Both Windows Server 8 and 2012 offer many new improvements, but not all of them are created equal. This article highlights the top 5 Group Policy improvements in Windows Server 2012 including easy to monitor status reporting, new IE policies and more. Also, learn how Windows Server 8 brings changes to the areas of cloud, storage and networking..
Top Five Group Policy Improvements in Windows Server 2012
Within Windows Server 2012 beta (formerly known as the Windows Server 8 beta), there are over 4,560 group policies to play with. Additionally, there are usability improvements to Group Policy infrastructure and venerable Group Policy Management Console. Here are the top five areas to focus your research on as you test for compatibility and understand how Windows 8 client and server partners work together:
The Group Policy Update option within the Group Policy Management Console. Instead of issuing clunky command-line refresh commands, like gpupdate /force, on individual machines, you can graphically select organizational units on which to refresh Group Policy. This effectively means that because you can kick things off right from within the console, you don’t have to wait the hour and a half that it sometimes took for those refreshes to take place across a network. You can only target computers in organizational units, but the refresh itself will kick off a re-download of both the user and the computer portions of the group policy objects (GPOs) that apply to the given target. Behind the scenes, this option creates two scheduled tasks on each computer in the targeted organizational unit. For this to work, the domain controllers need to have access to create scheduled tasks on the computers, so firewalls on each system will need to be configured appropriately.
An easy-to-monitor status report about the Group Policy infrastructure on your Active Directory network. Within the Group Policy Management Console, there’s a new tab called “Infra Status.” (As a mechanical perfectionist, I’m hoping Microsoft will expand that unfortunate abbreviation, but I digress.) This information on this tab shows the status of Active Directory and Sysvol (using distributed file system replication services) replication for this domain as it relates to Group Policy. Previously, you had to look at the Sysvol status on each individual server and issues wouldn’t always bubble themselves up to the surface in an easyto-digest way. Because AD replication is key to getting Group Policy to apply correctly within your domain, this will end up being a very handy troubleshooting tool.
Group Policy-based management of the Setting Sync feature. New to the Windows 8 family is the ability for users to enable one Windows Live ID to tie together all of their documents, settings and so on via a cloud-based synchronization service a la Apple’s iCloud service. When users roam from one device to another, by entering their ID, preferences and files are available to them just like on other devices; picture this as a giant roaming profiles service that works across security boundaries. Of course, corporate administrators will be wary of allowing many personal preferences to enable themselves on company machines, and there are seven new GPOs in Windows Server 2012 to control this feature. The Group Policy settings for the Setting Sync options are located in Computer Configuration > Administrative Templates > Windows Components > Settings Sync.
New Internet Explorer policies. You can now manage policy preferences for Internet Explorer 9 directly from the Windows Server 2012 Group Policy Management Console. Other new IE capabilities include disabling the password reveal (new to Windows 8 and IE 10), requiring that Enhanced Protected Mode be used (this forces Internet Explorer to run in 64-bit mode), preventing ActiveX controls from running in lesser security contexts in Enhanced Protected Mode and disabling the Windows 8 “Delete Browsing History on Settings” charm, among others.
Windows 8 and Metro-specific GPOs. You can customize the behavior of some of the new features in Windows 8, like disabling the lock screen, turning off PIN logon, turning off picture password logon, customizing how the default Metro app packages are deployed and enabled, using certain colors for the Start screen background, turning off tracking of app usage, disabling access to the Windows 8 App Store and customizing how Windows to Go behaves.
Windows Server 8 Brings Changes, Improvements
Windows Server 8 features a laundry list of new technologies, significant enhancements and much more. One of the most notable changes is how Microsoft is looking to embrace the cloud; Server 8 offers enhancements that are certain to make federation of cloud services much easier and also adds significant support for private and hybrid cloud technologies.
From a technical perspective, many of those enhancements tie directly into Microsoft’s virtualization platform, Hyper-V, which has become the basis for much of the technology foundation for Windows Server 8. Hyper-V has been re-engineered to offer more automation, easier provisioning and better isolation.
What’s more, Microsoft’s new management paradigm brings simplicity to virtualization that was often absent from previous versions of Windows Server and Hyper-V.
Simplicity and ease of use/management is a key theme, demonstrated by how easy it is to move instances of virtualized operating systems across hosts, as well as create resiliency policies and provision IP addresses. Microsoft has embraced an ideology of “it just works” with Windows Server 8; one path the company has taken to reach that goal is to divorce the GUI management console from the server.
In other words, Windows Server 8 is designed to be managed from an administrator’s endpoint, and not on the server itself. That management methodology offers several advantages. For example, Microsoft was able to demonstrate the ability to concurrently manage multiple servers from the new server manager console. Since the console runs on an endpoint, it can be attached to several servers at once, eliminating the monolithic style of management used in the past.
What’s more, Microsoft is fully embracing the command line interface (CLI) with PowerShell, which sidesteps the management GUI altogether. PowerShell allows administrators to forgo the GUI and execute commands and scripts directly from a command prompt. In fact, PowerShell 3.0 has exploded from 300 cmdlets to more than 2,300 and is one of the core management engines of the OS. Most commands use plain English syntax and are backed by context-sensitive help that readily explains each command’s function and how to use it. Simply put, tasks that were once complicated to pull off using a GUI can now be accomplished in one or two simple steps.
The same ideology of simplicity that has been applied to virtualization and management is also a significant theme in how Microsoft has tackled storage. Here, storage has been reinvented to incorporate virtualization, as well as improved abstraction from the underlying hardware. In layman’s terms, that means most forms of storage, be it local, NAS, JBOD and so on, can be treated the same from the standpoint of the server. Microsoft has made that possible by creating two new paradigms for storage on Windows Server 8, Storage Pools and Storage Spaces.
Storage Pools and Storage Spaces offer ways to easily manage a huge array of storage devices, which often come in varying types and sizes. The secret sauce here consists of storage virtualization teamed with hardware abstraction and storage aggregation. Simply put, Storage Pools are units of storage aggregation that provide administration and isolation, while Storage Spaces give virtual disks performance, resiliency and simplify storage provisioning.
In practice, the technology offers the ability to create storage spaces that aggregate separate individual storage devices into a single unit of storage, and then provision and divvy up that storage space as needed. The obvious use for the technology is for virtual machines, which need flexible and elastic storage to meet demand. What’s more, the technology simplifies management of disparate storage types, while providing the ability to scale from the SMB up to large enterprises.
Speed, space, utilization and efficiency are the primary elements Microsoft stresses for its new take on server storage. One technical example that stresses all of those points is the inclusion of de-duplication technology. Microsoft’s Data Deduplication is designed to deal with the growing demand for physical storage, which seems to be increasing exponentially in the enterprise. Microsoft’s stab at de-duplication works to reduce file storage sizes by removing duplicate data from the physical hard disk and then abstracting the requests to that data.
Microsoft uses a straightforward approach to de-dupe files; take for example an environment where dozens of VHD (virtual hard disk) files are stored. Many of the files on those VHDs are identical copies of each other, such as .dlls, .exes and so on. Data de-duplication removes all the redundant copies of those files from all of the VHDs, save one. The redundant data is placed into a separate store in System Volume Information (SVI), and then a marker is created which points to the file that serves as the template. When used across thousands of files in a storage network, vast reductions in storage space should be expected.
Other improvements to the storage subsystem include enhancements to cluster shared volumes (CSV) and expansion beyond Hyper-V, Bitlocker support for shared cluster disks, cluster-aware updating, SMB2.2 storage support, and continuously available Hyper-V storage on remote SMB2.2 shares. All told, Microsoft has evolved Windows Server into a network operating system that embraces the cloud and reduces the need for third-party solutions, such as virtualization, dedupe, storage management and so on. Time will only tell if Windows Server 8 will have the impact on the market that Microsoft is anticipating and if the technologies demonstrated during the pre-beta stage will actually make it into the shipping product, which may be a year away.