What's New in Security in Windows Server 2008

Applies To: Windows Server 2008

This page lists security-related features, products, and product suites that have changed significantly or are new in the Windows Server® 2008 operating system. Links to detailed information about these changes are provided where available.

Security and protection

What's New for Operating System Hardening and Integrity for Windows Server 2008

  • Security improvements to the kernel

    • Kernel patch protection for 64-bit editions

    • Security improvements to the heap manager

    • Security improvements to the registry

    • Code integrity

    • Data Execution Prevention

    • Address Space Layout Randomization

    • Windows Resource Protection

  • Security improvements to Windows services

    • Windows service hardening

    • Session 0 isolation

    • Named pipe hardening

  • Windows Integrity Mechanism

  • Windows Internet Explorer 7

    • Protected mode

    • Extended Validation SSL certificates

    • Internet Explorer Administration Kit 7

  • Extensible logon architecture

  • Cryptography Next Generation

  • Authentication protocol improvements

    • Windows implementation of the Kerberos protocol

    • TLS/SSL cryptographic enhancements

Threats and vulnerabilities mitigation

What's New for Server Protection in Windows Server 2008

  • Server role security configuration

  • Server Core installation option

  • User Account Control

  • Web Server (IIS) role

  • Backup and recovery

What's New for Network and Edge Protection in Windows Server 2008

  • Windows Firewall with Advanced Security

  • Network Policy and Access Services role

    • Network Policy Server

    • Network Access Protection

    • Routing and Remote Access

Secure configuration assessment and management

What's New for Secure Configuration Assessment and Management in Windows Server 2008

  • Security auditing

  • Server security policy management

  • Security Configuration Wizard

  • Authorization Manager

  • Group Policy

  • Active Directory Domain Services

    • Fine-grained password policies

    • Auditing

Identity and access control

What's New for Identity Management in Windows Server 2008

  • Smart cards

  • 802.1X authenticated wired and wireless access

  • Backup and restore of stored user names and passwords

  • Credential Security Service Provider and single sign-on for Terminal Services logon

  • Previous logon information

What's New for Access Control in Windows Server 2008

  • Access control user interface

  • TrustedInstaller SID

  • Restricted SIDs checks

  • File system namespace modifications

  • Default permissions changes

  • Changes to tokens

  • Integrity levels

  • Icacls command-line tool

  • OwnerRights SID

What's New for Information Protection in Windows Server 2008

  • BitLocker Drive Encryption

  • Encrypting File System

  • Active Directory Certificate Services

    • Cryptography Next Generation

    • Online Certificate Status Protocol

    • Network Device Enrollment Service

    • Web enrollment

    • Policy settings

    • Restricted enrollment agent

    • Enterprise PKI snap-in

  • Active Directory Domain Services

  • Active Directory Rights Management Services

See Also

Concepts

Security and Protection
Threats and Vulnerabilities Mitigation
Secure Configuration Assessment and Management
Identity Management, Access Control, and Information Protection
Security Tools

Other Resources

Windows Server 2008 Security Technologies A-Z [LHS Nav page]
Library [LHS nav]