Windows Server 2008 R2: Security Changes and Additions Part I

R2 makes security changes to Windows Server Roles

With the release of Windows Server 2008 R2 there have been some major overhauls such as: Remote Desktop Services and File Classification Infrastructure to mention a few, some of the lesser known but yet no less important changes have come from additions or changes to security. R2 has had a number of security changes from an already secured Windows Server 2008. One area that has seen improvements to security are the Server Roles. The changes in security in R2 include the following: Active Directory Certificate Services Certificate Enrollment Web Service enables certificate enrollment over HTTP, R2 also adds the ‘Renewal on Behalf of feature’, making certificate enrollment easier to use. DNS Domain Name System Security Extensions (DNSSEC) allows you to sign and host DNSSEC-signed zones for added security to the DNS role. A long awaited feature to securing DNS DNSSEC will make both the host and client more secure. Network Access Protection This role service can now be viewed from the System and Security item within the Control Panel. NAP is easier to access and mange. Placement in the System and Security item makes better sense as well. Distributed File System (DFS) Read-only domain controllers have read-only SYSVOL folders to prevent alteration of files in the folder. Read-only replicated folders will be added to prevent file additions or changes. Use DFS Management snap-in to enable access-based enumeration to a Namespace. DFS has been locked down thanks to these features and enumerating DFS namespaces becomes easier. Active Directory Domain Services Authentication mechanism assurance will be added to control access to resources, based on whether the user logs on using certificate-based logon and the type of certificate used. Thanks to this security upgrade Active Directory keeps getting better and better. Web Server (IIS) Request filtering will be added to allow you to restrict types of HTTP requests that IIS will process. This is a welcome addition to locking down your IIS Servers. Networking Direct Access will provide remote, Internet-connected users with access to network resources, without using gateway technologies such as Terminal Services or VPNs. Finally, an easier way to securely access network resources this is one of the best new additions to R2 by far. Windows Server has provided some other pretty cool security updates in other areas as well stay tuned tomorrow for more on the security changes in Windows Server 2008 R2.

Recent Posts Windows Mobile 6.5 leaves me un-impressed Exchange Server 2010 tools: Do not forget these tools in your Beta Tests 7 tools for Windows 7 rollouts ESF Database Migration Toolkit: From SQL to ORACLE without any fuss Slide Rocket: Create, Collaborate and share your slideshows in the cloud Remote Desktop Services: Some help to keep you from feeling 'Terminal'-ly lost ExRCA: Test your Exchange Server 2007 remote connectivity The iland Workforce Cloud: Go ahead keep your head and desktop in the cloud
Windows 7 Windows 7 Unveiled Will Windows 7 upgrade strategy keep XP users away…NO! Fun with Windows 7 Why Windows 7 will crush Linux Why XP users will switch to Windows 7 Why IT will adopt Windows 7
See my lists of great tools 12 killer freebie SharePoint add-ons Five great Windows open source tools 8 little-known technologies that instantly make Microsoft shops run smoother 9 wickedly useful Web sites for Windows administrators 12 cool cross-platform tools for Windows, Macs and Linux 20 great Windows open source projects you should get to know A Better Windows World Tools Library
Like this and want more? Check out the other tools I've written about in A Better Windows World. the Microsoft Subnet home page for more bloggers, news, humor, security alerts and more.

Plus, check out

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT