Resouce Guides / Windows Server 2008

Top 10 Overlooked Features of Windows Server 2008

Windows Server 2008 is on its way. With the first release candidate in the pipeline, it shouldn't be long before release to manufacturing and general availability.

With such a long development time (it's the first new Windows Server OS since 2003,) the showstopping new features have been well publicized: Most IT pros are familiar with at least some of the details of Server Core, PowerShell and Windows Server Virtualization (codenamed Viridian). But Windows 2008 includes a lot more than those headliners.

To that end, we're presenting the Top 10 overlooked features of Windows 2008. We spoke with Ward Ralston, senior technical product manager for Windows Server, to help us build our list. These items haven't garnered the same kind of press attention, hype and word-of-mouth as the others, but they're nonetheless important - maybe very important - to your network.

10. The Print Management Console (PMC). This was originally released with Windows Server 2003 R2. But unlike the R2 release, it's a native function in Windows 2008, and available to everyone. PMC is a snap-in for the Microsoft Management Console (MMC), which lets an admin see every printer in an entire organization, from one console. In addition, you can use Group Policy to map printers to specific user groups, so that the Accounting folks won't be hogging printers that Engineering needs.

9. Auditpol. This is a verbose logging tool that allows you to configure, create, back up and restore audit policies on any computer in your organization. In these days of regulatory compliance, auditing is more important than ever, and Auditpol may eliminate the need for a third-party auditing program. It includes a greatly expanded list of auditing counters from the simple tools available in Windows 2003, and hundreds of different categories that let you "create a paper trail of what's going on inside your OS," Ralston says.

8. Windows Remote Shell (WinRS). To connect to a command prompt on a remote computer in Windows 2003, an admin needed to use Terminal Services. TS worked well but wasn't scalable, requiring a connection to a console on each remote computer. WinRS makes secure connections to as many remote computers as necessary, all from a single console. That could be a significant time-saver for admins.

7. Event forwarding. This benefit is available to organizations that run Vista on their desktops. Event forwarding aggregates and forwards logs of chosen computers back to a central console, making management much more efficient. Say you're an admin and you start getting calls from users who are seeing the dreaded "Event 51" pop up on their screens, indicating a logon problem. Instead of employing sneakernet technology -- running from machine to machine to comb through security events or other problems -- you simply "subscribe" Vista computers through your console, and they send whatever information you ask for right to your door.

6. Active Directory Rights Management Services (AD RMS). In Windows 2003, this was known as Windows Rights Management Services. It was available in Windows 2003, but only as an add-on product for purchase. It's built into Windows 2008, and includes some upgrades. AD RMS assists in the creation of rights-protected files, licensing rights-protected information, and checking to make sure that only authorized users have access to rights-protected data. Some of the enhancements for Windows 2008 include the ability to administer AD RMS through the MMC, and delegate AD RMS tasks through "administrative roles."

5. New password policies. In Active Directory (AD), the domain is a security boundary. In the forerunner to Windows 2008, Windows Server 2003, that boundary led to the restriction of one password policy per domain. That is a limiting requirement, one that's been done away with in Windows 2008. Now you don't have to create new domains to have a new password policy; just set password policies for specific groups or users. If your C-level execs need more stringent policies than your administrative assistants, it's easy to do in Windows 2008.

4. Group Policy (GP) improvements. There are two changes that Ralston said were at the top of the list for GP managers, and they've both made it into Windows 2008. The first is a searchable database for GP settings. Most admins have used Excel spreadsheets to track their GP settings. Given that there can be thousands of such settings, it's obvious that this can quickly become an unwieldy situation. Now, within the Group Policy Management Console (GPMC), admins can search for policies, throwing off the Excel yoke and drastically speeding up the process.

3. The second GP upgrade is the ability to attach comments to GP settings. Being able to add comments to settings will not only help the present admin, but future admins as well who have to troubleshoot GP. When you're configuring a GP, for instance, you can say why you're making this particular policy; then, when you need to troubleshoot or reconfigure that policy, you (or your successor) can see why the policy was created in the first place. In addition, when you do GP modeling, to figure out how different policies will interact and impact your environment, those comments can show up in reports, easing your GP architecting.

2. One of the chief concerns IT pros have when upgrading or migrating to a new OS is ease of installation. Although Ralston could not give specific details, he did drop some tantalizing hints on what's to come on this front. It's an "umbrella deployment technology that will give customers prescriptive guidance on upgrade and migration" strategies, he says. It will provide admins "tools to successfully deploy, update and maintain Windows Server 2008." Ralston promised that more information will be coming on these advanced technologies in November. It will be first announced on the Windows Server Team blog on Technet.

1. Potentially huge network speed increases. Networks move more data than ever, but owing to outdated network stacks, those networks increasingly look like a Los Angeles freeway. In Microsoft's case, the amount of data that can be sent in a packet has remained static at about 64KB since 1995, roughly the Mesozoic era in computing terms. That size packet translates into top-end data throughput of about 5 MB. In terms of efficiency, Ralston says, "It's like having a semi truck, putting one box in it and driving around." In other words, it doesn't matter how big and fast your network pipes are if the packet size stays tiny.

The entirely reworked network stack in Windows 2008 includes new technologies that allow for a much bigger packet to enter the network. It can also resize -- on the fly -- the size of the packets on the network, making it more efficient. The limit on packet size has been upped to 512KB, which ultimately translates into data throughput of 40MB. In other words, your network, if properly configured and tuned, could be eight times faster than it is now. Sound good?

Contact Us | Authors | Subject Index | RSS Feeds

Copyright ©2007