Contents Chapter 1 : Installation Chapter 2 : Administration Chapter 3 : Users Chapter 4: Groups Chapter 5 : Computers Chapter 6: Group Policy Infrastructure Chapter 7 : Group Policy Settings Chapter 8 : Authentication Chapter 9 : Integrating Domain Name System with AD DS Chapter 10: Domain Controllers Chapter 1 1: Sites and Replication Chapter 1 2: Domains and Forests

Technical Overview

Windows Server 2k8 Versions

SecurityWebVirtualization Solid Foundation for Your Business Workloads Windows Server 2008 pillars Reduces costs, increases hardware utilization, optimizes your infrastructure, and improves server availability Delivers rich web- based experiences efficiently and effectively Provides highest levels of protection for your network, your data, and your business Most flexible and robust Windows Server operating system to date Provides the most versatile and reliable Windows platform for all of your workload and application requirements

Management Reliability Solid Foundation Windows Server Manager PowerShell Windows Deployment Services Server Core Next Generation Networking High Availability Clustering Most Flexible and Robust Windows Server Operating System to Date

TechNet ScriptCenter Exchange Server 2007 Terminal Server WMI, Registry, Hardware, etc. Community-Submitted scripts MyITForum.com Windows PowerShell New Command-line shell & Scripting Language Futures Improves productivity & control Accelerates automation of system admin Easy-to-use Works with existing scripts Will ship in Windows Admin GUIs layered over PowerShell One-to-many remote management using WS-MGMT Solid Foundation

7

Server Manager Product Installation Initial Configuration Managing Windows Server 2008 Solid Foundation

Windows Server Core Only a subset of the executable files and DLLs installed No GUI interface &.NET managed code installed Less disk space and management required Can be managed with remote tools (MMC, RDP) Solid Foundation

8

Complete Redesign of TCP/IP Inspection API WSK WSK Clients TDI Clients NDIS AFD TDX TDI Winsock User Mode Kernel Mode Dual-IP layer architecture for native IPv4 and IPv6 support Improved Network Performance Troubleshooting Improved performance via hardware acceleration and auto-tuning Greater extensibility and reliability through rich Windows Filtering Platform APIs Completely manageable through Group Policy Next Generation TCP/IP Stack (tcpip.sys) IPv WLAN Loop- back IPv4 Tunnel IPv6 Tunnel IPv6 RAW UDP TCP Solid Foundation

Windows Firewall w/ Advanced Security Combined firewall and IPsec management

8

Failover Clustering Heartbeat New Validation Wizard for server, storage & network testing Support for GUID partition table (GPT) disks in cluster storage Improved cluster setup interface Quorum resource: no longer single-point-of-failure IPv6 support Geographically dispersed clusters: accross subnets, no VLAN needed Active Node Passive Node Solid Foundation

Windows Deployment Services Rapidly deploy Windows operating systems Updated and redesigned version of Remote Installation Services (RIS) Server components Client components: WinPE Management components Windows Vista Windows Server 2008 Solid Foundation

Reliability and Performance Monitor Combines functionality of previous stand-alone tools Tracks system changes Provides new functionality Solid Foundation

Deliver Rich Web-based Experiences Efficiently and Effectively Internet Information Services 7.0 Windows SharePoint Services Web Windows Media Services

Web IIS 7.0: a robust Web & Application Server Enhanced security and reduced attack surface Administration: UI & APPCMD & shared configuration Delegation & true application XCOPY deployment Highly customizable Advanced troubleshooting Windows Communication Foundation (WFC) Windows Activation Service Windows Communication Foundation (WFC) Windows Activation Service

13

Optimize Your Infrastructure and Improve Server Availability Terminal Services RemoteApp Terminal Services Gateway Windows Server Virtualization Virtualization

Virtualization Technologies Windows Server Virtualization Server Virtualization Presentation Virtualization Application Virtualization Desktop Virtualization Management Virtualization

Windows Server Virtualization Greater Scalability and improved performance x64 bit host and guest support SMP support Increased reliability and security Minimal Trusted Code base Windows running a foundation role Better flexibility and manageability New UI/Integration with SCVMM VM 1 “Parent” VM 2 “Child” VM 3 “Child” HardwareHardware Windows Server 2003 Virtual Server 2005 R2 VM 2 VM 3 Virtualization

Application Virtualization Application Isolation Dynamic Streaming System Center Integration Software as a Centrally- managed Service Available through… Virtualization

Virtualization Investments ManagementInfrastructureApplicationsInteroperabilityLicensing Create agility Better utilize server resources Partner with AMD and Intel Ease consolidation onto virtual infrastructure Better utilize management resources Support heterogeneity across the datacenter OSP (Open Specification Promise) VHD Accelerate deployment Reduce the cost of supporting applications Deliver cost-effective, flexible and simplified licensing Royalty Free VHD format A Multi-level Approach Terminal Services Virtualization

Terminal Services Gateway Internet Perimeter Network Corporate Network Remote/ Mobile User Terminal Services Gateway Network Policy Server Active Directory DC Tunnels RDP over HTTPs Strips off RDP / HTTPs Terminal Servers and other RDP Hosts RDP traffic passed to TS Internet Virtualization

Terminal Services RemoteApp Terminal Services Gateway Server Remote Desktop client required Virtualization

6

Hardens Operating System and Increases Environment Protection Read-Only Domain Controller Network Access Protection Federated Rights Management Security

11 Remediation Servers Example: Patch Using Network Access Protection Restricted Network 11 Windows Client DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) Network Policy Server (NPS) validates against IT- defined health policy 44 If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) Not policy compliant 55 If policy compliant, client is granted full access to corporate network Policy compliant NPS DHCP, VPN Switch/Router 44 Policy Servers such as: Patch, AV Corporate Network 55 Client requests access to network and presents current health state Security

5+9

Auto-Remediation

Active Directory Federation Services Web Server Account Federation Server Resource Federation Server Company B Company A Federation Trust Security AD FS provides an identity access solution Deploy federation servers in multiple organizations to facilitate business-to- business (B2B) transactions AD FS provides a Web- based, SSO solution

Federated Identity support in AD Rights Management Services Account Federation Server Resource Federation Server Company B Company A Federation Trust Web SSO Security Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities

Read-Only Domain Controller Head Quarter Branch Office Features Read Only Active Directory Database Only allowed user passwords are stored on RODC Unidirectional Replication Role Separation Benefits Increases security for remote Domain Controllers where physical security cannot be guaranteed RODC Security

Branch Head Quarter Read Only DC How RODC Works Windows Server 2008 DC User logs on and authenticates RODC: Looks in DB: "I don't have the users secrets" Forwards Request to Windows Server 2008 DC Windows Server 2008 DC authenticates request Returns authentication response and TGT back to the RODC RODC gives TGT to User and RODC will cache credentials RODC Security

What if a DC is stolen?

Head Quarter Branch Office Branch Office Benefits Optimization DFS Replication Security BitLocker Full Volume Encryption Server Core Read-Only Domain Controller Administration SOAP-based remote management (WinRM) Restartable Active Directory Solid Foundation

PKI Support Security Built-in Certificate Service Usage Data Encryption Digital Signature Smart Card authentication

Windows Server 2008: A Robust Application Platform Application Platform.NET Framework 3.0 IIS 7.0 Windows Activation Service MSMQ 4.0

Windows Server 2008 Summary Security NAP Read-Only DC AD RMS AD Federation Svc PKI support BitLocker Virtualization Windows Virtualization TS Gateway TS RemoteApps Web Modular design Less attack surface Admin delegation APPCMD Win Activation Svc Tracing & Troubleshooting Solid Foundation for Your Business Workloads Windows PowerShell Server Core Server Manager Windows Firewall with Advanced Security & IPSec IPv6 Failover Clustering Reliability & Performance Monitor Windows Deployment Svc

More information

Thank You!