What's New in Security in Windows Server 2008

Updated: May 1, 2008

Applies To: Windows Server 2008

This page lists security-related features, products, and product suites that have changed significantly or are new in the Windows Server® 2008 operating system. Links to detailed information about these changes are provided where available.

What's New for Operating System Hardening and Integrity for Windows Server 2008

  • Security improvements to the kernel

    • Kernel patch protection for 64-bit editions

    • Security improvements to the heap manager

    • Security improvements to the registry

    • Code integrity

    • Data Execution Prevention

    • Address Space Layout Randomization

    • Windows Resource Protection

  • Security improvements to Windows services

    • Windows service hardening

    • Session 0 isolation

    • Named pipe hardening

  • Windows Integrity Mechanism

  • Windows Internet Explorer 7

    • Protected mode

    • Extended Validation SSL certificates

    • Internet Explorer Administration Kit 7

  • Extensible logon architecture

  • Cryptography Next Generation

  • Authentication protocol improvements

    • Windows implementation of the Kerberos protocol

    • TLS/SSL cryptographic enhancements

What's New for Server Protection in Windows Server 2008

  • Server role security configuration

  • Server Core installation option

  • User Account Control

  • Web Server (IIS) role

  • Backup and recovery

What's New for Network and Edge Protection in Windows Server 2008

  • Windows Firewall with Advanced Security

  • Network Policy and Access Services role

    • Network Policy Server

    • Network Access Protection

    • Routing and Remote Access

What's New for Secure Configuration Assessment and Management in Windows Server 2008

  • Security auditing

  • Server security policy management

  • Security Configuration Wizard

  • Authorization Manager

  • Group Policy

  • Active Directory Domain Services

    • Fine-grained password policies

    • Auditing

What's New for Identity Management in Windows Server 2008

  • Smart cards

  • 802.1X authenticated wired and wireless access

  • Backup and restore of stored user names and passwords

  • Credential Security Service Provider and single sign-on for Terminal Services logon

  • Previous logon information

What's New for Access Control in Windows Server 2008

  • Access control user interface

  • TrustedInstaller SID

  • Restricted SIDs checks

  • File system namespace modifications

  • Default permissions changes

  • Changes to tokens

  • Integrity levels

  • Icacls command-line tool

  • OwnerRights SID

What's New for Information Protection in Windows Server 2008

  • BitLocker Drive Encryption

  • Encrypting File System

  • Active Directory Certificate Services

    • Cryptography Next Generation

    • Online Certificate Status Protocol

    • Network Device Enrollment Service

    • Web enrollment

    • Policy settings

    • Restricted enrollment agent

    • Enterprise PKI snap-in

  • Active Directory Domain Services

  • Active Directory Rights Management Services

See Also

Community Additions