An update - the username used in Windows Server 2012 is "IUSR". So I'm just going line by line in the permissions check PHP and making sure each directory mentioned has permissions for ISUR as listed in the PHP. It'd be nice if this was documented a bit better - instead of just saying OK or FAIL that it listed the permissions looked for.