups for Windows Server and is just about as easy to manage and configure as Apple’s Time Machine is on OS X or OS X Server.

Managing DNS In Windows Server 2012

Previously, I covered installing the DNS role in Windows Server 2012. Once installed, managing the role is very similar to how management was done in Windows Server 2003 through 2008 R2. With the exception of how you access the tools. DNS is one of the most important services in Windows Servers, as with most other platforms. So it’s important to configure DNS. To get into the DNS Manager in 2012 Server, first open Server Manager (you might get sick of using this tool in Server 2012, similar to how my Mac Server brethren have gotten tired of it in Lion and Mountain Lion Servers. Then from Server Manager click on DNS from the Tools menu. Screen Shot 2013-06-07 at 7.47.38 PM Once the DNS Manager mmc is open, notice that you will have Forward and Reverse zones listed. The forward zones point names at IP addresses or other types of records and the reverse zones contain information about what the name is for a given IP address. Screen Shot 2013-06-07 at 7.51.53 PM By default there are no zones, so click on New Zone from the Action menu to bring up the New Zone Wizard. From here, click on Next. If the zone is a new zone, click on New Zone. Otherwise, choose Secondary Zone if the server will be acting as a secondary name server for a given zone (make sure the primary allows zone transfers from the IP of the system you’re configuring) or select Stub Zone if the server will host a partial list of records. Click Next when you’ve selected the type of zone to create. Screen Shot 2013-06-07 at 8.18.36 PM At the New Zone screen, enter a name for the zone. For example, krypted.com. Once entering the new Zone name, click Next. Screen Shot 2013-06-07 at 8.16.19 PM At the Zone file screen, enter a name for the file that information about the new zone will be stored in and click on the Next button. Screen Shot 2013-06-07 at 8.19.36 PM At the Dynamic Update screen, choose whether the zone will allow dynamic updates. Here, you can choose whether clients can update DNS information in zones and if so, who can do so. I usually just leave this at the default (unless I’m preparing to install AD into the zone) and click on the Next button. Screen Shot 2013-06-07 at 10.23.20 PM At the Completing the New Zone Wizard screen, click on the Finish button (provided of course that the settings match your desired configuration for the zone). Screen Shot 2013-06-07 at 10.24.02 PM Once you see the domain name in DNS Manager, double-click on it. You’ll see the NS and SOA records. Usually you won’t ever end up touching these. Next, create records for your domain. Using the Action menu, select to create a new A Record, CNAME, etc. In this example, we’ll create a basic A Record, selecting the checkbox to automatically create a PTR with the record. Click Screen Shot 2013-06-07 at 10.29.21 PM Continue creating your records until they’re all built and go ahead and take this time to test them as well, as they’re being created. I usually like to run a flushdns between each creation/change: ipfconfig /flushdns Once you’re done with all of the records, I usually like to restart DNS with net stop: net stop dns And of course, start it back up. net start dns At the DNS Manager screen, right-click (control-click if you’re using a Mac) on the name of the server and then click on Properties. From the Properties screen, you’ll initially see the interface screen. Here, uncheck the box for any of the interfaces you don’t wish to have a listener for the DNS service (port 43). Screen Shot 2013-06-07 at 10.33.36 PM Click on the Forwarders tab. Here, define servers that your server uses to resolve DNS. DNS is kinda’ like a pyramid scheme like that. You shouldn’t need to use these too often, but there are some great options here for conditional forwards, where your server looks to a specific server for a given DNS domain. Screen Shot 2013-06-07 at 10.33.48 PM Click on the Advanced tab. Here, you can configure a variety of server options. A common security task would be to disable recursion. If this server is an Active Directory integrated DNS server doing so would not disable additional Active Directory DNS servers from communicating with one another as they receive their DNS information from Active Directory, as can be seen in the Load zone data on startup field of this screen. The Enable BIND secondaries allows a Mac to act as a secondary DNS server for the records stored on this server. This doesn’t work too well with Active Directory service records, in my experience, but works pretty well with anything else provided you define each zone to cache. Screen Shot 2013-06-07 at 10.34.01 PM Click on Root Hints. If you need to edit these then you might be doing something wrong. Root hints are the root DNS servers that sit atop the DNS pyramid scheme. I’ve only ever needed to edit these once, at the instruction of Microsoft during a support call for an environment that was in a walled garden. If the server connects to the Internet then chances are it should use the Forwarders to resolve names as opposed to Root Hints. Screen Shot 2013-06-07 at 10.34.12 PM Click on the Monitoring tab. Here, you can configure a small monitor that will run queries against the DNS server (or with recursion as indicated with the second option) and you can automate the test to run every so often and show the results. Screen Shot 2013-06-07 at 10.34.23 PM Click on the Event Logging tab. By default, all events are logged. Here, you can decrease logging so that the server only logs errors, warnings or even nothing at all. Screen Shot 2013-06-07 at 10.34.32 PM Click on the debug logging. This is like a special rockin’ tcpdump for DNS logs. You can log packets of various types with regards to name resolution, filter the output by IP address(es) and dump information out to a file. This is extremely detailed logging so you also have the option to indicate a maximum size of your log files. Screen Shot 2013-06-07 at 10.34.42 PM You also have more more granular controls for each domain. In the DNS Manager, right-click on your new domain and then click on Properties. Here, you’ll see the information you provided when configuring the zone in the first place (btw, zone is pretty much the same thing as domain, except each subnet of IP addresses for PTR records is also considered a zone). At the General tab you can pause a domains DNS, change the zone from a primary to a secondary if needed, etc. You can also define a different name for your zone file and enable dynamic updates. If the zone is a primary zone, click on the Aging button if you’d like to configure stale record scavenging. There, you can define when records that become stale are automatically deleted. Screen Shot 2013-06-07 at 10.35.17 PM Click on the SOA tab. Here, you can define the serial number for the domain. Those are automatically provided but you can override them if needed. You can define primary servers if the zone is a secondary and then provide an email address/username of the user who manages the domain. Here, you also configure TTL for the domain, domain record expiry, retry intervals for the domain, etc. Screen Shot 2013-06-07 at 10.35.27 PM At the Name Servers tab, you can add servers that this zone can be hosted on. Screen Shot 2013-06-07 at 10.35.36 PM Click on the WINS tab. If you are integrating WINS with DNS then chances are you missed flannel going out of style. But that’s ok, since provided you’re wearing your flannel with super tight jeans that require a can opener to get off, it’s just fine to wear a flannel. Anyway, if you use WINS with DNS, you’ll need to install WINS with Server Manager. When you go to add WINS it’s a feature, not a role. Screen Shot 2013-06-07 at 10.35.48 PM Click on Zone Transfers. This is where you define what IP addresses are able to perform a zone transfer for the domain you’re configuring. By default, all hosts from the Name Servers tab can be accessed. To open it up for everyone (not the best security option) click “To any server”, or to use a separate list than the Name Servers use the “Only to the following servers” button and then use the Edit button to populate the list. Screen Shot 2013-06-07 at 10.35.58 PM   Once you’ve configured the properties for your zone as granularly as you’d like, click Apply and then finish populating the zone with any other required records and testing all the settings. I also like to restart my DNS again after all that fun stuff.

Configure File Shares In Windows Server 2012

As I mentioned in an earlier article, the File and Storage Role is installed by default in Windows Server 2012. This means you can create a file share with a very minimal amount of work on a brand new server. To get started, as with many things regarding Server 2012, open Server Manager. Screen Shot 2013-06-05 at 6.42.41 PM From Server Manager, click on File and Storage Services in the Server Manager sidebar. Then click on Shares. From the Shares screen, click on the Shares drop-down list and then click on New Share. Screen Shot 2013-06-05 at 6.44.16 PM This will open the New Share Wizard. From here, select a type of share. For the purposes of this article, we’ll create a very basic SMB share, so click on “SMB Share – Quick.” Then click on the Next button. Screen Shot 2013-06-05 at 6.51.48 PM At the Share Location screen, I like to click on “Type a custom path” and then click on the Browse button. Screen Shot 2013-06-05 at 7.13.32 PM At the Select Folder screen, browse to the folder you’d like to share out and then click on the Select Folder button. Then click on Next back at the Share Location screen. Screen Shot 2013-06-05 at 7.14.36 PM At the Share Name screen of the New Share Wizard, enter the name you want users to see when accessing the share in the Share Name field and the description (if any) that users will see in the screen when connecting to the share. You’ll also see the local path used to connect to that share on the server as well as the path that will be used to connect remotely in this screen. Click Next once you’ve entered the information. Screen Shot 2013-06-05 at 7.25.15 PM At the Other Settings screen, you have 4 options (checkboxes):
  • Enable Access Based Enumeration: If you have Mac clients this is often a bad idea. This feature ends up not showing people objects they don’t have access to. It’s great in a purely Windows environment, thought.
  • Allow Caching of Share: Allows Windows clients to right-click on a share and choose to cache it.
  • Enable Branch Cache on the File Server: Allows a computer in a branch office to act as a Branch Cache server/workgroup server.
  • Encrypt data access: Encrypts traffic to the share.
Most of these options are pretty irrelevant to the Mac and Linux, but can be helpful in purely Windows environments, especially if you need additional security or want your users caching data from the share. Once you’ve chosen the options that best work for you, click Next. Screen Shot 2013-06-05 at 7.32.11 PM At the Permissions screen, choose who has access to connect to the share. Note that controlling permissions to access objects from inside the share is done separately through the share and this option is just used to configure who can mount/map to the share. Click Next once only the users you want to access the share have the appropriate level of access. Screen Shot 2013-06-05 at 7.32.52 PM At the Confirmation screen, verify that all the settings for the share are correct and then click on the Create. Screen Shot 2013-06-05 at 7.38.28 PM Once the share is created, click on Close button. Screen Shot 2013-06-05 at 7.38.28 PM Then connect to the share and verify that the settings are as appropriate. Once done, create the subdirectories for the root level and configure permissions as appropriate.

Adding Roles In Windows Server 2012

Out of the box a Windows Server 2012 isn’t really that helpful. But luckily, it has these things called Roles. Roles are things like Hyper-V, File Sharing, Windows Update Services, Web Server, etc. Each role then has a collection of services that it can run as well, within the Role. Roles include (borrowing from Microsoft here):
  • Active Directory Certificate Services Overview This content provides an overview of Active Directory Certificate Services (AD CS) in Windows Server 2012. AD CS is the server role that allows you to build a public key infrastructure (PKI) and provide public key cryptography, digital certificates, and digital signature capabilities for your organization.
  • Active Directory Domain Services Overview By using the Active Directory Domain Services (AD DS) server role, you can create a scalable, secure, and manageable infrastructure for user and resource management, and provide support for directory-enabled applications such as Microsoft Exchange Server.
  • Active Directory Federation Services Overview This topic provides an overview of Active Directory Federation Services (AD FS) in Windows Server 2012.
  • Active Directory Lightweight Directory Services Overview Active Directory Lightweight Directory Services (AD LDS) is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the dependencies and domain-related restrictions of AD DS.
  • Active Directory Rights Management Services Overview This document provides an overview of Active Directory Rights Management Services (AD RMS) in Windows Server 2012. AD RMS is the server role that provides you with management and development tools that work with industry security technologies—including encryption, certificates, and authentication—to help organizations create reliable information protection solutions.
  • Application Server Overview Application Server provides an integrated environment for deploying and running custom, server-based business applications.
  • Failover Clustering Overview This topic describes the Failover Clustering feature and provides links to additional guidance about creating, configuring, and managing failover clusters on up to 4,000 virtual machines or up to 64 physical nodes.
  • File and Storage Services Overview This topic discusses the File and Storage Services server role in Windows Server 2012, including what’s new, a list of role services, and where to find evaluation and deployment information.
  • Group Policy Overview This topic describes the Group Policy feature in Windows Server 2012 and Windows 8. Use this topic to find the documentation resources and other technical information you need to accomplish key Group Policy tasks, new or updated functionality in this version compared to previous versions of Group Policy, and ways to automate common Group Policy tasks using Windows PowerShell.
  • Hyper-V Overview This topic describes the Hyper-V role in Windows Server 2012—practical uses for the role, the most significant new or updated functionality in this version compared to previous versions of Hyper-V, hardware requirements, and a list of operating systems (known as guest operating systems) supported for use in a Hyper-V virtual machine.
  • Networking Overview This section contains detailed information about networking products and features for the IT professional to design, deploy, and maintain Windows Server 2012.
  • Network Load Balancing Overview By managing two or more servers as a single virtual cluster, Network Load Balancing (NLB) enhances the availability and scalability of Internet server applications such as those used on web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers. This topic describes the NLB feature and provides links to additional guidance about creating, configuring, and managing NLB clusters.
  • Network Policy and Access Services Overview This topic provides an overview of Network Policy and Access Services in Windows Server 2012, including the specific role services of Network Policy Server (NPS), Health Registration Authority (HRA), and Host Credential Authorization Protocol (HCAP). Use the Network Policy and Access Services server role to deploy and configure Network Access Protection (NAP), secure wired and wireless access points, and RADIUS servers and proxies.
  • Print and Document Services Overview This is an overview of Print and Document Services, including Print Server, Distributed Scan Server, and Fax Server in Windows Server 2012.
  • Remote Desktop Services Overview Remote Desktop Services accelerates and extends desktop and application deployments to any device, improving remote worker efficiency, while helping to keep critical intellectual property secure and simplify regulatory compliance. Remote Desktop Services enables both a virtual desktop infrastructure (VDI) and session-based desktops, allowing users to work anywhere.
  • Security and Protection Overview The table on this page provides links to available information for the IT pro about security technologies and features for Windows Server 2012 and Windows 8.
  • Telemetry Overview Find out about Windows Feedback Forwarder—a service that enables you to automatically send feedback to Microsoft by deploying a Group Policy setting to one or more organizational units. Windows Feedback Forwarder is available on all editions of Windows Server 2012.
  • Volume Activation Overview This technical overview for the IT pro describes the volume activation technologies in Windows Server 2012 and how your organization can benefit from using these technologies to deploy and manage volume licenses for a medium to large number of computers.
  • Web Server (IIS) Overview This document introduces the Web Server (IIS) role of Windows Server 2012, describes new IIS 8 features, and links to additional Microsoft and community information about IIS.
  • Windows Deployment Services Overview Windows Deployment Services enables you to deploy Windows operating systems over the network, which means that you do not have to install each operating system directly from a CD or DVD.
  • Windows Server Backup Feature Overview This section provides an overview of the Windows Server Backup feature and lists the new features in Windows Server 2012.
  • Windows Server Update Services Overview Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network. In Windows Server 2012, this feature is integrated with the operating system as a server role. This topic provides an overview of this server role and more information about how to deploy and maintain WSUS.
  • Windows System Resource Manager Overview With Windows System Resource Manager for the Windows Server 2012 operating system, you can manage server processor and memory usage with standard or custom resource policies. Managing your resources can help ensure that all the services provided by a single server are available on an equal basis or that your resources will always be available to high-priority applications, services, or users.
To add a Role is a pretty straight forward process. To get started, open Server Manager and click on the Dashboard. From the Dashboard, click on the Manage menu and click on Add Roles and Features. Screen Shot 2013-06-04 at 3.17.44 PM At the Add Roles and Features Wizard click on Next at the Before You Begin Screen. Screen Shot 2013-06-04 at 3.19.47 PM At the Installation Type screen, click on Role-based or Feature-based Installation, unless you are installing Remote Desktop Services (formerly called Terminal Services), then click on that radio button instead. Screen Shot 2013-06-04 at 3.20.00 PM At the Server Selection screen, click on the server you’d like to install the role on and then click on Next. Screen Shot 2013-06-04 at 3.22.17 PM At the Add Roles or Features screen, choose the role you’d like to install. Screen Shot 2013-06-04 at 3.23.41 PM If there are any requirements to use the service, you’ll then be notified that those requirements exist. I usually leave the Include management tools (if applicable) box checked the first time I install a role and click on Add Features. Screen Shot 2013-06-04 at 3.25.52 PM If any issues are encountered, you’ll then be alerted that there was a problem. If you’d like to correct the issue, click cancel, correct the issue and then rerun the tool. Or if you’d like to proceed anyway, click Continue. Screen Shot 2013-06-04 at 3.27.07 PM Back at the Server Roles screen, the box will then be checked. Click on Next. At the Features screen, you can add a feature, although in this case we won’t be doing so. Then, click Next. Screen Shot 2013-06-04 at 3.30.43 PM At the screen for the role you just selected, read the information, then click Next. Screen Shot 2013-06-04 at 3.32.04 PM At the Confirmation screen, click Install. Optionally, you can also choose whether to reboot the server when the service is finished installing. Screen Shot 2013-06-04 at 3.37.36 PM Once installed, click Close. Also, at this screen, you can export the configuration settings for the service for future use. That’s it. You’ve now installed DNS services in Windows Server (or whatever service you are setting up). The services still need to be configured, but the initial install should now be complete!