Longhorn Offically Windows Server 2008

By Steven Warren

(Back to article)

This week I received a copy of Windows Server 2008, (formerly Longhorn Beta 3) at Tech-Ed 2007 in Orlando, Florida and I wanted to briefly share some of the enhancements the next major version of Windows Server has to offer.


The installation of Windows Server 2008 has been simplified and it mirrors the Windows Vista installation in ease of use: several screens, about an hour and I was booting into Windows Server 2008.

Once the installation of Windows Server 2008 is complete, you’ll notice an Initial Configuration Tasks window. In Windows 2003 Server, you had a similar screen that allowed you to download updates, specify an administrator password, and allow inbound traffic to your server.

In Windows Server 2008, this is taken much further. On this window, you can specify an Administrator password, time zone settings, networking, download updates, configuration of your firewall, and server role customization.

In Windows Server 2008, a role is defined as what primary purpose the server is being created for. For example, if you turn on the Domain controller role, this server will be a Domain Controller. You can have multiple roles as well. You could turn on the Domain Controller role as well as the DHCP serve role. It all depends on the requirements of your infrastructure.

Windows Server 2008 offers you a vast amount of roles but you have the flexibility to choose only the roles that apply to your organization. Examples of roles include: Active Directory (AD) Certificate Services, AD Domain Services, Application Server, DHCP server, DNS Server, Fax Server, Web Server, Terminal Server, and a host of others.

By choosing only the applicable roles, you have a slim, streamlined Windows server running which increases security and decreases risk.


From a security perspective Windows Server 2008 includes Network Access Protection (NAP). The NAP engine ensures that workstation computers that connect to your network meet minimum computer defined requirements set forth in the security policy your administrator creates.

For example, a virtual employee visits corporate HQ for the first time in four weeks with his laptop. When he hooks up to the network, he is required to update security and critical windows patches before connecting to the network. Until all this work is done, the laptop via NAP can be quarantined or denied access completely until the computer meets the minimum health requirements.

In a perfect world, all domain controllers would be in a single server room with unlimited bandwidth and power with constant surveillance. We do not live in this world and in many corporations there are quite a few satellite or branch offices throughout the country or world. In Window Server 2008, you can configure Read-Only Domain Controllers (RODC).

An RODC is a domain controller that you could install at a remote location and its sole purpose is to host a read-only copy of your Active Directory (AD) database. This method gives you peace of mind in not having to worry about the physical security of a domain controller hundreds or thousands of miles away. The RODC holds a minimal set of information and all changes made must come from a domain controller with full control that replicates to the RODC.

For example, a major car dealership could have all of their domain controllers in corporate headquarters and put an RODC in every dealership location throughout the country instead of the current common practice of a full-control domain controller. I am really excited about this feature in Windows Server 2008.

Windows Server Core

When installing Windows Server 2008, you can do a full installation or perform a Windows server core installation of the product that is new in 2008. I think this is very cool and will be used in many organizations. It allows for a lean, mean running Windows machine. There will be a learning curve and it requires configuration via command line after installation.

The Windows Server Core installs the minimum environment necessary to run the specific role you have in mind. If your server is going to just be a DHCP server, you can configure the role to just be a DHCP server and only a DHCP server.

After installing Windows Server Core and booting up, all you get is a command line box and a minimum user interface (UI). With a Windows Server Core installation, you get none of the following: desktop shell (aero, wallpaper, etc.), CLR and .NET Framework, MMC console or snap-ins, start menu, control panel, Internet Explorer, Windows Mail, WordPad, Paint, Windows Explorer, run box, etc. It is bare bones.

You do get the kernel and that is all you need. It allows you to have a very secure deployment of a specific role of Windows.

For all of your imaging and deployment needs, Remote Installation Services has been updated and renamed Windows Deployment Services and is a role that can be configured in Server Manager. When configured, you can deploy Windows operating systems without being physically present at the computer in question or needing media. It is very worthwhile to take a look at this feature if you are spending money with third-party tools that may no longer be necessary.


There are new tools available to make life easier as you manage Windows on a day-to-day basis. Windows Server 2008 provides you with a new MMC console called Server Manager where you can manage your roles, features, and server status. Microsoft even included a command line utility if you prefer that method of management.

Microsoft also introduces Powershell in Window Server 2008; it is a command line shell designed for IT Administrators. With Powershell you can basically write a script for any task in Windows Server 2008.


Internet Information Services (IIS) 7.0 has been completely rewritten and will debut in Windows Server 2008. IIS is now broken down into modules. You can take any one of these modules and break them down further by plugging or unplugging them as well as extending them or simply ripping the code out and not using them at all.

In other words, you can turn on or turn off any module in IIS whenever you want. For example, if you do not use basic authentication in your websites, you can simply remove the code quickly and simply. Furthermore, if your application does not take advantage of common gateway interfaces (CGI), simply remove that specific component.

Now when you deploy a brand new webserver, you can choose what components you want and only run those components. This allows you to secure IIS further and gives you a huge performance boost enabling IIS to run much faster than it ever has before.

Windows Management Instrumentation (WMI) is also being widely used in IIS 7, making it easy to manage IIS 7 via WMI. Simply put, it allows you to manage IIS from a set of scripts that you create. There is a lot of automation that can be done with IIS 7.0 via WMI. IT administrators will welcome the enhancements.

In IIS 7, you do not need to be a machine administrator to perform basics tasks. You have the ability to make specific people website operators on a machine and give them the appropriate tasks to do their job without elevating their privileges. All of these tasks are now handled by the new IIS 7 Web-admin tool that replaces the existing MMC snap-in. This tool takes care of all of your administrators needs and is where they will manage their IIS 7 web servers.

The last feature I am going to talk about is the web.config file. This is where all information that is input in the Web admin tool is stored. You could edit this file manually, if your IT administrator does not want to use the Web admin tool. They could put this web.config file on a file server to by accessed by multiple servers in a cluster.

Terminal Services

Microsoft is moving in on Citrix territory even more as they now introduce the following components: Terminal Server Gateway, RemoteApp, and Terminal Services Web Access. Terminal Server Gateway allows remote user’s access to Terminal Servers through your perimeter firewall. RemoteApp allows you to publish applications on a Terminal Server as opposed to an entire desktop. Finally, Terminal Server Web access provides you with a portal to access application and/or desktops.

I know many clients that have completely moved away from Citrix to save on license costs due to the fact that Terminal Services offers such a robust amount of functionality.


Microsoft Virtual Server will become embedded in Windows Server 2008. It will be renamed Windows Server Virtualization and I suspect it will be a role that you will be able to turn on in the Server Manager MMC console. You will be able to manage virtual machines via the Virtualization Management Console for a specific server.

If you are a large organization, you can take advantage of System Center Virtual Machine Manager to manager hundreds of virtual machines from one console. It was just a matter of time before Microsoft decided to roll up the virtualization technology inside Windows Server.

Until now, Windows Server 2008 hasn’t impressed me very much. But, in this release, it seems Microsoft has stepped up their game and shown us a good set of features to come. For many people, just having virtualization embedded in the product will be a good case to upgrade due to server consolidation and the push to “go green" in the data center. I am very impressed with what I have seen so far and Windows Server 2008 will be much more feature complete than Windows Vista.

Ultimately, though, Windows Server 2008 is still evolving but this should be a good starting point for what it has to offer. This is the first public release of Windows Server 2008 and is available for preview here. Take a look at it firsthand. Afterall, how often can you download Microsoft software for free?

Steven Warren is an IT consultant for the Ultimate Software Group and a freelance technical writer who has been a regular contributor to TechRepublic, TechProGuild, CNET, ZDNET, DatabaseJournal.com and, now, CIO Update. He the author of "The VMware Workstation 5.0 Handbook" and holds the following certifications: MCDBA, MCSE, MCSA, CCA, CIW-SA, CIW-MA, Network+, and i-Net+.