1 / 49

IT series – What’s New in Windows Server 2008 R2

IT series – What’s New in Windows Server 2008 R2. Donald Hester October 7, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/ code 386162. Housekeeping. Maximize your CCC Confer window. Phone audio will be in presenter-only mode.

forbes
Download Presentation

IT series – What’s New in Windows Server 2008 R2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT series – What’s New in Windows Server 2008 R2 Donald Hester October 7, 2010 For audio call Toll Free 1-888-886-3951 and use PIN/code 386162

  2. Housekeeping • Maximize your CCC Confer window. • Phone audio will be in presenter-only mode. • Ask questions and make comments using the chat window.

  3. Adjusting Audio • If you’re listening on your computer, adjust your volume using the speaker slider. • If you’re listening over the phone, click on phone headset. Do not listen on both computer and phone.

  4. Saving Files & Open/close Captions • Save chat window with floppy disc icon • Open/close captioning window with CC icon

  5. Emoticons and Polling • Raise hand and Emoticons • Polling options

  6. Donald Hester IT series – What’s New in Windows Server 2008 R2

  7. Donald E. Hester CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+ Director, Maze & Associates University of San Francisco / San Diego City College / Los Positas College www.LearnSecurity.org http://www.linkedin.com/in/donaldehester http://www.facebook.com/group.php?gid=245570977486 Email: DonaldH@MazeAssociates.com

  8. History • What’s new in Hyper-V • What’s new in NTFS • What’s new with Service Accounts • What’s new in User Account Control • What’s Direct Access • What’s new with BitLocker • What’s AppLocker • What’s new in Biometric support • What’s new in SmartCardsupport • What’s new in Backup • What’s BranchCache • What’s new in DNS • What's New in Failover Clusters • What's New in Microsoft iSCSI Initiator • What's New in Remote Desktop Services • What’s new in performance and reliability monitoring • What’s new in Event Auditing • What’s new in Server Core • What’s New in Active Directory

  9. Windows History Note the following versions of Windows were DOS based: Windows 3.11, Windows 95, Windows 98, Windows Me

  10. What’s new in Hyper-V? • The following changes to existing features: • Dynamic virtual machine storage • Enhanced processor support • Enhanced networking support • New • Live Migration

  11. Quick Migration vs. Live Migration • Live Migration • (Windows Server 2008 R2 Hyper-V) Quick Migration (Windows Server 2008 Hyper-V) • Save state • Create VM on the target • Write VM memory to shared storage • Move virtual machine • Move storage connectivity from source host to target host via Ethernet • Restore state & Run • Take VM memory from shared storage and restore on Target • Run • VM State/Memory Transfer • Create VM on the target • Move memory pages from the source to the target via Ethernet • Final state transfer and virtual machine restore • Pause virtual machine • Move storage connectivity from source host to target host via Ethernet • Un-pause & Run Host 1 Host 2 Host 1 Host 2

  12. What’s new in NTFS? • VHD Boot in Windows • Native VHD support • Chkdsk performance improvements • Robocopy performance enhancement • Local file copy improvements • Improvements in Volume Shrink • Improved performance for solid state disks (SSD) • Defrag for metadata

  13. What’s new with Service Accounts? • Service accounts have always had issues • Security hole • Password never changes • Nobody knows the passwords • Not sure what services where are using the service accounts

  14. Virtual Accounts • Want better isolation than existing service accounts • Don’t want to manage passwords • Virtual accounts are like service accounts: • Process runs with virtual SID as principal • Can ACL objects to that SID • System-managed password • Show up as computer account when accessing network • Services can specify a virtual account • Account name must be “NT SERVICE\<service>” • Service control manager verifies that service name matches account name • Service control manager creates a user profile for the account • Also used by IIS app pool and SQL Server

  15. Managed Service Accounts • Services sometimes require network identity e.g. SQL, IIS • Before, domain account was only option • Required administrator to manage password and Service Principal Names (SPN) • Management could cause outage while clients updated to use new password • Windows Server 2008 R2 Active Directory introduces Managed Service Accounts (MSA) • New AD class • Password and SPN automatically managed by AD like computer accounts • Configured via PowerShell scripts • Limitation: can be assigned to one system only

  16. What’s New with User Account Control? • 29% fewer user account control (UAC) prompts than Windows Vista has, and • fewer prompts in general • "We've put users in control and allowed them the ability to tune the level of prompting" using a slider bar • Paul Cooke, director of Windows Client Enterprise Security

  17. UAC Slide Bar

  18. UAC in GPO

  19. What’s DirectAccess? • DirectAccess offers remote workers the same level of seamless and secure connectivity as they have in the office. • The system automatically creates a secure tunnel to the corporate network and workers don't have to manually connect • DirectAccess also allows IT administrators to patch systems whenever a remote worker is on the network

  20. DirectAccess • DirectAccess also uses IPsec to authenticate the computer and user, encrypt the data crossing over the Internet • Can even be used to require employees to authenticate with a smart card

  21. DirectAccess Requirements • Active Directory • PKI Certificates • IPv6 • Server 2008 R2 • Windows 7 Or you can use ForeFront USG

  22. What’s new with BitLocker? • Windows Vista users have to repartition their hard drive to create the required hidden boot partition • Windows 7 & Server 2008 R2 creates that partition automatically when BitLocker is enabled • Windows 7 & Server 2008 R2 extends the Data Recovery Agent (DRA) to include all encrypted volumes • As a result, only one encryption key is needed on any BitLocker-encrypted Windows machine

  23. What replaces software restriction polices? • AppLocker technology that allows administrators to control the software that runs on Windows 7 & Server 2008 R2 machines • This ensures that only authorized scripts, installers, and dynamic load libraries are accessed • It can also be used to keep unlicensed software off machines

  24. What’s new in Biometrics? • A Biometric Devices Control Panel • Device Manager support for managing drivers for biometric devices • Credential provider support (UAC elevation) • Group Policy settings to enable, disable, or limit the use of biometric data for a local computer or domain • Biometric device driver software available from Windows Update

  25. What’s new in Smart Card support? • Windows 7 & Server 2008 R2 extends the smart card support offered in Windows Vista by automatically installing the drivers required to support smart cards and smart card readers, without administrative permission • Smart Card device driver software available from Windows Update

  26. What's new in Backup? • Ability to back up/exclude individual files and to include/exclude file types and paths from a volume • Improved performance and use of incremental backups • Expanded options for backup storage • Improved options and performance for system state backups and recoveries • Expanded command-line support • Expanded Windows PowerShell support

  27. What’s BranchCache? • Microsoft recommends that users run Windows 7 clients in conjunction with Windows 2008 R2 servers in order to get the benefit of BranchCache, a caching application that makes networked applications faster and more responsive

  28. What’s BranchCache?

  29. What's New in Failover Clusters? • Improvements to the validation process for a new or existing cluster • Improvements in functionality for clustered virtual machines (which run with the Hyper-V feature) • The addition of a Windows PowerShell interface • Additional options for migrating settings from one cluster to another (Live Migration & Quick Migration)

  30. What's New in Microsoft iSCSIInitiator? • User interface enhancement and redesign • iSCSI digest offload support • better CPU utilization • iSCSI boot support for up to 32 paths at boot time • Redundancy needed to protect against network component failures or outages

  31. What’s New with DNS? • DNS Security Extensions (DNSSEC) • DNS Devolution • DNS Cache Locking • DNS Socket Pool

  32. DNSSEC • Supports Domain Name System Security Extensions (DNSSEC), newly established protocols that give organizations greater confidence that DNS records are not being spoofed

  33. DNS Devolution • Helps clients in child domains resolve host names when they are not sure what domain the host is in • This can be set to specific levels of resolution (Domain Child/Parent Levels) • For example: An application attempting to query the host name emailsrv7 will attempt to resolve emailsrv7.central.contoso.com and emailsrv7.contoso.com

  34. DNS Cache Locking • Cache locking is a new security feature available with Windows Server® 2008 R2 that allows you to control whether or not information in the DNS cache can be overwritten.

  35. DNS Socket Pool • The socket pool enables a DNS server to use source port randomization when issuing DNS queries • This provides enhanced security against cache poisoning attacks

  36. What's New in Remote Desktop Services? Server 2008 R2 with SP 1 • Microsoft RemoteFX has been added to Remote Desktop Services • 3D adapter • USB redirection • Intelligent capture and compression that adapts for the best user experience • All Remote Desktop Services role services have been renamed

  37. What’s new in performance and reliability monitoring?

  38. What’s new in Event Auditing? • Enhancements to event auditing • Regulatory and business requirements are easier to fulfill through management of audit configurations, monitoring of changes made by specific people or groups, and more-granular reporting. • For example, Windows 7 reports why someone was granted or denied access to specific information.

  39. What’s new in Server Core? • Additional Server Roles Available • The Active Directory® Certificate Services (AD CS) role • The File Server Resource Manager component of the File Services role • A subset of ASP.NET in the Web Server role

  40. What’s new in Server Core? • Additional Features • Support for .NET framework • Windows PowerShell • Windows-on-Windows 64-bit (WoW64) • Removed • The removable storage feature • New support • Remote configuration with Server Manager

  41. What’s New in Active Directory? • Active Directory Recycle Bin • Changes to Group Policies • WindowsPowerShell cmdlets • AD Administrative Center • AD Best Practices Analyzer • Offline domain join • Managed Service Accounts • Management Pack

  42. What’s new in Group Policies? • Extended Windows 7 & Server 2008 R2 polices • Windows PowerShell Cmdlets for Group Policy • Additional Group Policy Preferences • Improved Starter Group Policy Objects • Improved UI Admin Template Functionality

  43. AD Recycle Bin • Information technology (IT) professionals can use Active Directory Recycle Bin to undo an accidental deletion of an Active Directory object. • Accidental object deletion causes business downtime. • This is the number one cause of Active Directory recovery scenarios. • Active Directory Recycle Bin works for both AD DS and Active Directory Lightweight Directory Services (AD LDS) objects. • This feature is enabled in AD DS at the Windows Server 2008 R2 forest functional level.

  44. AD Recycle Bin 180 Days 180 Days

  45. Your slides here http://www.microsoft.com/windowsserver2008/en/us/whats-new.aspx

  46. Donald E. Hester CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+ Director, Maze & Associates University of San Francisco / San Diego City College / Los Positas College www.LearnSecurity.org http://www.linkedin.com/in/donaldehester http://www.facebook.com/group.php?gid=245570977486 Email: DonaldH@MazeAssociates.com

  47. Evaluation Survey Link Help us improve our seminars by filing out a short online evaluation survey at: http://www.surveymonkey.com/s/IT-WindowsServer

  48. Thanks for attending For upcoming events and links to recently archived seminars, check the @ONE Web site at: http://onefortraining.org/ IT series – What’s New in Windows Server 2008 R2

More Related