blog_windows_server_2016_GA_SQThe new Microsoft’s server operating system is finally here, and we’ve prepared a list of the most important new features, including the ones you won’t find on other blogs.

The newest release of Microsoft’s server operating system, Windows Server 2016, hit general availability on September 26th, along with System Center 2016. We’ve been hearing about new and improved things coming in Windows Server 2016 for months, so you most probably know about the container support and the improved security and networking tools. Maybe you’ve even used some of them in the technology preview versions.

But in case you’ve been holding out for GA, or your working day consisting of endless tickets simply doesn’t allow you to find time to tryout betas and technology previews, we’ve prepared a closer look at the top 10 features in Windows Server 2016 that every sysadmin needs to know about.

The next evolution of Server Core – Nano Server, is an even more thinned down version of Windows Server 2016. A Nano server must be managed remotely and can only run 64 bit applications, but it can be optimized for minimum resources, requires far less patching, restarts very quickly, and can perform a number of specific tasks very well with minimal hardware.

Good uses for Nano Server include IIS, DNS, F&P, application servers, and compute nodes. So if you liked Server Core, you will love Nano; and if you never really understood Server Core, you should give Nano a chance, especially if patching and downtime are challenges in your 24×7 shop.

Windows Server 2016 comes with PowerShell 5.0, a part of the Windows Management Framework 5.0. There are many improvements in PS5 (you’ll find a complete list in this blog post), including support for developing your own classes, or a new module called PackageManagement, which lets you discover and install software packages on the Internet.

The Workflow debugger now supports command or tab completion, and you can debug nested workflow functions. To enter it in a running script you can now press Ctrl+Break, in both local and remote sessions, and also in a workflow script. And PS5 now runs in Nano server directly, so administration of this lightweight server platform is made even simpler.

Windows Server 2016 offers two kinds of containers to improve process isolation, performance, security, and scalability. Windows Server Containers can be used to isolate applications with a dedicated process and a namespace, while Hyper-V Containers appear to be entire machines optimized for the application.

Windows Server Containers share a kernel with the host, while Hyper-V Containers have their own kernel, and both enable you to get more out of your physical hardware investments. On top of this, Microsoft announced that all Windows Server 2016 customers will get the Commercially Supported Docker Engine for no additional cost, enabling applications delivered through Docker containers to run on Windows Server on-premise installations or in the cloud, on Azure.

WS2016 brings some huge improvements to Active Directory, security, and identity management, such as Privileged Access Management (PAM), restricting privileged access within an existing Active Directory environment. In this model you have a bastion forest, sometimes called a red forest, that is where administrative accounts live and which can be heavily isolated to ensure it remains secure. Just-in-Time administration, privileged access request workflows, and improved audition are all included, and best of all – you don’t have to replace all of your DCs to take advantage of this.

“Just Enough Administration” is a new capability in Windows Server 2016 that enables administrators to delegate anything that can be managed through PowerShell. Do you have a developer who needs to be able to bounce services or restart app pools on a server, but not log on or make any other changes? With JEA you can give him or her exactly those abilities, and nothing more. Of course, you may have to write some PS1s to let them actually do that, but the point is that now you can.

Customers who want to set up highly-available RDS environments, but not go to the trouble and expense of setting up HA SQL, can now use an Azure SQL DB for their Remote Desktop Connection Broker, making it both easier and less expensive to set up a resilient virtual desktop environment.

The RD Connection Broker can now handle massively concurrent connection situations, commonly known as the “log on storm”, and it has been tested to handle more than 10k concurrent connection requests without failures.

Software-defined storage enables you to create HA data storage infrastructures that can easily scale out, without breaking the bank. With software defined storage, even SMBs can start to take advantage of high availability storage with the existing budgets.

Three new features take over the stage: Storage Spaces Direct enables you to combine commodity hardware with availability software, providing performance for virtual machines, Storage Replica replicates data at the volume level in either synchronous or asynchronous modes, while Storage QoS guards against poor performance in a multitenant environment.

If you have set up an NTP server on your network, or subscribed to NTP services from an NTP pool, you know how important accurate time can be. Typically, Windows environments were less worried about accurate time, and more concerned with a consensus of time, with a five-minute drift being acceptable.

Now in Windows Server 2016, the new time service can support up to a 1ms accuracy, which should be enough to meet almost all needs – if you need more accuracy than that, you probably own your own atomic clock.

Immensely valuable in a virtualization environment, software-defined networking enables administrators to set up networking in their Hyper-V environment similar to what they can in Azure, including virtual LANs, routing, software firewalls, and more.

You can also do virtual routing and mirroring, so you can enable security devices to view traffic without expensive taps.

There are so many security improvements in Windows Server 2016 that we could do an entire post just on that, which, as a matter of fact, we will in the coming weeks. For now, be aware that WS2016 includes improvements to protect user credentials with Credential Guard and Remote Credential Guard, and to protect the operating system with Code Integrity, with a whole host of improvements with virtual machines, new antimalware capabilities in Windows Defender, and much more.

As stated on the Windows Server team’s blog post announcing the new version, Windows Server 2016 is immediately available for evaluation, and will be available for purchase with the first October price list, while volume licensing customers will be able to download fully licensed software at General Availability in mid-October.

Watch out for new posts on this blog for more information on Windows Server 2016, as we will take a deeper dive into some of the most significant features for SMB organizations, as well as a much closer look at the security improvements in the next few weeks. You can subscribe here and get the new blog post announcements directly in your inbox.

Until then, please leave a comment below and let us know what feature you find most interesting or have been particularly looking forward to.

You may also like:

  • New Microsoft licensing models bring new software bundles to enterprises
  • The top 23 Cmd-line tools on my computer, and where…
  • Troubleshooting the top 22 Exchange issues

GFI Blog

Banking customers are hesitant to use mobile features due to fraud and security concerns, according to Kaspersky Lab and IDC Financial Insights. Their findings show that of those not using mobile banking at all today (36 percent), 74 percent cited security as the major reason, which could slow the overall adoption of mobile banking services during a time where mobile device usage is exploding.

banking customers

While security concerns are holding back non-mobile banking users from embracing the convenient, digital self-service solutions on the market, those who are active users of mobile banking today also share the same concerns. Of both, users and non-users of mobile banking, 85 percent said that they would increase their usage to “some extent” if there was more security and nearly half (44 percent) of those surveyed said that they would “significantly” increase their mobile banking usage with more security.

For financial organizations, an increase in self-service banking usage can drive revenue and reduce transactional costs, but currently customers don’t see a promising future for mobile banking in their lives – with 32 percent of respondents claiming that they do not ever foresee using mobile as the primary channel that they will engage with their bank or credit union. Banks that do not properly strengthen mobile financial security measures could miss out on a significant business opportunity and risk losing valuable customers in the process.

As financial institutions look for new ways to streamline adoption of self-service banking solutions, it is important that they proactively deploy and implement rigorous security solutions. In addition, banks should also reconsider their education strategies to ensure that customers understand the level of security in their mobile offerings. Survey Respondents want to see a proactive and informative approach to security from their banks with 80 percent indicating that they would like to see evidence of security measures being activated when they launch a mobile banking application.

“Consumers are concerned about security on their mobile devices, which has limited adoption of high margin mobile banking and payment activities including account opening, payments and transfers using a mobile phone.” Says Marc DeCastro, research director IDC Financial Insights. “As the next generation of online, mobile first and mobile only customers begin to explore digital banking choices, financial institutions that have and promote stronger security will attract and retain these customers more easily than those who do not.”

“As financial organizations continue to expand their self-service offerings to drive revenue and increase customer convenience, it’s important to proactively approach security technology for consumers’ mobile devices in the same way banks approach security for their own PC-based solutions, web offerings, and technology networks,” said Ross Hogan, Kaspersky Lab Global Head of Fraud Prevention.

Help Net Security

blog_windows10au_sysadminIf you’re a well-informed system administrator, you have already heard about many of the new features the Anniversary Update brought to Windows 10. We’ve highlighted 10 of them which you can actually use for your sysadmin job, and you won’t find these in mainstream media reports.

It’s hard to believe that it has been a year since Microsoft released Windows 10 to General Availability, probably because most of us have been running an early release or CTP version of 10 for a lot longer. But with the one-year anniversary, two things have happened. The free upgrades have come to an end, and the anniversary release, known as RedStone 1, is out and coming to a PC or a tablet near you.

Marked as build 1607, or more specifically as Version 10.0.14393, RS1 includes several new features to make Windows 10 even better for end users and the enterprise. Here are ten of the newest features included in RS1 for you to consider when looking at whether to upgrade or not.

It’s easier to deploy

A lot of the work that went into RS1 was focused on making it easier for admins to deploy. Here’s what you can look forward to on the deployment front.

Windows Imaging and Configuration Designer (ICD)

The ICD can be installed within RS1 as a standalone component, though you could install it in the original release by deploying additional components from the Assessment and Deployment Kit. The ICD includes workflows to automate packages for

  • Basic provisioning of domain-joined machines
  • Advanced provisioning, including the ability to deploy applications, certificates, et al.
  • Classroom/lab provisioning scenarios

You can find out more about Windows 10 provisioning using the ICD at https://technet.microsoft.com/en-us/itpro/windows/deploy/provisioning-packages

Upgrade analytics

Using Windows Telemetry, you can now gather detailed information about your Windows 10 deployments to identify trends, compatibility issues, hardware shortcomings, etc. Using upgrade analytics, you can easily identify your pilot and production users for your upgrade to Windows 10 RS1, as well as to identify those machines that would have application issues or other problems. You can read more about this at https://technet.microsoft.com/en-us/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics

It’s easier to manage

Centrally managing your desktops, whether through Group Policy or gold builds, is critical to ensuring a uniform experience across shared computers, and to make it easier for the helpdesk to deal with end users. RS1 includes some great new features to make this easier for admins to do.

Taskbar configuration

Admins can now manage the taskbar, pinning or unpinning apps, setting specific apps in a particular order, and more. This will prove very useful for kiosk or shared computers, as well as customizing the corporate build. See how at https://technet.microsoft.com/en-us/itpro/windows/manage/windows-10-start-layout-options-and-policies

Shared PC mode

And speaking of shared computers, RS1 has an actual shared PC mode, designed for kiosk, hoteling, customer access, and other scenarios where multiple users must use the same PC. See how to set this up and all the setting focused on making a shared PC easier to use and manage at https://technet.microsoft.com/en-us/itpro/windows/manage/set-up-shared-or-guest-pc

User Experience Virtualization (UE-V)

Especially useful in scenarios like shared PCs, hoteling space, and non-persistent virtual desktops, UE-V helps users to keep their customizations, without all the baggage of a roaming user profile. If you have users who could benefit from this, see https://technet.microsoft.com/en-us/itpro/windows/manage/uev-for-windows for more on how to set up UE-V.

Remote Desktop to AAD joined machines

BYOD continues to grow, and many companies are letting users work from home on their personal computers, or having contractors and external consultants use their own computers rather than issuing them a domain-joined corporate device. There are a lot of features in Microsoft’s Azure Active Directory that can help admins to secure and manage systems that cannot be domain-joined, and in RS1 the ability to remote into these AAD joined machines makes it easier to provide remote support.

MDM with CSP

Adding on to this, remote Windows 10 machines can be managed with new mobile device management, including configuration service providers. You can now sideload apps, configure VPN profiles, and more. See https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056%28v=vs.85%29.aspx#whatsnew_1607 for more on what is new in RS1.

It’s more secure

Of course, nothing is more important that security, and RS1 brings new security features as well.

Isolated User Mode

Credential Guard and Device Guard can take advantage of Isolated User Mode, which is now included in Hyper-V, and no longer requires an additional install.

Windows Hello for Business

Adding to the very popular Windows Hello, Passport and Hello have merged into a single product, making it easier to deploy and manage. Enhancing this, Group Policy can now be used to manage Hello in both User and Computer configurations, making it easier for admin to support more scenarios. See https://technet.microsoft.com/en-us/itpro/windows/keep-secure/manage-identity-verification-using-microsoft-passport for more.

Windows Defender and Advanced Threat Protection

Bringing even stronger anti-malware solutions to RS1, Windows Defender has a number of new capabilities. There is an offline mode that can be used without having to boot from external media, PowerShell cmdlets to assist with automated scripting, a “Block at First Site” to help protect against near zero-day attacks, and more.

Add in Advanced Threat Protection for even more protections, which includes

  • Endpoint sensors within Windows 10
  • Analytics that leverage a number of big-data sources, including Office 365, Bing, Smartscreen, and more
  • Threat intelligence that leverages both Microsoft and partner ecosystems to quickly identify and block new attacks

You can read more about this at https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-defender-advanced-threat-protection

For enterprises still on Windows 7 or 8.1, these are ten very good reasons to go ahead and start your migration to Windows 10. For those of you already on Windows 10 at home, check for updates now, as you may already have Windows 10 RS1 available for your devices. And if you’re running Windows 10 at work, get started with the upgrade analytics now so you can get RS1 out to your users with as little effort as possible.

If you’re looking for additional help (or motivation) for the migration process, Microsoft has created a comprehensive guide for Windows 10 deployment, which you can find here.

You may also like:

  • Happy Anniversary Windows 10
  • How to get the most out of Resource Monitor in…
  • The top 10 IT tools every power user should have…

GFI Blog