Windows Server 2008 – New Features – Part 3

This is the third part of my review of the new features in Windows Server 2008.

Network Access Protection (NAP)

Network Access Protection is one of my favorite new features of Server 2008 because I’ve been in a few companies which asked specifically for such a functionality. There are third-party applications that allow this and some cisco gear also permits this but the management is sometimes problematic and decentralized. Windows Server 2008 allows you to implement NAP very easily and uses Server Manager for management and monitoring.

The purpose of Network Access Protection is to prevent unauthorized machines from getting onto your network. Using a Security Policy(or many policies…), Windows Server will verify the health of client computers (Vista and XP SP3 are supported) that connect to the network. Once their compliance is established, an action is taken depending on the settings you chose in the policy. Non-compliant machines are either denied network access completely or redirected to a secured subnet where they might only have access to the internet(for consultants, perhaps) or have access to the necessary resources to correct the problems that were found.

The requirements you choose to determine your system health can include certain software installations (anti virus, or a specific corporate software), patch level and even some computer settings such as having a firewall enabled. Once computer health is determined to be under par, you could set an auto-remediation policy which can automatically correct the problems found on client machines to allow them to connect more quickly.

Windows Firewall with Advanced Security

Previous versions of Windows Server had the firewall included in the bundle but it was not enabled by default. Windows Server 2008 ships with the firewall enabled. Most administrators tend to simply disable (or just not turn it on) the firewall in windows because it is fairly useless in the sense that it blocks only incoming traffic. So if your machine is being used as a launch pad for a virus, you might never know about it until it’s too late. The firewall in Server 2008 however, is much better because it monitors incoming AND outgoing traffic as well as offer the possibility to encrypt your traffic for increased security.

When administrators actually ended up using the old firewall, it was usually like swiss cheese because there were way too many ports opened. Everyone has probably done this: you need to figure out how to make a certain software go through your firewall, so you poke holes into it by opening a bunch of ports and when you finally get everything running, you don’t always go back to remove the unnecessary ports since you don’t really know which ones they are. Server 2008 offers a bit more flexibility on this perspective. Because the new firewall is integrated with roles-based installs and IPSec, whenever you add or remove a role on the server, the firewall gets configured automatically in the background, leaving nothing to chance(or your admin’s knowledge)

Windows PowerShell

The Windows PowerShell is a new command-line shell, based on the .NET Framework. Those who like managing servers through the use of text commands will certainly enjoy this new addition. Powershell was available as a download previously but is now built-in to Windows Server and adds many new possibilities to the “command-line enabled” administrators.

Because the PowerShell is based on .NET, it allows you to enter and return .NET objects. This has power written all over it. Windows PowerShell introduces the concept of a cmdlet, a simple, single-function command-line tool built into the shell. Windows PowerShell includes more than 130 standard cmdlets, and you can write your own cmdlets. Each cmdlet can be used separately, but their power is realized when you combine these simple tools to perform complex tasks.

You can use the PowerShell for pretty much anything including adding/removing/configuring server roles like IIS 7 and Terminal Server, or managing Microsoft Exchange Server 2007 or Operations Manager 2007.

The Complete Article:
Windows Server 2008 – New Features – Part 1
Windows Server 2008 – New Features – Part 2
Windows Server 2008 – New Features – Part 3
Windows Server 2008 – New Features – Part 4

2 Thoughts on “Windows Server 2008 – New Features – Part 3

  1. Pingback: Windows Server 2008 new features | Tech for Lunch!

  2. Pingback: Windows Server 2008 - New Features - Part 3 | Windows 2008 Security

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Post Navigation