PowerPoint Slides for session
advertisement
IT series – What’s New in Windows Server 2008 R2 Donald Hester October 7, 2010 For audio call Toll Free 1-888-886-3951 and use PIN/code 386162 Housekeeping • Maximize your CCC Confer window. • Phone audio will be in presenter-only mode. • Ask questions and make comments using the chat window. Adjusting Audio 1) If you’re listening on your computer, adjust your volume using the speaker slider. 2) If you’re listening over the phone, click on phone headset. Do not listen on both computer and phone. Saving Files & Open/close Captions 1. Save chat window with floppy disc icon 2. Open/close captioning window with CC icon Emoticons and Polling 1) Raise hand and Emoticons 2) Polling options IT series – What’s New in Windows Server 2008 R2 Donald Hester Donald E. Hester CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+ Director, Maze & Associates University of San Francisco / San Diego City College / Los Positas College www.LearnSecurity.org http://www.linkedin.com/in/donaldehester http://www.facebook.com/group.php?gid=245570977486 Email: DonaldH@MazeAssociates.com History What’s new in Hyper-V What’s new in NTFS What’s new with Service Accounts What’s new in User Account Control What’s Direct Access What’s new with BitLocker What’s AppLocker What’s new in Biometric support What’s new in SmartCard support What’s new in Backup What’s BranchCache What’s new in DNS What's New in Failover Clusters What's New in Microsoft iSCSI Initiator What's New in Remote Desktop Services What’s new in performance and reliability monitoring What’s new in Event Auditing What’s new in Server Core What’s New in Active Directory Windows History Server OS Corresponding Client OS Kernel Version Build Server 2008 R2 Windows 7 NT 6.1 7600 Server 2008 Windows Vista NT 6.0 6000 NT 5.2 3790 Windows XP Pro (x64) NT 5.2 3790 Windows XP Pro (x86) NT 5.1 2600 Server 2000 Windows 2000 Pro NT 5.0 2195 Windows NT 4 Server Windows NT 4 Workstation NT 4.0 1381 Windows NT 3.51 Windows NT 3.51 NT 3.51 1057 Windows NT 3.1 Windows NT 3.1 NT 3.1 528 Server 2003 R2 Server 2003 Note the following versions of Windows were DOS based: Windows 3.11, Windows 95, Windows 98, Windows Me 9 What’s new in Hyper-V? The following changes to existing features: • Dynamic virtual machine • • storage Enhanced processor support Enhanced networking support New • Live Migration 10 Quick Migration vs. Live Migration • Quick Migration Live Migration (Windows Server 2008 Hyper-V) (Windows Server 2008 R2 Hyper-V) • • • Save state • Create VM on the target Write VM memory to shared storage Move virtual machine • Move storage connectivity from source host to target host via Ethernet • source to the target via Ethernet • Restore state & Run • Take VM memory from shared • storage and restore on Target Run Host 2 Final state transfer and virtual machine restore • Pause virtual machine • Move storage connectivity from source host to target host via Ethernet • Host 1 VM State/Memory Transfer • Create VM on the target • Move memory pages from the Un-pause & Run Host 1 Host 2 What’s new in NTFS? • VHD Boot in Windows • Native VHD support • Chkdsk performance improvements • Robocopy performance enhancement • Local file copy improvements • Improvements in Volume Shrink • Improved performance for solid state disks (SSD) • Defrag for metadata What’s new with Service Accounts? Service accounts have always had issues • Security hole • Password never changes • Nobody knows the passwords • Not sure what services where are using the service accounts 13 Virtual Accounts Want better isolation than existing service accounts • Don’t want to manage passwords Virtual accounts are like service accounts: • Process runs with virtual SID as principal Can ACL objects to that SID • System-managed password • Show up as computer account when accessing network Services can specify a virtual account • Account name must be “NT SERVICE\<service>” Service control manager verifies that service name matches account name • Service control manager creates a user profile for the account Also used by IIS app pool and SQL Server Managed Service Accounts Services sometimes require network identity e.g. SQL, IIS Before, domain account was only option • Required administrator to manage password and Service Principal Names (SPN) • Management could cause outage while clients updated to use new password Windows Server 2008 R2 Active Directory introduces Managed Service Accounts (MSA) • New AD class • Password and SPN automatically managed by AD like computer accounts • Configured via PowerShell scripts • Limitation: can be assigned to one system only What’s New with User Account Control? 29% fewer user account control (UAC) prompts than Windows Vista has, and fewer prompts in general "We've put users in control and allowed them the ability to tune the level of prompting" using a slider bar • Paul Cooke, director of Windows Client Enterprise Security UAC Slide Bar UAC in GPO What’s DirectAccess? DirectAccess offers remote workers the same level of seamless and secure connectivity as they have in the office. The system automatically creates a secure tunnel to the corporate network and workers don't have to manually connect DirectAccess also allows IT administrators to patch systems whenever a remote worker is on the network DirectAccess DirectAccess also uses IPsec to authenticate the computer and user, encrypt the data crossing over the Internet Can even be used to require employees to authenticate with a smart card DirectAccess Requirements Active Directory PKI Certificates IPv6 Server 2008 R2 Windows 7 Or you can use ForeFront USG What’s new with BitLocker? Windows Vista users have to repartition their hard drive to create the required hidden boot partition • Windows 7 & Server 2008 R2 creates that partition automatically when BitLocker is enabled Windows 7 & Server 2008 R2 extends the Data Recovery Agent (DRA) to include all encrypted volumes • As a result, only one encryption key is needed on any BitLocker-encrypted Windows machine What replaces software restriction polices? AppLocker technology that allows administrators to control the software that runs on Windows 7 & Server 2008 R2 machines This ensures that only authorized scripts, installers, and dynamic load libraries are accessed It can also be used to keep unlicensed software off machines What’s new in Biometrics? A Biometric Devices Control Panel Device Manager support for managing drivers for biometric devices Credential provider support (UAC elevation) Group Policy settings to enable, disable, or limit the use of biometric data for a local computer or domain Biometric device driver software available from Windows Update What’s new in Smart Card support? Windows 7 & Server 2008 R2 extends the smart card support offered in Windows Vista by automatically installing the drivers required to support smart cards and smart card readers, without administrative permission Smart Card device driver software available from Windows Update What's new in Backup? Ability to back up/exclude individual files and to include/exclude file types and paths from a volume Improved performance and use of incremental backups Expanded options for backup storage Improved options and performance for system state backups and recoveries Expanded command-line support Expanded Windows PowerShell support 28 What’s BranchCache? Microsoft recommends that users run Windows 7 clients in conjunction with Windows 2008 R2 servers in order to get the benefit of BranchCache, a caching application that makes networked applications faster and more responsive What’s BranchCache? 32 What's New in Failover Clusters? Improvements to the validation process for a new or existing cluster Improvements in functionality for clustered virtual machines (which run with the Hyper-V feature) The addition of a Windows PowerShell interface Additional options for migrating settings from one cluster to another (Live Migration & Quick Migration) 33 What's New in Microsoft iSCSI Initiator? User interface enhancement and redesign iSCSI digest offload support • better CPU utilization iSCSI boot support for up to 32 paths at boot time • Redundancy needed to protect against network component failures or outages 34 What’s New with DNS? 35 DNS Security Extensions (DNSSEC) DNS Devolution DNS Cache Locking DNS Socket Pool DNSSEC Supports Domain Name System Security Extensions (DNSSEC), newly established protocols that give organizations greater confidence that DNS records are not being spoofed DNS Devolution Helps clients in child domains resolve host names when they are not sure what domain the host is in This can be set to specific levels of resolution (Domain Child/Parent Levels) For example: An application attempting to query the host name emailsrv7 will attempt to resolve emailsrv7.central.contoso.com and emailsrv7.contoso.com 37 DNS Cache Locking Cache locking is a new security feature available with Windows Server® 2008 R2 that allows you to control whether or not information in the DNS cache can be overwritten. 38 DNS Socket Pool The socket pool enables a DNS server to use source port randomization when issuing DNS queries This provides enhanced security against cache poisoning attacks 39 What's New in Remote Desktop Services? Server 2008 R2 with SP 1 Microsoft RemoteFX has been added to Remote Desktop Services • 3D adapter • USB redirection Intelligent capture and compression that adapts for the best user experience All Remote Desktop Services role services have been renamed 40 What’s new in performance and reliability monitoring? 41 What’s new in Event Auditing? Enhancements to event auditing Regulatory and business requirements are easier to fulfill through management of audit configurations, monitoring of changes made by specific people or groups, and more-granular reporting. For example, Windows 7 reports why someone was granted or denied access to specific information. What’s new in Server Core? Additional Server Roles Available • The Active Directory® Certificate Services • • 43 (AD CS) role The File Server Resource Manager component of the File Services role A subset of ASP.NET in the Web Server role What’s new in Server Core? Additional Features • Support for .NET framework • Windows PowerShell • Windows-on-Windows 64-bit (WoW64) Removed • The removable storage feature New support • Remote configuration with Server Manager 44 What’s New in Active Directory? 45 Active Directory Recycle Bin Changes to Group Policies Windows PowerShell cmdlets AD Administrative Center AD Best Practices Analyzer Offline domain join Managed Service Accounts Management Pack What’s new in Group Policies? Extended Windows 7 & Server 2008 R2 polices Windows PowerShell Cmdlets for Group Policy Additional Group Policy Preferences Improved Starter Group Policy Objects Improved UI Admin Template Functionality 46 AD Recycle Bin Information technology (IT) professionals can use Active Directory Recycle Bin to undo an accidental deletion of an Active Directory object. Accidental object deletion causes business downtime. This is the number one cause of Active Directory recovery scenarios. Active Directory Recycle Bin works for both AD DS and Active Directory Lightweight Directory Services (AD LDS) objects. This feature is enabled in AD DS at the Windows Server 2008 R2 forest functional level. AD Recycle Bin 180 Days 180 Days Your slides here http://www.microsoft.com/windowsserver2008/en/us/whats-new.aspx Donald E. Hester CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+ Director, Maze & Associates University of San Francisco / San Diego City College / Los Positas College www.LearnSecurity.org http://www.linkedin.com/in/donaldehester http://www.facebook.com/group.php?gid=245570977486 Email: DonaldH@MazeAssociates.com Evaluation Survey Link Help us improve our seminars by filing out a short online evaluation survey at: http://www.surveymonkey.com/s/IT-WindowsServer IT series – What’s New in Windows Server 2008 R2 Thanks for attending For upcoming events and links to recently archived seminars, check the @ONE Web site at: http://onefortraining.org/
