Daniel van Soest

1

• Daniel van Soest
• IT Pro Evangelist
• danielvs_at_microsoft.com

2
Agenda

• More Control
• Server Management
• Server Core
• WS Management
• Increased Protection
• Operating System Hardening
• Network Access Protection (NAP)
• Branch Office Deployments

3
Managing Longhorn Server
Server Management
Initial Configuration
Product Installation
4
Server Core Architecture
Server, Server Roles

• Minimal installation option
• Low surface area
• Limited set of server roles
• Command line interface

TS
IAS
WebServer
SharePoint
Etc
Server With WinFx, Shell, Tools, etc.
Server Core Server Roles
DNS
DHCP
File
Print
WVS
AD
Server Core Security, TCP/IP, File Systems,
RPC,plus other Core Server Sub-Systems
GUI, CLR, Shell, IE, Media, OE, etc.
5
WS-Management

• Web Services for Management
• Industry-standard DMTF protocol for remote
  management
• Firewall Friendly Remote Access Protocol
  (Replaces DCOM)
• HTTP HTTPS
• WinRM and WinRS

6
demo
Windows Server Management Windows Server Core
7
Multiple layers of protection
Kernel Drivers
User-mode Drivers
Service 1
Service
Service 2
Service
Service A
Service 3
Service B
8
BitLocker Drive Encryption

• Protect servers and laptops
• Protects data while system is offline
• Ensures boot integrity
• Group Policy configurable

9
Bitlocker Views?
10
Network Access Protection
3
1
2
Not policy compliant
4
Windows Client
Policy compliant
5
11
Branch Office Benefits
Main Office
Branch Office

• BitLocker
• Server Core
• Read-Only Domain Controller
• Role Separation
• PowerShell, WinRS, WinRM
• Virtualization
• Restartable Active Directory

12
How RODC Works
Read Only DC
Windows Server 2008 DC
3
4
2
Branch
Hub
RODC
5
6
1
6
RODC Looks in DB "I don't have the users
secrets"
Forwards Request to Windows Server 2008 DC
Windows Server 2008 DC authenticates request
Returns authentication response and TGT back to
the RODC
RODC gives TGT to User and RODC will cache
credentials
1
2
3
4
5
6
User logs on and authenticates
13
Hackers vs Administrators
14
danielvs_at_microsoft.com