As with each previous version of Windows Server, Microsoft has introduced several new components and enhanced many other components to improve the functional- ity and manageability of Windows Server 2012 and Windows Server 2012 R2. This section briefly summarizes these components, many of which you will learn about later in this book, and others that you will learn about as you progress to the Cert Guides that deal with the other MCSA/MCSE exams on Windows Server 2012. Immediately following this list is a summary of new features specific to Windows Server 2012 R2.
■ New and improved features in Windows PowerShell: Windows Power- Shell 3.0 in Windows Server 2012 provides many new significant features that enable you to use its capabilities in many additional situations. The control and management of Windows-based environments from Windows Power- Shell 3.0 is easier and more comprehensive than what was formerly possible in Power Shell 2.0; at the same time, all cmdlets and other capabilities of Power- Shell 2.0 work in PowerShell 3.0 without the need for changes. We mention several areas of enhanced PowerShell management within this list.
■ Improved networking capabilities: Windows Server 2012 enables you to manage the entire network from a single server. You can have the reliability and scalability of multiple servers at a lower cost. Downtime of file services availability is minimized by means of data redundancy and automatic rerout- ing of traffic around points of failure, so that users can always access required files and folders. For 802.1X authenticated wired and wireless access using the Extensible Authentication Protocol (EAP), support for the new EAP- Tunneled Transport Layer Security (EAP-TTLS) authentication type has been added.
■ Improvements to BranchCache: BranchCache now copies content from the
head office or hosted cloud content servers and caches this content at branch office locations. This enables branch office client computers to access this con- tent locally and reduces the need for connections across the WAN.
■ Improvements to Dynamic Host Configuration Protocol (DHCP):
DHCP in Windows Server 2012 enables you to set up two servers to supply IP addressing information on the same scope for improved availability of DHCP services to client computers. The two servers replicate lease information between them to allow for load balancing and failover capabilities and ensure
ptg14504686 that duplicate IP addresses are never leased. You can also specify policies that
govern IP address assignment and option configuration at the scope level or on a server-wide basis. Improved PowerShell cmdlets are also available for scripted management purposes. Also included is a new technology called IP Address Management (IPAM), which discovers, monitors, audits, manages, and reports on the IP address space used on a corporate network.
■ Improvements to Network Policy and Access Services: Microsoft has enhanced the role services of Network Policy Server (NPS), Health Registra- tion Authority (HRA), and Host Credential Authorization Protocol (HCAP) role services for remote authentication and authorization of Remote Authen- tication Dial-In User Service (RADIUS) servers and clients. Also included is the use of PowerShell to automate the installation and configuration of NPS servers.
■ System Center 2012 SP1: Works with Windows Server 2012 to define a software-based networking solution that connects across cloud implementa- tions of various sizes.
■ Enhanced cloud computing capabilities: Microsoft has built a platform that it calls “the Cloud OD,” which integrates Windows Server 2012 into modern datacenters by providing an infrastructure that goes beyond virtualization to maximize the deliverance of cloud services. Multiple servers can be managed and made continuously available with high levels of efficiency. In addition, Hyper-V network virtualization now employs a policy-based, software- controlled basis, reducing the overhead involved in managing cloud-based server virtualization. Additional new and improved capabilities to Hyper-V are too numerous to mention here; for more information, refer to Chapter 9 , “Creating and Configuring Virtual Networks.”
■ Integration with new applications: Users can access every app on any cloud through the flexibility of solutions offered by Windows Server 2012. Users can access data and applications from almost anywhere on various devices; a rich user experience with total security is provided at all times.
■ Virtual Desktop Infrastructure (VDI): VDI enables users to access data from virtually anywhere on popular mobile devices. Supported devices can provide a rich Windows 8-based desktop experience. At the same time, secu- rity of data and compliance requirements are ensured. Microsoft includes three flexible VDI deployment options: Pooled Desktops, Personal Desktops, and Remote Desktop Sessions. Remote Desktop Services provides enhanced support for VDI deployments; Session Virtualization deployments; centralized resource publishing; and a new, enriched user experience for users connecting to the server with Remote Desktop Protocol (RDP).
ptg14504686 ■ Remote FX: This is a new set of features that enables you to provide a full,
rich computing experience to users across wide-area network (WAN) con- nections. Included is the detection of end-to-end network bandwidth and techniques that help to circumvent network connection. Users can also con- nect USB devices such as flash drives and portable hard drives and see their contents within their VDI desktop.
■ User Profile Disk: A feature that enables a consistent user VDI desktop expe- rience. User productivity is enhanced by the maintenance of personalization and application data access across logons to different devices.
■ Enhanced flexible storage capabilities: Improved functionality for failover clustering in Windows Server 2012 helps to ensure the continuous availability of data to users on the network. Clusters scale up to as many as 64 nodes and 8,000 virtual machines per cluster, and improvements in cluster shared vol- umes enhance the security, performance, and availability of data to users on the network.
■ Improvements to Active Directory Domain Services (AD DS ) : AD DS
in Windows Server 2012 improves support for cloud-based networking with virtualization-safe technologies and the ability to use cloning for deployment of virtual domain controllers. The domain controller installation wizard is integrated with Server Manager and can be scripted using Windows Power- Shell. You can even install AD DS on a remotely located server. Using the Active Directory Administrative Center, you can perform graphical tasks that automatically generate Windows PowerShell commands that you can include in a script for automating repetitive administrative tasks.
■ Improvements to Domain Name System (DNS): Microsoft has enhanced support for DNS Security Extensions (DNSSEC) to include online sign- ing and automated key management. Improvements to PowerShell cmdlets enhance the configuration and management of your DNS setup.
■ Improvements to Group Policy: Microsoft has added several new function- alities to Group Policy and improved many others. New to Group Policy are capabilities for remote policy update; display of the status of Active Directory and SYSVOL replication as related to all Group Policy objects (GPOs) or a single GPO; local Group Policy support for new Windows RT devices; new Starter GPOs; and new Group Policy settings and preferences for Internet Explorer 10 and 11. Enhanced functionalities include updated reporting of Group Policy Results reports; improved application of GPOs at startup and shutdown as well as optimization of GPO processing during logons over slow WAN links; a new Invoke-GPUpdate PowerShell cmdlet that automates the
ptg14504686 updating of GPOs applied to remotely located computers; and an increased
maximum Registry.pol size that enhances the application of Group Policy processing when a GPO contains a large number of Administrative Template settings. In addition, the Group Policy Client service will sleep when the Group Policy service is idle for longer than 10 minutes, providing improved performance for client computers.
■ Improvements to BitLocker: You can now deploy Windows 8.1 and Win- dows Server 2012 R2 in an encrypted state during installation. Also new is the option to encrypt only the used space on a disk volume for a much faster encryption. BitLocker enables a standard user to change the BitLocker PIN or password on operating system volumes and data volumes as well as the capabil- ity for automatically unlocking the system volume during boot. These features reduce the help desk call volumes for lost PINs.
■ Improvements to File Server Resource Manager (FSRM): New to FSRM is Dynamic Access Control, which helps you to control and audit access to data on a file server, the capability for manually classifying files and folders without the need to create automatic classification rules, and the capability to customize the Access denied error message to Windows 8/8.1 clients attempting to access resources for which the user has no permission. Updates have also been provided for automatic classification of data and file manage- ment tasks.
■ Security enhancements: With improvements in data access that allow users to work from almost anywhere, there comes the need to ensure data security and compliance at all times and places. Microsoft has kept data security up- to-date with centralized security and compliance controls at the infrastructure and application services layers. Included are controls that factor in the roles and locations of users accessing data on the network as well as the use of secu- rity measures such as multifactor authentication and data encryption. Intro- duced in Windows Server 2012 is Dynamic Access Control (DAC), which is a new feature that helps to enhance data security and maintain compliance by factoring in user identity and device security access factors in granting access to data. You can enable users’ roaming profiles and redirected folders imme- diately available when they log on from any device and remove sensitive data availability when they log off. Security auditing has also been enhanced with new expression-based audit policies and the capability to audit new types of securable objects as well as data located on removable storage devices. Addi- tional information, including new audit events, is also now available for the auditing of file and folder access and user logons.
ptg14504686 What’s New in Windows Server 2012 R2
Microsoft has added or improved the following capabilities in Windows Server 2012 R2:
■ Windows PowerShell improvements: Windows Server 2012 R2 introduces Windows PowerShell 4.0, which continues to extend the capabilities and functionality of earlier Windows PowerShell versions. In particular, Win- dows PowerShell Desired State Configuration (DSC) extends the capabilities of managing configuration data for software services and the environments in which they run. Many additional cmdlets and parameters have also been added, as well as scripting capabilities for managing additional server roles such as Windows Deployment Services (WDS).
■ Improved networking technologies: Windows Server 2012 R2 adds new features and capabilities to 802.1X authenticated wired and wireless access. Other new features and capabilities have also been added to DHCP, DNS, Hyper-V Network Virtualization, Hyper-V Virtual Switch, Internet Pro- tocol Address Management, and Remote Access. New to Windows Server 2012 R2 is Virtual Receive-side Scaling, which enables network adapters to distribute processing load across multiple virtual processors in multicore virtual machines, and Windows Server Gateway, which is a virtual machine- based software router that enhances the capability of routing network traffic among physical and virtual networks regardless of the initial source of the network traffic.
■ Improvements to AD DS: Microsoft has enabled the integration capabilities with personal devices including smartphones, laptops, and tablets to enhance the availability and security of personal and corporate data. Devices can be associated with AD DS and used as a seamless second factor authentication, including the capacity for single sign-on (SSO) to the domain. New strategies of multifactor authentication and access control enable you to manage the risk of users accessing protected data from their devices and working from any location.
■ Improvements to Group Policy: Windows Server 2012 R2 adds enhanced support for IPv6 and event logging. Further, a new feature called Policy Caching enables the latest versions of policies to be cached locally after being downloaded from a domain controller. You can control caching behavior by configuring the new Configure Group Policy Caching policy.
■ Improvements to BitLocker: Support for device encryption has been added for computers with a TPM that supports connected standby.
ptg14504686 ■ Improvements to Remote Access: Several new features have been added in
Windows Server 2012 R2 and Windows 8.1, including multitenant site-to-site VPN gateway, multitenant remote access VPN gateway, the Web Application Proxy role service, and support for Border Gateway Protocol (BGP). Users of Windows 8.1 machines can create and edit their VPN profiles from the PC settings app.
■ New and improved data storage technologies: Windows Server 2012 R2 introduces the concept of storage pools, which are groupings of physical disks that form a pool of resources from which you can create a form of storage vir- tualization. In addition, Windows Server 2012 R2 includes a new Work Fold- ers role service, which enables users to access work data on personal computers and mobile devices.
■ Enhancements to virtual servers and virtual machine storage: Hyper-V in Windows Server 2012 R2 enables you to create two types of virtual machines: Generation 1 virtual machines are similar to those used in older Hyper-V ver- sions, while Generation 2 virtual machines provide additional features such as secure boot, the ability to boot from a SCSI virtual hard disk or virtual DVD, PXE boot from a standard network adapter, and UEFI firmware support. Storage Quality of Service (QoS) is an enhancement to Hyper-V that pro- vides the ability to set certain QoS parameters for storage on virtual machines. This provides storage performance isolation in a multiuser environment and informs you if certain performance thresholds are not being met.
NOTE This list is not intended to be exhaustive and introduces only the major new and improved technologies in Windows Server 2012 R2. For more informa- tion on improvements in Windows Server 2012 R2, refer to “What’s New in Windows Server 2012 R2” and links contained therein at http://technet.microsoft. com/en-us/ library/dn250019.aspx . In addition, for a list of older server features and functionalities that have been removed or planned for removal in Windows Server 2012 and Windows Server 2012 R2, refer to “Features Removed or Depre- cated in Windows Server 2012 R2” at http://technet.microsoft.com/en-us/library/ dn303411.aspx .
ptg14504686
Windows Server 2012 R2 Editions
Windows Server 2012 R2 is available in the following editions:
■ Windows Server 2012 R2 Foundation: Enables a Windows Server experi-
ence for a small office network of up to 15 users. No virtualization rights are included. For more information on the capabilities and limitations of Win- dows Server 2012 Foundation, refer to “Introduction to Windows Server 2012 Foundation” at http://technet.microsoft.com/en-us/library/jj679892.aspx . ■ Windows Server 2012 R2 Essentials: A step up from the Foundation edi-
tion, this edition works well on small networks of up to 25 users and 50 devices. This version provides preconfigured connectivity to cloud-based services, but no virtualization rights are included. Windows Server 2012 R2 Essentials adds many new and enhanced features, including improved capabili- ties for server deployment, client deployment, user and group management, storage management, data protection, BranchCache, integration with Office 365, management of mobile devices, restoration of client computers, manage- ment of remote web access, and integration with Microsoft online services. For more information, refer to “What’s New in Windows Server Essentials” at http://technet.microsoft.com/en-us/library/dn303448.aspx .
NOTE As this Cert Guide was in the final stages of preparation, Microsoft intro- duced Windows Server 2012 R2 Update, which is made available to all server users via Windows Update. As well as a cumulative roll-up of all security updates and bug fixes, Windows Server 2012 R2 Update provides a series of user enhance- ments, including the following:
■ Enterprise Mode for Internet Explorer (EMIE): Improves compatibility
with server line of business applications.
■ Active Directory fix for Office 365: Enables users to sign-on using an
Office 265 email address, and provides a user experience parallel to that of Windows 8.1 Update.
■ User interface improvements: On an installation using the full GUI, a
search and power button have been added to the Start screen.
Enhancements and improvements introduced with Windows Server 2012 R2 Update are not discussed elsewhere in this Cert Guide. For more information on Windows Server 2012 R2 Update, refer to “Windows Server 2012 R2 Update is now available to subscribers” at http://blogs.technet.com/b/windowsserver/ archive/2014/04/02/windows-server-2012-r2-update-is-now-available-to- subscribers.aspx .
ptg14504686 ■ Windows Server 2012 R2 Standard: A robust, ideal platform for medium-
sized offices that are designed upon a physical or minimally virtualized envi- ronment. Two virtual instances are included.
■ Windows Server 2012 R2 Datacenter: The most robust edition of Windows
Server 2012, this edition provides all the capabilities for running a highly vir- tualized, cloud-accessible networking environment.
Windows Server 2012 R2 User Interface
Microsoft has provided several options for setting up the user interface that, in part, reflect the new interface features of the Windows 8 and Windows 8.1 client operating system. When you install Windows Server 2012 R2 (as we will discuss in Chapter 2 , “Installing and Configuring Windows Server 2012 R2”), you can choose between Server Core Installation and Server with a GUI .
First introduced in Windows Server 2008, Server Core is a stripped-down version of Windows Server 2012 R2 that does not contain any GUI, taskbar, or Start menu. After logging on, you are presented with a command prompt window, from which you perform all administrative actions. A Server Core computer uses less hardware and memory resources than a normal server but is able to perform most (but not all) of the roles that a normal server performs. Furthermore, a Server Core computer is more secure because it presents a smaller attack footprint than a normal server. In fact a Server Core installation uses about 4 GB less hard drive space for the operat- ing system files compared to the same installation in the Server with a GUI mode. You can use the command line, Windows PowerShell, or remote methods to admin- ister a server running in Server Core mode. You can also administer a Server Core computer from another server that is configured with the Server with a GUI option or from a Windows 8.1 computer with the Remote Server Administration Tools installed. Note that you must use the Windows 8.1 version of these tools; those that are included with previous versions of Windows don’t work with Windows Server 2012 R2.
NOTE For more information on Remote Server Administration Tools, refer to “Deploy Remote Server Administration Tools” at http://technet.microsoft.com/ en-us/library/hh831501.aspx .
ptg14504686 The Server with a GUI option in Windows Server 2012 R2 is equivalent to the
Full Installation option in Windows Server 2008 R2. If you choose this option, you have the following choices that reflect the appearance and functionality of the base server option:
■ Server with a GUI: This provides the standard GUI that includes the new Start screen based on the Windows 8.1 shell, but not the default apps that come with Windows 8.1 or the access to Windows Store. All server roles and features can be installed, and the Server Manager tool and Microsoft Manage- ment Console (MMC) snap-ins are fully functional. We provide more infor- mation on server roles and features later in this chapter.
■ Minimal Server Interface: Windows Server 2012 R2 enables you to remove the Server Graphical Shell. In this option, the Start screen, File Explorer, Internet Explorer 11, and the desktop are not installed. This option includes MMC snap-ins, Server Manager, and a subset of Control Panel applets. This mode requires about 300 MB less disk space than the complete Server with a