Windows Server Technologies
Dynamic Host Configuration Protocol (DHCP) is a client-server technology that allows DHCP servers to assign, or lease, IP addresses to computers and other devices that are enabled as DHCP clients.
When you deploy DHCP servers on your network, you can automatically provide client computers and other TCP/IPv4 and IPv6 based network devices with valid IP addresses. You can also provide the additional configuration parameters these clients and devices need, called , which allow them to connect to other network resources, such as DNS servers, WINS servers, and routers.
Domain Name System (DNS) is the name resolution protocol for TCP/IP networks, such as the Internet. Client computers query a DNS server to resolve memorable, alphanumeric DNS names to the IP addresses that computers use to communicate with each other.
Active Directory® Certificate Services (AD CS) in the Windows Server® 2008 operating system provides customization services for creating and managing public key certificates used in software security systems employing public key technologies. Organizations can use AD CS to enhance security by binding the identity of a person, device, or service to a corresponding private key. AD CS also includes features that allow you to manage certificate enrollment and revocation in a variety of salable environments.
Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. An Active Directory domain controller is a server that is running AD DS.
Active Directory® Federation Services (AD FS) is an identity access solution that provides browser-based clients (internal or external to your network) with seamless, "one prompt" access to one or more protected Internet-facing applications, even when the user accounts and applications are located in completely different networks or organizations.
Active Directory Rights Management Services (AD RMS) and the AD RMS client, you can augment an organization's security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved. You can use AD RMS to help prevent sensitive information—such as financial reports, product specifications, customer data, and confidential e-mail messages—from intentionally or accidentally getting into the wrong hands.
Application Server provides an integrated environment for deploying and running custom, server-based business applications that are built with the Microsoft .NET Framework 3.0. The Application Server role supports applications that use COM+, Message Queuing, Web services, and distributed transactions.
This collection contains information about File Services technologies in Windows Server® 2008 R2 and Windows Server 2008 such as what’s new and how to deploy and troubleshoot the technologies, and is intended for Information Technology Professionals (IT Pros). File Services provides technologies that help manage storage, enable file replication, manage shared folders, ensure fast file searching, and enable access for UNIX client computers.
Group Policy provides an infrastructure for centralized configuration management of the operating system and applications that run on the operating system.
Group Policy is an infrastructure used to deliver and apply one or more desired configurations or policy settings to a set of targeted users and computers within an Active Directory environment. This infrastructure consists of a Group Policy engine and multiple client-side extensions (CSEs) responsible for reading specific policy settings on target client computers.
Hyper-V in Windows Server 2008 and Windows Server 2008 R2 enables you to create a virtualized server computing environment. You can use a virtualized computing environment to improve the efficiency of your computing resources by utilizing more of your hardware resources. This is possible because you use Hyper-V to create and manage virtual machines and their resources. Each virtual machine is a virtualized computer system that operates in an isolated execution environment. This allows you to run multiple operating systems simultaneously on one physical computer.
The Network Policy and Access Services (NPAS) server role is a logical grouping of the following related network access technologies:
•Network Policy Server (NPS)
•Routing and Remote Access Service (RRAS)
•Health Registration Authority (HRA)
•Host Credential Authorization Protocol (HCAP)
Print Services role in Server Manager enables you to share printers on a network, as well as to centralize print server and network printer management tasks. It also enables you to migrate print servers and deploy printer connections using Group Policy.
In Windows Server 2008 R2, this role has been updated with a new feature called Distributed Scan Server. The new role, Print and Document Services, enables you to share printers and scanners on a network, set up print servers and scan servers, and centralize network print and scan management tasks. You can do these tasks using the Print Management and Scan Management Microsoft Management Console (MMC) snap-ins.
Remote Desktop Services:-
Remote Desktop Services in Windows Server® 2008 R2 provides technologies that enable users to access Windows-based programs that are installed on a Remote Desktop Session Host (RD Session Host) server, or to access the full Windows desktop. With Remote Desktop Services, users can access an RD Session Host server from within a corporate network or from the Internet.
Terminal Services server:-
The Terminal Services server role in Windows Server® 2008 provides technologies that enable users to access Windows-based programs that are installed on a terminal server, or to access the full Windows desktop. With Terminal Services, users can access a terminal server from within a corporate network or from the Internet.
Security and Protection:-
This collection contains detailed information about security technologies in Windows Server 2008 and Windows Server 2008 R2.
App Locker is a new feature in Windows 7 and Windows Server 2008 R2 that provides access control for applications.
Authorization Manager is a Microsoft Management Console (MMC) snap-in that can help provide effective control of access to resources.
•BitLocker Drive Encryption
Bit Locker allows you to encrypt all data stored on the Windows operating system volume and configured data volumes, and by using a Trusted Platform Module (TPM), it can also help ensure the integrity of early startup components.
•Encrypting File System
Encrypting File System (EFS) is a core encryption technology that enables you to encrypt files stored on NTFS volumes.
Kerberos is an authentication mechanism used to verify the identity of a user or host.
•Managed Service Accounts
Two new types of service accounts are available in Windows Server 2008 R2 and Windows 7—the managed service account and the virtual account. The managed service account is designed to provide crucial applications such as SQL Server and IIS with the isolation of their own domain accounts, while eliminating the need for an administrator to manually administer the service principal name (SPN) and credentials for these accounts. Virtual accounts in Windows Server 2008 R2 and Windows 7 are "managed local accounts" that can use a computer's credentials to access network resources.
Security auditing is one of the most powerful tools to help maintain the security of your system. Auditing should identify attacks, either successful or not, that pose a threat to your network, or attacks against resources that you have determined to be valuable in your risk assessment.
•Security Configuration Wizard
Security Configuration Wizard (SCW) is an attack-surface reduction tool that guides administrators in creating security policies based on the minimum functionality required for a server's role or roles.
•Server Security Policy Management
Security policy is the configurable set of rules that the operating system follows when determining the permissions to grant in response to a request for access to resources.
Smart cards are a tamper-resistant and portable way to provide security solutions for tasks such as client authentication, logging on to domains, code signing, and securing e-mail.
•User Account Control
User Account Control (UAC) is a security component that allows an administrator to enter credentials during a non-administrator's user session to perform occasional administrative tasks. UAC also can also require administrators to specifically approve administrative actions or applications before they are allowed to run.
The Windows operating system implements a default set of authentication protocols, including Negotiate, Kerberos, NTLM, Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Digest, as part of an extensible architecture. In addition, some protocols are combined into authentication packages. These protocols and packages enable authentication of users, computers, and services; the authentication process, in turn, enables authorized users and services to access resources in a secure manner.
Similar technologies are collected in this section and include Passwords, Password Reset Disk, Account Lockout Policy, System Key Utility, and Cached and Stored Credentials.
The Web Server (IIS) role includes Internet Information Services (IIS) 7, which is a unified Web platform that integrates IIS, ASP.NET, Windows Communication Foundation, and Windows SharePoint Services. IIS 7 lets you share information with users on the Internet, an intranet, or an extranet. Windows Server® 2008 delivers IIS 7.0, which is also included with some editions of Windows Vista®. Windows Server® 2008 R2 delivers IIS 7.5, which is also included in some editions of Windows® 7.
Windows Deployment Services:-
Windows Deployment Services, the updated and redesigned version of Remote Installation Services (RIS), enables you to remotely deploy Windows operating systems, particularly Windows Vista. You ca Windows Deployment Services to re-image computers using customized images.