With the release of Windows 7 Client Microsoft is also accompanying it with an upgrade to Windows Server 2008 adding the ‘Release 2’ moniker which in my opinion adds some major improvements that make the cohesive experiences between both platforms beneficial to both Administrators and business users on the go. Don’t be concerned though, Windows 7 works just fine in existing Windows Server 2008 and 2003 environments, but if you want to take advantage of the synergies, deploying both Windows 7 and Windows Server 2008 R2 can definitely be worth your while. Honestly, I don’t know why Microsoft didn’t bother to call this upgrade Windows Server 2010 because of the numerous improvements Administrators and business users can expect. One of the significant changes Windows Server 2008 introduces with the R2 release is to focus on an all 64 bit strategy. Microsoft has committed to their promise of making Windows Server 2008 released back in February 2008 the last 32 bit release of Microsoft’s flagship NOS. With the plethora of 64 bit capable systems out there today and those that have been on the market for the past few years, I don’t see anything to complain or worry about. This does not mean the end of 32 bit applications either; we will continue to see those thrive on 64 bit operating systems for years to come. AMD which introduced the x86-x64 architecture with the debut of the AMD 64 back in fall 2003 developed an innovative method of emulating the x86 layer at full speed, while maintaining full compatibility with 32 bit apps and presenting opportunities to address larger amounts of memory beyond 4 GBs. Since then, 64 bit processors have become wide-spread with Intel introducing the extensions to their brand of processors back in 2005.
Windows Server 2008 R2 comes in a variety of editions, choosing which edition depends on your environment and workloads. I previously mentioned that Windows Server 2008 R2 is the first 64 bit only release. Microsoft provides R2 in two distinct 64 bit architectures, the popular x86-x64 platform and the Intel Itanium architecture which is used for high-end work loads such as Data Warehousing, Online Transaction Processing, high performance computing and management of large scale virtualization deployments.
With this upgrade to Windows Server, Microsoft is also introducing a new member to the Windows Server family: Windows Server 2008 R2 Foundation Edition, there are distinction limitations and features in this new sibling targeted mainly at Small Business environments:
Just like Windows Server 2008, installing R2 remains an uneventful experience, if you have installed Windows 7 before, you have installed Server 2008 R2. Microsoft has changed how you configure the initial phases of the Server when it’s in workgroup mode. A lot of the wizard based portions that were common in Windows Server 2003 OOBE are scrapped and integrated into Roles based feature and by default you are setup as the Administrator which is typical and required to install and configure additional features. Desktop features which were once available in Server 2003 such as Windows Media Player are now designated to a specific role under Initial Configuration Task called Add Features, if you decide to enable them, although I don’t know why you would want things like Media Player 12 or Aero Glass on a Server.
Server 2008 R2 shares a familiar Windows 7 look with similar explorer’s only that by default, the Windows Classic theme is used. Standard among the client and server is the welcome screen, which utilizes a different approach to logging on (DOMAIN\Username), the only thing you need to type in is your password. Of course for persons using Vista to log on to a Domain, the DOMAIN\Username must be specified manually, the old Domain list field is nowhere in this release. Administrators will notice the new Taskbar which is not as aesthetically pleasing when Aero is enabled, but there are some significant benefits such as quicker access to tools through Jumplist, ability to rearrange buttons and organization of multiple windows for a program.
The Domain Service itself supports the improved R2 functional level, the key benefits being you are able to take advantage of improvements in performance and management of your Domains. For instance, the new Active Directory Recycle Bin supports undoing deletion of AD objects. After enabling AD Recycle Bin, link value and non-linked attributes of a deleted object are safeguarded, giving you piece of mind to restore the object as it was before it was deleted removing the need for authoritative restoration. When enabled, User accounts setup with a password through Kerberos on a Domain can be better managed with isolated privileges. Since we are on the subject of accounts, Server R2 introduces two new types of accounts: Managed Service and Virtual Accounts.
Virtual account – available locally for services supporting access to the network from a computer within the Domain.
Service account – designed for services that need the highest of reliability in case of problems that arise, it is managed by the OS and Service Principle Names.
Managed service accounts allow you to create a real account stored within the OU in Active Directory. You can then set it up on the local server and apply it to the local user you can the setup the local service to use it. Virtual Service Accounts on the other hand are configured as a local service to gain access to the network based on the computers identity within the Domain. Since the actual identity exist it is not necessary to create the actual account.
Active Directory Administration Center is a new feature of AD for managing task and activities such as creation of groups, OU’s, connecting one or more domains, performing searches across the Active Directory. Utilizing both PowerShell and the .NET Framework 3.51 as a basis for administering tasks, Active Directory Admin Center relies on both components installed and configured. Significant enhancements have been added to Microsoft’s directory service which stores information about objects on a network and makes this information available to users and network administrators. Certificate Services for instance is much easier to deploy technologies such as Public Key Infrastructure and Network Access Protection. If your Administrator has enabled support for NAP, when you connect your PC, it is checked to see if it is in compliance with standards implemented by the Administrator, such as software, settings and updated Antivirus. If everything is not updated, your access to the network can be limited until all those outstanding issues are resolved.
Authentication Mechanism Assurances makes the procedures involved in allowing access to resources within a Domain much easier for an Administrator if a certificate is used to authenticate. You can provision which groups use different methods to log on, either by Smart Card for instance or certificate based. There is support over HTTP for enabling enrollment of services such as Certificate Enrollment Web and Certificate Enrollment Policy services. This enhances performance for Certification Authority in multiple forest setups. ADAC also utilizes the benefits of Active Directory Web Services. Administrators must make sure that a minimum of one DC in an AD Domain have ADWS setup and essential services configured to take advantage.
One of the caveats of managing the Virtual and Service accounts is you will have to do it through Windows Powershell 2.0 through using the Active Directory component. Digging into Microsoft’s next generation command line shell, Administrators can expect it by default in Windows Server installations. Depending on how your Windows Server R2 installation is deployed you will be able to access a graphical console or a command line interface if you are using Server Core. PowerShell works similarly to the Command Prompt and the same commands will continue to work from CMD. Some of the things you can do include:
PowerShell Remoting – Windows PowerShell uses the standard management protocol WS Management (WS-MAN) to invoke Cmdlets on client PCs. It supports two types of remoting: fan-out remoting which provides one-to-many remoting capability so you can run management scripts across multiple PC’s from a single console, and one-to-one interactive remoting, for remotely troubleshooting a specific computer.
PowerShell Restricted Shell – You can use the PowerShell Restricted Shell to create a custom shell in which only certain commands and command parameters arevailable to system administrators. You cal also set access permissions or active control lists (ACLs) on custom scriptios, so that administrators can access only scripts which they have been granted rights.
There have been many great improvements in Windows Server 2008 R2 to improve print management, administration, and reliability. The Print Management Console (PMC), which is designed to make managing multiple print servers very efficient, has been improved with new filter capabilities to enable more customized views and queries. Regardless of the amount of printers and print drivers that are deployed, PMC allows the administrator to easily manage everything at once.
Additionally, PMC exposes various new features in Server 2008R2, including the ability to modify Driver Isolation settings on the print server for specific drivers. Driver Isolation allows print drivers to run in a separate process from the rest of the print system. This allows for a much more stable and reliable print experience as driver crashes no longer take down the entire print sever. As the majority of print server reliability issues are related to problematic print drivers, this feature greatly improves system reliability and up-time.
The Delegated Print Administrator functionality which was added in Server 2008R2 allows for a non system administrators to be delegated permissions so that they can perform most print admin tasks. This makes it possible to designate a specific user to become a “Delegated Print Administrator” without having the security issues of making them a full system administrator.
Server 2008 R2 introduces support for DNSSEC (Domain Name System Security Extensions). The benefit of it is you can let your DNS servers safely approve zones in addition to hosting DNSSEC authorized zones. Because the DNS Client in both Windows Server 2008 R2 and Windows 7 can send queries that show approval for DNSSEC, process related records can be indicated whether records on the DNS Server are validated. First introduced in Windows Vista with a focus on centralized management of your Networking Experiencing in Windows Server 2008 R2 continues to build on Network and Sharing with an innovative approach to how Networks are accessed and identified. There are three types of Network classes in Windows Server 2008 R2 and Windows 7: Public, Work and Domain. These profiles are setup to retain information about your network is configured and how you connect them using the Network discovery, sharing and firewall settings for each network class. Basically, you can have multiple networks with different settings applied to each. The Windows Firewall controls how information is inbound and outbound rules for these network profiles. Windows Server 2008 R2 in particular is savvier by supporting multiple active firewall profiles when connected to a particular network.
A new feature is Core Parking which manages the power consumption multi-core processors based on the types of work load. Server 2008 R2 adds support for Advanced Configuration and Power Interface standard (version 4.0). Server 2008 R2 uses a balanced power plan which utilizes the new ACPI standard which makes it easier to determine the minimum and maximum limits for the state of a processor core. Cores that are not needed for a particular workload are set to idle while those being partially used are throttled.
Hyper-V – first released as an add on for Windows Server 2008 180 days after its release, Hyper-V is now a part of the Windows Server 2008 R2 release. Improvements include live migration, dynamic virtual machine storage and enhancements to processor and networking support.
Group Policy – PC’s that are not connected to the network can be limited to which applications can be accessed, removable storage devices to be encrypted and audit user activity more granularly. In Windows 7, the Group Policy Management Console has been extended to include 25 PowerShell Cmdlets that allow for better integration with Group Policy features and functions. You can open up the ‘black box’ of Group Policy and automate configuration of any registry key with a combination of simple and powerful cmdlets. Command Line support allows you seamlessly create, configure, link and even backup Group Policy objects quickly.
Windows 7 adds improvements to its Drive Encryption Technology (BitLocker) providing better offline data protection. Enhanced by the use of the Trusted Platform Module (TPM), a new feature based on BitLocker technology called ‘BitLocker To Go’ allows drive encryption to be extended to portable storage devices such as Thumb-drives or External USB hard disk with support for file systems such as FAT, FAT32 and exFAT in addition to NTFS for improved compatibility. This allows for better management in cases such as applying restrictions on how these devices are accessed and used. Although BitLocker is still limited to the Ultimate and Enterprise editions of Windows 7, once BitLocker to Go is enabled the device can still be used on any edition of Windows 7 in addition to Windows XP. BitLocker is also easier to install and configure, simply right-click a drive in Computer Explorer and click the ‘Turn on BitLocker’ option on the contextual menu. I noticed though that large devices 2 GBs or more can take a long time to encrypt, so I suggest you don’t do it on a whim. Other improvements include no need for manual portioning or use of third party tools. Windows 7 also creates a hidden partition for BitLocker instead of a new one like Vista. Enterprises can also benefit from the Data Recovery Agent support for all protected disk volumes which allows Enterprises to store recovery data in Active Directory and recover volume data if required.
Making your operating system communicate with you can be a daunting task. Its something researchers have been working on for many decades now. Microsoft with Windows 7 might have just found a solution. The way Windows has communicated a problem for many releases has varied over the years. We are all aware of the blue memory dump screen affectionately called the blue screen of death or random dialogs featuring stop sign or exclamation triangle with some unintelligible text. Windows has evolved over the years by making the experience more friendly and human, with Windows XP some problems or items that needed attention were moved to tool tip balloons in the Notification Area. Users complained they were annoying and a bit too intrusive at times. Vista focused on centralizing messages the system gave out through the Problem Reports and Solutions Control Panel item. This was a respectable effort that made finding and managing the problems associated with a variety of aspects of your system (hardware, software) less daunting, there still existed the problem of tool tip notifications and scattered experiences across a variety of activities associated with Windows.
Enter Action Center, a new Control Panel item in Windows 7 that integrates Problem Reports and Solutions, Security Center, Windows Update, Windows Defender, Network Access Protection, Backup and Restore, Recovery, User Account Control consolidating numerous notifications into one centralized environment for maintaining and keeping your PC secure and running smoothly. Lets learn a bit more about these tools:
Action Center shell features a clean well organized layout categorized into two main areas Security and Maintenance and additional quick links to Troubleshooting, Recovery and other available options under the Control Panel Task Pane.
The Security Area of Action Center provides vital information about your security status, with colored notifications that indicate the severity of a problem. As you can see, my current status is red along with a summary noting that my Antivirus program is out of date. With one click I can immediately update my Antivirus right there to resolve that problem.
Red indicates that there is a security threat or potential for loss of data if the problem is not corrected.
Yellow indicate that you should attempt to fix the problem but there is no risk to your computer if you don't.
If I need additional information, simply click the chevron button, this will reveal information regarding areas of the system such as Network Firewall, Windows Update, Internet Security settings, User Account Control and Network Access Protection. The key aspect here is the centralized summary of the systems health which makes it easier to manage and maintain. For consumers and business users, User Account Control and Network Access Protection provide greater ease of use when working with your computer and simplifies the security experience for users who connect to a business Network.
User Account Control notifications can be better controlled when it comes to notifying you about changes to your system. If you had upgraded to Windows Vista, you will remember the numerous User Account Control dialogs you had to contend with, whether its accessing an area of the system, installing a program or doing some random task.
Windows 7 provides a more passive experience with UAC, you will still see a few, but it’s not triggered for every action taken. UAC also gives the user more information about why it does what it does. For instance, an application is shown which part of the system it needs to access or need to write to. UAC is still annoying, but it’s not in your face. The enhanced settings provide users the option of controlling how they are notified of potential changes to the system. Similar to Internet Explorers ‘Security level for this zone’ setting, users have a choice between Never and Always Notify.
This area of Action Center deals with Problem Reports/error messages that the system has encountered. If you have not submitted them yet, you can click the Check for Solutions link that might be available to resolve the problem. Backup is also featured here and notifies you about out of date backups or files that need to be backed up. When you click the Chevron button, it reveals additional details such as whether you need to check for updates or if an action is required for a particular problem you might be experiencing.
Problem Reports and Solutions which was introduced with the release of Windows Vista is now a part of the Action Center shell. Whenever your computer encounters errors software or hardware related, Problem Report keeps a log of all these problems. If you click the 'View problems to report' link under Maintenance you might see a backlog of problems that you can check for possible solutions.
Problems are organized into categories that allows you to easily associate an issue with a particular area of the system. As you can see in the above screenshot, I have multiple issues related to my Antivirus program, Network, third party application installer and the Windows Explorer shell. You have the option to pick and choose how you want to report problems. If you want to check for solutions to all problems, just check the 'Select All' box, if you consider some problems to not be detrimental you can check for solutions on a case by case basis. Other factors can include your Internet Connection, because a lot of diagnostics data is sent to assist with the resolution of the problem, it can take some time to send the information.
This probably is the highlight of Action Center in Windows 7, the subtle notification experience and quick access to items that need attention. Situated in the Notification area of the Taskbar is the Action Center Flag, if you hover your mouse pointer over the icon, you will see a tool tip revealing the amount of pending messages that need attention. When clicked it reveals additional details and you can click an individual message to resolve the issue right away or just open the Action Center to review all messages.
Another thing I like about Action Center it is very customizable, you are not restricted to doing what the program says. If you click on the Action Center settings link under Control Panel Home, you will see the option to fine tune what types of items you would like to receive reports and messages about or what type of information you would like Windows 7 to diagnose and send to resolve.
If you have not checked out Action Center, now is the time to do so. The centralized experience makes it seamless for managing and maintaining the health of your PC. The simplified convenience of the interface, ability to customize and mitigate issues quickly makes this addition to Windows, a definite winner!
Windows Server 2008 R2 sounds like a spectacular upgrade, but you will realize significant benefits when it is deployed with Windows 7 Microsoft’s latest client operating system on the desktop.
AppLocker uses a rule based setup for specifying which applications can run, so you get the flexibility you need in determining which users can run which applications, scripts and installation of programs. AppLocker also introduces publisher rules that are based on application’s digital signature, which makes it possible to build rules that survive application updates. For example, you could create a rule to “allow all versions greater than 3.0 of the program Mozilla Firefox to run if its signed by the software publisher Mozilla. This allows for better confidence in your deployments without having to build another rule for a new version of the Firefox.
DirectAccess simplifies management of remote PC’s. There is no need to wait for users to return to the office to or connect to VPNs to update PCs. Instead, you can keep remote computers updated with required policies or updates anytime the computers connect the Internet – even if they aren’t logged on to the network.
BranchCache – With the release of Windows XP, Microsoft introduced Background Intelligent Transfer Service and Distributed File System Replication service with Windows Server 2008 to mitigate issues with network latency and bandwidth for PC’s in branch offices. BranchCache in Windows Server 2008 R2 and Windows 7 takes it to the next level by simulating the experiences of having access to the same resources at the headquarters. This is done by caching content from remote file servers in the branch location, users will then be able to access these resources much faster.
Enterprise Search Scopes – Searching your intranet is much easier. With Search Scopes, you can deploy up to give pre-defined links through Group Policy on worker PC’s to direct them to the right data sources and help them more easily find what they need. Enterprise search scopes appear on the Start menu and at the bottom of search results in Windows Explorer in the Search Again In section of the box.
VHD Boot utilizes virtualization technologies to ease the transition between physical and virtual environments. With VHD Boot, enterprises can reuse the same master image both within a virtual desktop infrastructure and on physical PC’s.
Windows Server 2008 R2 is a major release and just as consumers are in love with Windows 7, folks in the IT World should feel just the same about Microsoft’s latest NOS. Obviously I have only touched the tip of the ice berg here, I have not even looked at some of the renamed Terminal Services roles such as Remote Desktop Services which includes significant enhancements for how users access session based desktops, virtual machine based desktop and applications hosted by remote servers. Overall, I think the Windows Server Team has done a fantastic job by continually innovating with each release. Windows Server 2008 was not as synergistic with Vista as 2008 R2/Windows 7 are. Any organization that is planning to move to Windows 7 seriously needs to consider Windows Server 2008 R2 in that equation. The core focus on simplified management, efficiency and flexibility will ensure that your IT infrastructure runs like a well oiled machine from the backend to the desktop.
Reference: Windows Server 2008 Review