Server Core :
With Server Core Microsoft brings back the first time since MS-DOS operating system on the market, without the graphical user interface manages a large extent. It is however not a standalone product, but merely a specific installation option of Windows Server 2008th At the beginning the server installation, the administrator has the option to choose between the standard edition of Windows Server 2008 and Server Core. This reminds a little of the installation process for some Linux distributions. However, there is still a very significant difference: While in Linux X-Windows can not set up later, this is not in Server Core provides. Nor is it possible, a default installation of Windows 2008 Server Core convert.
Besides the GUI Server Core also missing device drivers that a server environment usually does not need to be in. The number of server services in comparison to the standard output approximately halved and server roles and features are all not available. After installation settings are the usual configuration work (network, domain connectivity, firewall, etc.) to carry out the command line. Even experienced Windows administrators need to learn here practiced handles brand new. Administrator from the UNIX world will feel, however, under Server Core alien. However, many commands are not as elegant as some on Linux. The reference to a DNS server is Server Core, for example, with the following long command configured under:
netsh interface ipv4 set dnsserver "Local Area Connection" static DNS IP
If the first basic configuration work completed, but Server Core is like any other Windows server remote management are also standard graphical tools with the. The configuration of Group Policy and Windows Scripting Host (WSH) is also possible. Amazingly, PowerShell is not supported by Server Core. Microsoft's powerful new shell and scripting language would have been just under Server Core very helpful. PowerShell is on .NET Framework relies, also under Server Core is not available for rumors to follow is a stripped down .NET version in the works. In the long run then what PowerShell can be used under Server Core.
Strengths and weaknesses :
Plus -
- Reduced resource consumption. In the test made with 512MB of RAM to work well with Server Core. Server Core takes on the hard drive in comparison to the standard output after a new installation at all, only a third of the place.
- Increased security since the attack surface is significantly lower.
- Reduction of bureaucracy, because the operating system to be updated less frequently and are therefore less likely to also start from scratch.
- Shorter boot times
Minus -
- Some complicated commands that require training phase.
- For many configurations, the administrator must directly access the Windows Registry, which paralyze the risk of the server by a misconfiguration, increased significantly.
- Limited to a few tasks.
- Graphical user interface can not re-install
- Most sets available on Windows applications require an environment with a graphical interface. Not use running under Server Core. Even those applications that would be possible to manage via the network using graphical tools can, often under Server Core has accordingly not be used because the installer requires a graphical interface.
Read Only Domain Controller (RODC) :
The most interesting new feature in Active Directory RODC is the Read Only Domain Controller (), an n-type your domain controller that has a one-way link to other domain controllers is limited to. An RODC performs a copy of the directory service database, but is not able to replicate changes to other DCs. Applications that write access to the Active Directory must be expelled from the RODC to a domain controller with write permission. Most read requests to the directory service can work independently of the RODC. Used to be RODCs in locations where physical access to a server by unauthorized persons can not be prevented without further. Such servers are particularly vulnerable because it is easy to overturn the security mechanisms of Windows when you start from an external medium to another operating system to access the system partition. But should an attacker to manipulate the directory database to a physically compromised server, when using a RODC excluded that the changes are applied system-wide in the directory.
But even if the attacker only gets read access to the directory database, this represents a significant risks for the corporate network, particularly the passwords of the users are at risk, even if encrypted or only the hash values are stored. So you can store passwords to prevent the principle RODCs. The disadvantage of this method is that logging on to an RODC is only possible if a full-fledged domain controllers for authentication is available.
An RODC still has more features that will also enhance security. Example, it is possible to set up a domain identifier, the administrative rights on the RODC has, however, no changes in the domain can make. For pure member servers, a system administrator could always work with a local administrator ID, which limited his rights to the respective server. An administrator who will manage a domain controller, Windows Server 2003 must be a rule but a member of the group of domain administrators. At least on an RODC, it is now possible with Windows 2008 to transfer the administration an administrator at the site working, without having to admit this but have rights in the domain. Another factor of safety on Windows 2003 is the DNS service when he domain controller in a poorly protected site is installed on one. Manipulation of the DNS can serious malfunctions in the entire domain cause. Therefore supports a DNS server that runs on an RODC, no dynamic updates. That is, Windows clients that want to self-register on DNS itself must detour through a full DNS server to go. The DNS service on an RODC will ensure that the clients appropriate DNS server to be forwarded to one.
Bookmarks