It series what s new in windows server 2008 r2
Sponsored Links
This presentation is the property of its rightful owner.
1 / 49

IT series – What’s New in Windows Server 2008 R2 PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on
  • Presentation posted in: General

IT series – What’s New in Windows Server 2008 R2. Donald Hester October 7, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/ code 386162. Housekeeping. Maximize your CCC Confer window. Phone audio will be in presenter-only mode.

Download Presentation

IT series – What’s New in Windows Server 2008 R2

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


IT series – What’s New in Windows Server 2008 R2

Donald Hester

October 7, 2010

For audio call Toll Free 1-888-886-3951

and use PIN/code 386162


Housekeeping

  • Maximize your CCC Confer window.

  • Phone audio will be in presenter-only mode.

  • Ask questions and make comments using the chat window.


Adjusting Audio

  • If you’re listening on your computer, adjust your volume using the speaker slider.

  • If you’re listening over the phone, click on phone headset.

    Do not listen on both computer and phone.


Saving Files & Open/close Captions

  • Save chat window with floppy disc icon

  • Open/close captioning window with CC icon


Emoticons and Polling

  • Raise hand and Emoticons

  • Polling options


Donald Hester

IT series – What’s New in Windows Server 2008 R2


Donald E. Hester

CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+

Director, Maze & Associates

University of San Francisco / San Diego City College / Los Positas College

www.LearnSecurity.org

http://www.linkedin.com/in/donaldehester

http://www.facebook.com/group.php?gid=245570977486

Email:

[email protected]


  • History

  • What’s new in Hyper-V

  • What’s new in NTFS

  • What’s new with Service Accounts

  • What’s new in User Account Control

  • What’s Direct Access

  • What’s new with BitLocker

  • What’s AppLocker

  • What’s new in Biometric support

  • What’s new in SmartCardsupport

  • What’s new in Backup

  • What’s BranchCache

  • What’s new in DNS

  • What's New in Failover Clusters

  • What's New in Microsoft iSCSI Initiator

  • What's New in Remote Desktop Services

  • What’s new in performance and reliability monitoring

  • What’s new in Event Auditing

  • What’s new in Server Core

  • What’s New in Active Directory


Windows History

Note the following versions of Windows were DOS based:

Windows 3.11, Windows 95, Windows 98, Windows Me


What’s new in Hyper-V?

  • The following changes to existing features:

    • Dynamic virtual machine storage

    • Enhanced processor support

    • Enhanced networking support

  • New

    • Live Migration


Quick Migration vs. Live Migration

  • Live Migration

  • (Windows Server 2008 R2 Hyper-V)

Quick Migration

(Windows Server 2008 Hyper-V)

  • Save state

    • Create VM on the target

    • Write VM memory to shared storage

  • Move virtual machine

    • Move storage connectivity from source host to target host via Ethernet

  • Restore state & Run

    • Take VM memory from shared storage and restore on Target

    • Run

  • VM State/Memory Transfer

    • Create VM on the target

    • Move memory pages from the source to the target via Ethernet

  • Final state transfer and virtual machine restore

    • Pause virtual machine

    • Move storage connectivity from source host to target host via Ethernet

  • Un-pause & Run

Host 1

Host 2

Host 1

Host 2


What’s new in NTFS?

  • VHD Boot in Windows

  • Native VHD support

  • Chkdsk performance improvements

  • Robocopy performance enhancement

  • Local file copy improvements

  • Improvements in Volume Shrink

  • Improved performance for solid state disks (SSD)

  • Defrag for metadata


What’s new with Service Accounts?

  • Service accounts have always had issues

    • Security hole

    • Password never changes

    • Nobody knows the passwords

    • Not sure what services where are using the service accounts


Virtual Accounts

  • Want better isolation than existing service accounts

    • Don’t want to manage passwords

  • Virtual accounts are like service accounts:

    • Process runs with virtual SID as principal

      • Can ACL objects to that SID

    • System-managed password

    • Show up as computer account when accessing network

  • Services can specify a virtual account

    • Account name must be “NT SERVICE\<service>”

      • Service control manager verifies that service name matches account name

    • Service control manager creates a user profile for the account

  • Also used by IIS app pool and SQL Server


Managed Service Accounts

  • Services sometimes require network identity e.g. SQL, IIS

  • Before, domain account was only option

    • Required administrator to manage password and Service Principal Names (SPN)

    • Management could cause outage while clients updated to use new password

  • Windows Server 2008 R2 Active Directory introduces Managed Service Accounts (MSA)

    • New AD class

    • Password and SPN automatically managed by AD like computer accounts

    • Configured via PowerShell scripts

    • Limitation: can be assigned to one system only


What’s New with User Account Control?

  • 29% fewer user account control (UAC) prompts than Windows Vista has, and

  • fewer prompts in general

  • "We've put users in control and allowed them the ability to tune the level of prompting" using a slider bar

    • Paul Cooke, director of Windows Client Enterprise Security


UAC Slide Bar


UAC in GPO


What’s DirectAccess?

  • DirectAccess offers remote workers the same level of seamless and secure connectivity as they have in the office.

  • The system automatically creates a secure tunnel to the corporate network and workers don't have to manually connect

  • DirectAccess also allows IT administrators to patch systems whenever a remote worker is on the network


DirectAccess

  • DirectAccess also uses IPsec to authenticate the computer and user, encrypt the data crossing over the Internet

  • Can even be used to require employees to authenticate with a smart card


DirectAccess Requirements

  • Active Directory

  • PKI Certificates

  • IPv6

  • Server 2008 R2

  • Windows 7

Or you can use

ForeFront USG


What’s new with BitLocker?

  • Windows Vista users have to repartition their hard drive to create the required hidden boot partition

    • Windows 7 & Server 2008 R2 creates that partition automatically when BitLocker is enabled

  • Windows 7 & Server 2008 R2 extends the Data Recovery Agent (DRA) to include all encrypted volumes

    • As a result, only one encryption key is needed on any BitLocker-encrypted Windows machine


What replaces software restriction polices?

  • AppLocker technology that allows administrators to control the software that runs on Windows 7 & Server 2008 R2 machines

  • This ensures that only authorized scripts, installers, and dynamic load libraries are accessed

  • It can also be used to keep unlicensed software off machines


What’s new in Biometrics?

  • A Biometric Devices Control Panel

  • Device Manager support for managing drivers for biometric devices

  • Credential provider support (UAC elevation)

  • Group Policy settings to enable, disable, or limit the use of biometric data for a local computer or domain

  • Biometric device driver software available from Windows Update


What’s new in Smart Card support?

  • Windows 7 & Server 2008 R2 extends the smart card support offered in Windows Vista by automatically installing the drivers required to support smart cards and smart card readers, without administrative permission

  • Smart Card device driver software available from Windows Update


What's new in Backup?

  • Ability to back up/exclude individual files and to include/exclude file types and paths from a volume

  • Improved performance and use of incremental backups

  • Expanded options for backup storage

  • Improved options and performance for system state backups and recoveries

  • Expanded command-line support

  • Expanded Windows PowerShell support


What’s BranchCache?

  • Microsoft recommends that users run Windows 7 clients in conjunction with Windows 2008 R2 servers in order to get the benefit of BranchCache, a caching application that makes networked applications faster and more responsive


What’s BranchCache?


What's New in Failover Clusters?

  • Improvements to the validation process for a new or existing cluster

  • Improvements in functionality for clustered virtual machines (which run with the Hyper-V feature)

  • The addition of a Windows PowerShell interface

  • Additional options for migrating settings from one cluster to another (Live Migration & Quick Migration)


What's New in Microsoft iSCSIInitiator?

  • User interface enhancement and redesign

  • iSCSI digest offload support

    • better CPU utilization

  • iSCSI boot support for up to 32 paths at boot time

    • Redundancy needed to protect against network component failures or outages


What’s New with DNS?

  • DNS Security Extensions (DNSSEC)

  • DNS Devolution

  • DNS Cache Locking

  • DNS Socket Pool


DNSSEC

  • Supports Domain Name System Security Extensions (DNSSEC), newly established protocols that give organizations greater confidence that DNS records are not being spoofed


DNS Devolution

  • Helps clients in child domains resolve host names when they are not sure what domain the host is in

  • This can be set to specific levels of resolution (Domain Child/Parent Levels)

  • For example:

An application attempting to query the host name emailsrv7 will attempt to resolve emailsrv7.central.contoso.com and emailsrv7.contoso.com


DNS Cache Locking

  • Cache locking is a new security feature available with Windows Server® 2008 R2 that allows you to control whether or not information in the DNS cache can be overwritten.


DNS Socket Pool

  • The socket pool enables a DNS server to use source port randomization when issuing DNS queries

  • This provides enhanced security against cache poisoning attacks


What's New in Remote Desktop Services?

Server 2008 R2 with SP 1

  • Microsoft RemoteFX has been added to Remote Desktop Services

    • 3D adapter

    • USB redirection

  • Intelligent capture and compression that adapts for the best user experience

  • All Remote Desktop Services role services have been renamed


What’s new in performance and reliability monitoring?


What’s new in Event Auditing?

  • Enhancements to event auditing

  • Regulatory and business requirements are easier to fulfill through management of audit configurations, monitoring of changes made by specific people or groups, and more-granular reporting.

  • For example, Windows 7 reports why someone was granted or denied access to specific information.


What’s new in Server Core?

  • Additional Server Roles Available

    • The Active Directory® Certificate Services (AD CS) role

    • The File Server Resource Manager component of the File Services role

    • A subset of ASP.NET in the Web Server role


What’s new in Server Core?

  • Additional Features

    • Support for .NET framework

    • Windows PowerShell

    • Windows-on-Windows 64-bit (WoW64)

  • Removed

    • The removable storage feature

  • New support

    • Remote configuration with Server Manager


What’s New in Active Directory?

  • Active Directory Recycle Bin

  • Changes to Group Policies

  • WindowsPowerShell cmdlets

  • AD Administrative Center

  • AD Best Practices Analyzer

  • Offline domain join

  • Managed Service Accounts

  • Management Pack


What’s new in Group Policies?

  • Extended Windows 7 & Server 2008 R2 polices

  • Windows PowerShell Cmdlets for Group Policy

  • Additional Group Policy Preferences

  • Improved Starter Group Policy Objects

  • Improved UI Admin Template Functionality


AD Recycle Bin

  • Information technology (IT) professionals can use Active Directory Recycle Bin to undo an accidental deletion of an Active Directory object.

  • Accidental object deletion causes business downtime.

  • This is the number one cause of Active Directory recovery scenarios.

  • Active Directory Recycle Bin works for both AD DS and Active Directory Lightweight Directory Services (AD LDS) objects.

  • This feature is enabled in AD DS at the Windows Server 2008 R2 forest functional level.


AD Recycle Bin

180 Days

180 Days


Your slides here

http://www.microsoft.com/windowsserver2008/en/us/whats-new.aspx


Donald E. Hester

CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+

Director, Maze & Associates

University of San Francisco / San Diego City College / Los Positas College

www.LearnSecurity.org

http://www.linkedin.com/in/donaldehester

http://www.facebook.com/group.php?gid=245570977486

Email:

[email protected]


Evaluation Survey Link

Help us improve our seminars by filing out a short online evaluation survey at:

http://www.surveymonkey.com/s/IT-WindowsServer


Thanks for attending

For upcoming events and links to recently archived seminars, check the @ONE Web site at:

http://onefortraining.org/

IT series – What’s New in Windows Server 2008 R2


  • Login