By default, Windows Server 2012 comes without a security solution.
This is especially important if you use 2012 as a robust workstation OS for your studying needs.
So, to protect your time-consuming lab-rat experiments, you might feel left "high and dry".
'Though not everything is lost, since there are 2 hacks you might wish to implement to provide a minimum form of protection to your lab.
1. Microsoft Security Essentials for Windows 7 into Windows Server 2012.
The first hack allows you to install Microsoft Security Essentials (MSE).
Microsoft Security Essentials is designed for Windows 7 and is not compatible (nor supported) on Windows Server 2012.
But if you insist, you might as well end-up installing it on your Windows Server 2012.
- Download a copy of MSE from Microsoft: http://windows.microsoft.com/en-us/windows/security-essentials-all-versions
- Right Click on the "mseinstall.exe".
- Click on Properties.
- Click on the "Compatibility"-tab.
- Locate the "Compatibility mode"-section.
- Check "Run this program in compatibility mode for:".
- Select From the (now active) dropdown menu "Windows 7".
- Open a Command Prompt as Administrator.
- cd to your Downloads folder (ie. cd C:\Users\%username%\Downloads).
- Run "mseinstall /disableoslimit" and follow the installer prompts to install MSE on your Windows Server 2012.
2. Microsoft Endpoint Protection 2012 (part of the System Center 2012 suite).
Microsoft Endpoint Protection 2012 is part of a freaking awesome Microsoft System Center suite.
For further info, please refer to http://en.wikipedia.org/wiki/System_Center#Microsoft_System_Center
The Microsoft System Center suite of programs is a fully integrated Client/Server solution that allows you to automate your infrastructure management.
Amongst other things, Microsoft Endpoint Protection 2012 is the "security" component of the suite - a Client/Server Security solution that fully integrates with your Active Directory Domain.
In layman's terms, Microsoft Endpoint Protection 2012 could be considered as the "full" version of Microsoft Security Essentials (aka Windows Defender on Windows 8/8.1).
The solution includes both a "Server" application (ie. to deploy on your application server) and a "Client" counterpart (ie. for your workstations).
- The hack described in here is the possibility to run the Client as a "standalone" product (ie. without having to rely on the Server application).
Not only, you can even get the client "for free", by simply downloading the Trial version of the entire Microsoft Endpoint Protection 2012 suite (trial refers to the Server Application).
To install System Center 2012 Endpoint Protection on Windows Server 2012 proceed as follows:
- Download Microsoft System Center Configuration Manager and Enpoint Protection 2012 SP1 from the following address:
Once you obtain the package (mine was named SC2012_SP1_RTM_SCCM_SCEP.exe and it was 613MB):
- Right Click on it and open the archive with 7zip.
- Extract the "CLIENT"-Folder from SC2012_SP1_RTM_SCCM_SCEP.exe into a temporary location.
- Browse to the CLIENT folder with Windows Explorer and run "SCEPINSTALL.exe".
- Follow the installer Prompts and you'll end up with a fully featured Security Solution courtesy of Microsoft.
Now, apart from what's moral and what's not, Microsoft highly likely wishes you to "give it a go" (at their own Security solutions).
Despite glorious bugs that made glowing news during the previous decade, Microsoft takes a serious stand when it comes to Security.
How?! For one, by constantly releasing Windows "Security Updates".
Pair that with a basic form of malware protection and you might just end up covering 80% of your security needs.
Independent testing says:"meh..!".
If you asked me what's my favourite professional security suite, I'd say:"it depends".
If you're an SMB with limited resources (and perhaps close to none IT personnel), then I'd lean towards a fully managed OOB solution (like Bitdefender).
If you're a Windows-only Enterprise or Government organization, then I'd lean towards a secured Active Directory domain environment (ie. w/Applocker & IPSec), with the integration & automation provided by Microsoft System Center-based solutions (such as Endpoint Protection 2012).
[UPDATE] 2014-02-12 - Windows Server 2012 R2 compatibility:
Jens (a reader of this article), reports SCCM 2012 SP1 is not working on his Windows Server 2012 R2.
- I tried to run MS SCCM 2012 R2 EP Client on Windows Server 2012 R2 Datacenter and it just worked!
So yes, the above procedure is confirmed to work on Windows Server 2012 R2 - provided you use Microsoft System Center 2012 R2 Endpoint Protection Client.
Updated procedure for Windows Server 2012 R2.
- Obtain SCCM 2012 R2 TRIAL from http://technet.microsoft.com/en-us/evalcenter/dn205297.aspx
- Extract the SCCM 2012 R2 EP "Client"-Folder from SC2012_R2_SCCM_SCEP.exe.
- Run "SCEPINSTALL.exe" as Admin.