Changes in Functionality from Windows Server 2003 with sp1 to Windows Server 2008


What existing functionality is changing?



Download 1.83 Mb.
Page31/35
Date26.04.2018
Size1.83 Mb.
#46827
1   ...   27   28   29   30   31   32   33   34   35

What existing functionality is changing?


Windows Server 2008 includes improvements to the GPMC, Group Policy service, events and logging, multiple local Group Policy objects, and more options for finding Administrative template policy settings.

Group Policy service


The Group Policy infrastructure is improved with complete isolation from Winlogon, delivering a new architecture for how Group Policy performs notification and processing.

Why is this change important?


The new Group Policy service provides better reliability for Windows and Group Policy, and includes these additional benefits:

 Microsoft can deliver new Group Policy files, which can be updated without requiring a restart of the operating system.

 The application of policy is more efficient because of the reduction of resources used for background processing.

 A performance increase and a reduction in memory usage are results of the new design. These changes eliminate the need to load Group Policy functionality in multiple services.


Events and logging


The Group Policy infrastructure has changed significantly in Windows Server 2008. Group Policy processing no longer exists within the Winlogon process but is hosted as its own service. Additionally, the Group Policy engine no longer relies on the trace logging found in userenv.dll.

Why is this change important?


Much of the troubleshooting for Group Policy in earlier versions of Windows relied on logging being enabled inside the component userenv.dll. This created a log file named userenv.log in the %WINDIR%\Debug\Usermode folder. This log file contained function trace statements with supporting data. In addition, profile load and unload functions shared this log file, making the log sometimes difficult to diagnose. This log file, used in conjunction with the Resultant Set of Policy Microsoft Management Console (RSoP MMC) was the primary way to diagnose and resolve Group Policy problems.

In Windows Server 2008, Group Policy is treated as its own component with a new Group Policy Service, a stand-alone service that runs under the Svchost process for the purpose of reading and applying Group Policy. The new service includes changes with event reporting. Group Policy event messages, previously appearing in the application log, now appear in the system log. The event viewer lists these new messages with an event source of Microsoft-Windows-GroupPolicy. The Group Policy Operational log replaces previous userenv logging. The operational event log provides improved event messages specific to Group Policy processing.


Multiple local Group Policy objects


Windows Server 2008 introduces greater flexibility in administering local Group Policy objects (LGPOs), providing the means to manage multiple LGPOs on a single computer. This increased flexibility eases managing environments that involve shared computing on a single computer, such as libraries or computer labs. In addition, in a workgroup each computer maintains its own policy settings. Multiple LGPOs may be assigned to local users or built-in groups. This feature will work with domain-based Group Policy or can be disabled through a Group Policy setting.

Why is this change important?


Multiple Local Group Policy gives you the flexibility to manage Group Policy based on built-in groups. For example, if you wanted to set up kiosk computers in a library, you could create tightly managed policy settings for built-in User groups and lightly managed policy settings for the built-in Administrator accounts. This approach allows patrons to use the Internet kiosk in a secure environment. Local administrators no longer have to explicitly disable or remove Group Policy settings that interfere with their ability to manage the workstation before performing administrative tasks. In addition, Windows Server 2008 administrators can turn off local Group Policy settings without having to explicitly enable domain-based Group Policy.

Finding specific Administrative template policy settings


Administrative templates are registry-based policy settings listed under the Administrative Templates node of both the Computer Configuration and User Configuration nodes when you edit a GPO in the GPMC. Windows Server 2008 provides a comprehensive list of Administrative template policy settings and new options for filtering and sorting the list of settings.

Why is this change important?


Windows Server 2008 provides many Administrative template policy settings. Filtering or sorting these settings can enable you to find a specific policy setting more quickly.

What works differently?


In Windows Server 2008, an All Settings node is displayed under the Administrative Templates node, providing a comprehensive list of all Administrative template policy settings, including both those in ADMX and ADM formats. You can sort this list alphabetically by setting name, state, comment, or path.

Additionally, you can filter the list of Administrative template settings using the options available when you right-click the All Settings node. When filtered, the list includes only policy settings in the ADMX format, and you can further restrict the list to include only policy settings:

 That have been configured (or that have not been configured).

 To which comments have been added (or to which comments have not been added).

 That include specified keywords in the setting title, Explain text, or comments.

 That are managed (or unmanaged).


Which policy settings are added or changed?


In Windows Server 2008, you can use Group Policy to centrally manage a greater number of features and component behaviors. The number of Group Policy settings has increased from approximately 1,700 in Windows Server 2003 with Service Pack 1 (SP1) to approximately 2,400 in Windows Server 2008.

This table summarizes new or expanded categories of Group Policy settings.



Group Policy Category

Description

Location of Group Policy Setting

Antivirus

Manages behavior for evaluating high-risk attachments.

User Configuration

   └ Administrative Templates

      └ Windows Components

         └ Attachment Manager



Background Intelligent Transfer Service (BITS)

Configures the BITS Neighbor Casting feature (new in Windows Vista and Windows Server 2008) to facilitate peer-to-peer file transfer within a domain.

Computer Configuration

   └ Administrative Templates

      └ Network

         └ Background Intelligent Transfer Service



Client Help

Determines where your users access Help systems that may include untrusted content. You can direct your users to Help or to local offline Help.

Computer Configuration

   └ Administrative Templates

      └ Online Assistance

User Configuration

   └ Administrative Templates

      └ Online Assistance



Deployed Printer Connections

Deploys a printer connection to a computer. This is useful when the computer is shared in a locked-down environment, such as a school or when a user roams to a different location and needs to have a printer connected automatically.

Computer Configuration

   └ Windows Settings

      └ Deployed Printers

User Configuration

   └ Windows Settings

      └ Deployed Printers



Device Installation

Allows or denies a device installation, based upon the device class or ID.

Computer Configuration

   └ Administrative Templates

      └ System

         └ Device Installation



Disk Failure Diagnostic

Controls the level of information displayed by the disk failure diagnostic.

Computer Configuration

   └ Administrative Templates

      └ System

         └ Troubleshooting and Diagnostics

            └ Disk Diagnostic


DVD Video Burning

Customizes the video disc authoring experience.

Computer Configuration

   └ Administrative Templates

      └ Windows Components

         └ Import Video

User Configuration

   └ Administrative Templates

      └ Windows Components

         └ Import Video



Enterprise Quality of Service (QoS)

Alleviates network congestion issues by enabling central management of Windows Server 2008 network traffic. Without requiring changes to applications, you can define flexible policies to prioritize the Differentiated Services Code Point (DSCP) marking and throttle rate.

Computer Configuration

   └ Windows Settings

      └ Policy-based QoS


Hybrid Hard Disk

Configures the hybrid hard disk (with non-volatile cache) properties, allowing you to manage:

 Use of non-volatile cache.

 Startup and resume optimizations.

 Solid state mode.

 Power savings mode.


Computer Configuration

   └ Administrative Templates

      └ System

         └ Disk NV Cache



Internet Explorer 7

Replaces and expands the current settings in the Internet Explorer Maintenance extension to allow administrators the ability to read the current settings without affecting values.

Computer Configuration

   └ Administrative Templates

      └ Windows Components

         └ Internet Explorer

User Configuration

   └ Administrative Templates

      └ Windows Components

         └ Internet Explorer



Networking: Quarantine

Manages three components:

 Health Registration Authority (HRA)

 Internet Authentication Service (IAS)

 Network Access Protection (NAP)



Computer Configuration

   └ Windows Settings

      └ Security Settings

         └ Network Access Protection



Networking: Wired Wireless

Applies a generic architecture for centrally managing existing and future media types.

Computer Configuration

   └ Windows Settings

      └ Security Settings

         └ Wired Network (IEEE 802.11) Policies

Computer Configuration

   └ Windows Settings

      └ Security Settings

         └ Wireless Network (IEEE 802.11) Policies



Power Management

Configures any current power management options in the Control Panel.

Computer Configuration

   └ Administrative Templates

      └ System

         └ Power Management



Removable Storage

Allows administrators to protect corporate data by limiting the data that can be read from and written to removable storage devices. Administrators can enforce restrictions on specific computers or users without relying on third party products or disabling the buses.

Computer Configuration

   └ Administrative Templates

      └ System

         └ Removable Storage Access

User Configuration

   └ Administrative Templates

      └ System

         └ Removable Storage Access



Security Protection

Combines the management of both the Windows Firewall and IPsec technologies to reduce the possibility of creating conflicting rules. Administrators can specify which applications or ports to open and whether or not connections to those resources must be secure.

Computer Configuration

   └ Windows Settings

      └ Security Settings

         └ Windows Firewall with Advanced Security



Shell Application Management

Manages access to the toolbar, taskbar, Start menu, and icon displays.

User Configuration

   └ Administrative Templates

      └ Start Menu and Taskbar


Shell First Experience, Logon, and Privileges

Configures the logon experience to include expanded Group Policy settings in:

 Roaming User Profiles.

 Redirected folders.

 Logon dialog screens.



User Configuration

   └ Administrative Templates

      └ Windows Components


Shell Sharing, Sync, and Roaming

Customizes:

 Autorun for different devices and media.

 Creation and removal of partnerships.

 Synchronization schedule and behavior.

 Creation and access to workspaces.


User Configuration

   └ Administrative Templates

      └ Windows Components


Shell Visuals

Configures the desktop display to include:

 AERO Glass display.

 New screen saver behavior.

 Search and views.



User Configuration

   └ Administrative Templates

      └ Windows Components


Tablet PC

Configures Tablet PC to include:

 Tablet Ink Watson and Personalization features.

 Tablet PC desktop features.

 Input Panel features.

 Tablet PC touch input.


Computer Configuration

   └ Administrative Templates

      └ Windows Components

         └ Tablet PC

User Configuration

   └ Administrative Templates

      └ Windows Components

         └ Tablet PC



Terminal Services

Configures the following features to enhance the security, ease-of-use, and manageability of Terminal Services remote connections. You can:

 Allow or prevent redirection of additional supported devices to the remote computer in a Terminal Services session.

 Require the use of Transport Layer Security (TLS) 1.0 or native Remote Desktop Protocol (RDP) encryption, or negotiate a security method.

 Require the use of a specific encryption level (FIPS Compliant, High, Client Compatible, or Low).



Computer Configuration

   └ Administrative Templates

      └ Windows Components

         └ Terminal Services

User Configuration

   └ Administrative Templates

      └ Windows Components

         └ Terminal Services



Troubleshooting and Diagnostics

Controls the diagnostic level from automatically detecting and fixing problems to indicating to the user that assisted resolution is available for:

 Application issues.

 Leak detection.

 Resource allocation.



Computer Configuration

   └ Administrative Templates

      └ System

         └ Troubleshooting and Diagnostics



User Account Protection

Configures the properties of user accounts to:

 Determine behavior for the elevation prompt.

 Elevate the user account during application installs.

 Identify the least-privileged user accounts.

 Virtualize file and registry write failures to per-user locations.


Computer Configuration

   └ Windows Settings

      └ Security Settings

         └ Local Policies

            └ Security Options


Windows Error Reporting

Disables Windows Feedback only for Windows or for all components. By default, Windows Feedback is turned on for all Windows components.

Computer Configuration

   └ Administrative Templates

      └ Windows Components

         └ Windows Error Reporting

User Configuration

   └ Administrative Templates

      └ Windows Components

         └ Windows Error Reporting




Network Load Balancing Improvements


In the Windows Server® 2008 operating system, the improvements to Network Load Balancing (NLB) include support for Internet Protocol version 6 (IPv6) and Network Driver Interface Specification (NDIS) 6.0, Windows Management Instrumentation (WMI) enhancements, and improved functionality with Microsoft Internet Security and Acceleration (ISA) Server.

What does Network Load Balancing do?


NLB is a feature that distributes the load for networked client/server applications across multiple cluster servers. It is part of the Windows scale out functionality and is one of three Windows Clustering technologies.

Who will be interested in this feature?


NLB is used by IT professionals who need to distribute client requests across a set of servers. It is particularly useful for ensuring that stateless applications, such as a Web server running Internet Information Services (IIS), can be scaled out by adding additional servers as the load increases. NLB provides scalability by allowing you to easily replace a malfunctioning server or add a new server.

Are there any special considerations?


You must be a member of the Administrators group on the host that you are configuring by using NLB, or you must have been delegated the appropriate authority.

What new functionality does this feature provide?


NLB includes the following improvements:

Support for IPv6. NLB fully supports IPv6 for all communication.

Support for NDIS 6.0. The NLB driver has been completely rewritten to use the new NDIS 6.0 lightweight filter model. NDIS 6.0 retains backward compatibility with earlier NDIS versions. Improvements in the design of NDIS 6.0 include enhanced driver performance and scalability and a simplified NDIS driver model.

WMI Enhancements. The WMI enhancements to the MicrosoftNLB namespace are for IPv6 and multiple dedicated IP address support.

 Classes in the MicrosoftNLB namespace support IPv6 addresses (in addition to IPv4 addresses).

 The MicrosoftNLB_NodeSetting class supports multiple dedicated IP addresses by specifying them in DedicatedIPAddresses and DedicatedNetMasks.

Enhanced functionality with ISA Server. ISA Server can configure multiple dedicated IP addresses per each NLB node for scenarios where clients consist of both IPv4 and IPv6 traffic. Both IPv4 and IPv6 clients need to access a particular ISA Server to manage the traffic. ISA can also provide NLB with SYN attack and timer starvation notifications (these scenarios typically occur when a computer is overloaded or is being infected by an Internet virus).

Support for multiple dedicated IP addresses per node. NLB fully supports defining more than one dedicated IP address per node. (Previously only one dedicated IP address per node was supported.)




Download 1.83 Mb.

Share with your friends:
1   ...   27   28   29   30   31   32   33   34   35




The database is protected by copyright ©ininet.org 2024
send message

    Main page