Changes in Server Role Security in Windows Server 2008 R2

Applies To: Windows Server 2008 R2

This product evaluation topic for the IT professional lists security considerations, improvements, and new security features for server roles that are available in Windows Server 2008 R2. The following table of security changes and features provides an overview and resources for each server role available in Windows Server 2008 R2.

Server role Security-related changes Additional resources

Active Directory Certificate Services

The Certificate Enrollment Web Service has been added to allow enrollment via HTTP.

The Renew on Behalf Of feature has been added.

What's New in Active Directory Certificate Services

Domain Name Services

The DNS server and client use Domain Name System Security Extensions (DNSSEC) so you can sign and host DNSSEC-signed zones to provide security for your DNS infrastructure.

What's New in DNS

Remote Desktop Services

There are no significant security-related changes.

Network Access Protection

The status of Network Access Protection (NAP) can now be viewed from the System and Security item in the Control Panel.

What's New in Network Access Protection

Distributed File System

Read-only domain controllers have read-only SYSVOL folders that prevent users or administrators from altering files in the folder.

Read-only replicated folders have been added to prevent users from adding or changing files.

You can use the DFS Management snap-in to enable access-based enumeration for a Distributed File System (DFS) namespace.

Failover Cluster

There are no significant security-related changes.

What's New in Failover Clusters

Active Directory Domain Services

The Authentication mechanism assurance feature has been added to control access to resources, such as files, folders, and printers, based on whether the user logs on with a certificate-based logon method and the type of certificate that is used for logon.

What's New in Active Directory Domain Services

Group Policy

There are no significant security-related changes.

What's New in Group Policy

Web Server (IIS)

Request filtering has been added to allow you to restrict the types of HTTP requests that Internet Information Services (IIS) will process.

Network Policy Server

There are no significant security-related changes.

What's New in Network Policy Server (NPS)

Networking

The Direct Access feature has been added to provide remote, Internet-connected users with access to your organization network resources without using gateway technologies such as virtual private network (VPN) or Terminal Services.

What's New in Networking