Changes in Functionality in Windows Server Code Name "Longhorn"
Microsoft Corporation
Published: January 2007
Project Author: Simon Farr
Project Editor: Carolyn Eller
Abstract
In Microsoft® WindowsServer® CodeName "Longhorn", Microsoft is introducing many new features and technologies that will help to increase the security of computers running WindowsServer "Longhorn", increase productivity, and reduce administrative overhead. This document describes some of these features and technologies.
This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release, and is the confidential and proprietary information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure agreement between the recipient and Microsoft. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2006 Microsoft Corporation. All rights reserved.
Active Directory, BitLocker, Microsoft, MS-DOS, SharePoint, Windows, WindowsNT, and WindowsServer are either registered trademarks or trademarks of MicrosoftCorporation in the UnitedStates and/or other countries.
All other trademarks are property of their respective owners.
Contents
Changes to Functionality in Microsoft Windows Server Code Name “Longhorn"
Document History
Other Resources and Feedback
Active Directory Certificate Services: Enterprise PKI (PKIView)
What does PKIView do?
Who does PKIView apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Support for Unicode characters
Active Directory Certificate Services: Network Device Enrollment Service
What does NDES do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by NDES
What settings are added or changed in WindowsServer Longhorn?
How should I prepare to deploy this feature?
Active Directory Certificate Services: Online Certificate Status Protocol Support
What does OCSP support do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by Online Responder in WindowsServer"Longhorn"?
Online Responder
Why is this functionality important?
What works differently?
How should I prepare for this change?
Responder Arrays
Why is this functionality important?
What works differently?
How should I prepare for this change?
What Group Policy settings have been added to support OCSP in WindowsServer "Longhorn"?
How should I prepare to deploy this feature?
Active Directory Certificate Services: Policy Settings
What are certificate settings in Group Policy?
Who do certificate settings in Group Policy apply to?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Managing peer trust and trusted root CA stores
Why is this functionality important?
How should I prepare for this change?
Managing trusted publishers
Why is this change important?
How should I prepare for this change?
Blocking certificates that are not trusted according to policy
Why is this change important?
How should I prepare for this change?
Managing retrieval of certificate-related data
Why is this change important?
How should I prepare for this change?
Managing expiration times for CRLs and OCSP responses
Why is this change important?
How should I prepare for this change?
Deploying certificates
Why is this change important?
How should I prepare for this change?
How should I prepare to deploy this feature?
Active Directory Certificate Services: Web Enrollment
What does certificate Web enrollment do?
Who does certificate Web enrollment apply to?
What existing functionality of certificate Web enrollment is changing in WindowsServer"Longhorn"?
Why is the change from XEnroll to CertEnroll important?
What works differently?
How should I prepare to deploy certificate Web enrollment?
Active Directory Domain Services: Auditing
What does ADDS auditing do?
Who does this feature apply to?
What existing functionality is changing in WindowsServer"Longhorn"?
Auditing ADDS access
Why is this change important?
What works differently?
Global audit policy
SACL
Schema
What settings are added or changed in WindowsServer "Longhorn"?
Registry settings
Group Policy settings
Active Directory Domain Services: Read-Only Domain Controllers
What does an RODC do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Read-only Active Directory database
Unidirectional replication
Credential caching
Administrator role separation
Read-only Domain Name System
What settings are added or changed in WindowsServer "Longhorn"?
How should I prepare to deploy this feature?
Active Directory Domain Services: Restartable Active Directory Domain Services
What does restartable ADDS do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
What existing functionality is changing in WindowsServer"Longhorn"?
Active Directory Domain Services: User Interface Improvements
What do ADDS user interface improvements do?
Who do ADDS user interface improvements apply to?
Are there any special considerations about ADDS user interface improvements?
What new functionality is provided by ADDS user interface improvements in WindowsServer"Longhorn"?
New Active Directory Domain Services Installation Wizard
New MMC snap-in functions
Active Directory Lightweight Directory Services
What does ADLDS do?
Who does ADLDS apply to?
Are there any special considerations about ADLDS?
Do I need to change any existing code to work with WindowsServer"Longhorn"?
Active Directory Rights Management Services
What does ADRMS do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Improved installation and administration experience
Why is this functionality important?
Self-enrollment of ADRMS server
Why is this functionality important?
What works differently?
How should I prepare for this change?
Integration with ADFS
Why is this functionality important?
How should I prepare for this change?
New ADRMS Administrative Roles
Why is this functionality important?
How should I prepare for this change?
What existing functionality is changing in WindowsServer"Longhorn"?
Cryptography Next Generation
What does CNG do?
Who does CNG apply to?
Are there any special considerations about CNG?
How should I prepare for CNG?
How should I prepare to deploy this feature?
DNS Server Role
What does a DNS server do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Background zone loading
Why is this functionality important?
Support for IPv6 addresses
Why is this functionality important?
How should I prepare for this change?
Read-only domain controller support
Why is this functionality important?
GlobalNames zone
DNS client changes
LLMNR
Changes to the ways in which clients locate domain controllers
Failover Clustering
What does a failover cluster do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
New validation wizard in Windows Server "Longhorn"
Support for GPT disks in cluster storage
What existing functionality is changing in WindowsServer"Longhorn"?
Improvements to setup and migration
Improvements to management interfaces
Improvements to stability and security for increased availability
Improvements to the way a cluster works with storage
Improvements to networking and security
Do I need to change any existing code to work with WindowsServer"Longhorn"?
How should I prepare to deploy this feature?
Internet Information Services (IIS) 7.0
What does IIS 7.0 do?
Flexible extensibility model for powerful customization
Powerful diagnostic and troubleshooting tools
Delegated administration
Enhanced security and reduced attack surface through customization
True application xcopy deployment
Application and health management for WCF services
Improved administration tools
Who will be interested in this feature?
What existing functionality is changing in WindowsServer"Longhorn"?
Configuration
Why is this change important?
What works differently?
How do I fix issues? How should I prepare for this change?
Administration tools
Why is this change important?
What works differently? Are there any dependencies?
Core server
Why is this change important?
What works differently?
How do I fix these issues?
Diagnostics
Why is this functionality important?
What works differently?
Do I need to change any existing code to work with WindowsServer"Longhorn"?
Additional Resources
Network Access Protection
What does Network Access Protection do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Why is this functionality important?
Key Processes of NAP
Policy validation
NAP enforcement and network restriction
Remediation
Ongoing monitoring to ensure compliance
NAP enforcement methods
NAP enforcement for IPsec communications
NAP enforcement for 802.1X
NAP enforcement for VPN
NAP enforcement for DHCP
Combined approaches
How should I prepare to deploy this feature?
NAP client components
NAP server components
Additional Information
Network Policy and Access Services
Role services for Network Policy and Access Services
Managing the Network Policy and Access Services server role
Additional Resources
Networking: Network Load Balancing Improvements
What does Network Load Balancing do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Networking: Next Generation TCP/IP Protocols and Networking Components
New functionality provided by Next Generation TCP/IP Protocols and Networking Components in WindowsServer"Longhorn"
Next Generation TCP/IP stack
Receive Window Auto-Tuning
Compound TCP
Enhancements for high-loss environments
Neighbor Unreachability Detection for IPv4
Changes in dead gateway detection
Changes in PMTU black hole router detection
Routing Compartments
Network Diagnostics Framework support
Windows Filtering Platform
Explicit Congestion Notification
IPv6 Enhancements
IPv6 enabled by default
Dual IP stack
GUI-based configuration
Teredo enhancements
Integrated IPsec support
Multicast Listener Discovery version 2
Link-Local Multicast Name Resolution
IPv6 over PPP
Random interface IDs for IPv6 addresses
DHCPv6 support
Quality of Service
Policy-based QoS for enterprise networks
Server Core
What does Server Core do?
Optional Features
Who will be interested in this feature?
What new functionality does Server Core provide?
Why is this change important? What threats does it mitigate?
What works differently?
How do I fix any issues?
What settings are added or changed in Server Core?
Do I need to change my code to work with Windows Server “Longhorn”?
What do I need to change in my environment to deploy Server Core?
Hardware prerequisites for optional features
Additional Resources
Server Manager
What does Server Manager do?
Who does Server Manager apply to?
Are there any special considerations about Server Manager?
What server roles and features are available in WindowsServer "Longhorn"?
Server roles
Features
What new functionality is provided by Server Manager in WindowsServer"Longhorn"?
Initial Configuration Tasks
Default Settings in Initial Configuration
Why is Initial Configuration Tasks important?
What works differently?
Server Manager Console
Why is the Server Manager console important?
Server Manager Wizards
Add Roles Wizard
Add Role Services Wizard
Add Features Wizard
Remove Roles Wizard
Remove Role Services Wizard
Remove Features Wizard
Why are the Server Manager wizards important?
What works differently?
What settings are added or changed in WindowsServer "Longhorn"?
Group Policy Settings
How should I prepare to deploy Server Manager?
How do I open Server Manager?
Additional Resources
Terminal Services and Windows System Resource Manager
Who will be interested in this feature?
What new functionality is provided by this feature?
How should I prepare to use WSRM with Terminal Services?
Installing Terminal Server
Installing WSRM
Configuring WSRM for Terminal Services
Windows System Resource Manager Snap-In
Resource-Allocation Policies
Monitoring Performance
Terminal Services Core Functionality
Who will be interested in these features?
Are there any special considerations about these features?
What new functionality is provided by these features?
Remote Desktop Connection6.0
Plug and Play Device redirection for media players and digital cameras
Microsoft Point of Service for .NET device redirection
Configuring a terminal server
Configuring a Remote Desktop Protocol file
Using redirected Microsoft POS for .NET devices
Remote Desktop Connection display
Custom display resolutions
Monitor spanning
Desktop Experience
Desktop composition
Font smoothing
Display data prioritization
Single sign-on
Prerequisites for deploying single sign-on
Recommended configuration of a terminal server when using single sign-on
Terminal Services Licensing
What does TSLicensing do?
Who will be interested in TSLicensing?
What new functionality is provided by TSLicensing?
How should I prepare to use TSLicensing?
Are there any special considerations about TSLicensing?
Terminal Services Remote Programs (TS Remote Programs)
What does Remote Programs do?
Who will be interested in this feature?
Are there any special considerations about this feature?
What new functionality is provided by Remote Programs in WindowsServer"Longhorn"?
Ability to run programs remotely
Why is Remote Programs important?
What works differently?
What do I need to do to resolve any issues introduced by Remote Programs?
How should I prepare for this change?
Do I need to change any existing code to work with WindowsServer"Longhorn"?
Terminal Services Web Access (TS Web Access)
What does TSWeb Access do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Lets you easily deploy Terminal Services Remote Programs over the Web
Why is this functionality important?
What works differently?
How should I prepare for this change?
List of Remote Programs is dynamically updated
Why is this functionality important?
What works differently?
How should I prepare for this change?
Includes the Terminal Services Remote Programs Web Part
Why is this functionality important?
What works differently?
How should I prepare for this change?
Windows Deployment Services Role
What does Windows Deployment Services do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Create a capture image
Why is this functionality important?
Capture an installation image using the Image Capture Wizard
Why is this functionality important?
Associate an unattended installation file with an image
Configuring Windows Deployment Services unattended installation
Configuring Windows Setup unattended installation
Why is this functionality important?
Associate a Language Pack with an installation image
Why is this functionality important?
Create a discover image
Why is this functionality important?
Do I need to change any existing code to work with WindowsServer"Longhorn"?
How should I prepare to deploy this feature?
Additional Resources
Windows Server Backup
What does Backup do?
Who does Backup apply to?
Are there any special considerations about Backup?
What new functionality is provided by Backup in WindowsServer"Longhorn"?
Windows Reliability and Performance Monitor
What does Windows Reliability and Performance Monitor do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature in WindowsServer"Longhorn"?
Data Collector Sets
Wizards and templates for creating logs
Resource View
Reliability Monitor
Unified property configuration for all data collection, including scheduling
User-friendly diagnosis reports
Do I need to change any existing code to work with WindowsServer"Longhorn"?
Windows SharePoint Services
What does Windows SharePoint Services do?
Who does this feature apply to?
Are there any special considerations about this feature?
What new functionality is provided by this feature?
Administration model enhancements
Centralized configuration and management
Two-tier administration model