Changes in Server Role Security in Windows Server 2008 R2

Applies To: Windows Server 2008 R2

This product evaluation topic for the IT professional lists security considerations, improvements, and new security features for server roles that are available in Windows Server 2008 R2. The following table of security changes and features provides an overview and resources for each server role available in Windows Server 2008 R2.

Server role	Security-related changes	Additional resources
Active Directory Certificate Services	The Certificate Enrollment Web Service has been added to allow enrollment via HTTP. The Renew on Behalf Of feature has been added.	What's New in Active Directory Certificate Services
Domain Name Services	The DNS server and client use Domain Name System Security Extensions (DNSSEC) so you can sign and host DNSSEC-signed zones to provide security for your DNS infrastructure.	What's New in DNS
Remote Desktop Services	There are no significant security-related changes.
Network Access Protection	The status of Network Access Protection (NAP) can now be viewed from the System and Security item in the Control Panel.	What's New in Network Access Protection
Distributed File System	Read-only domain controllers have read-only SYSVOL folders that prevent users or administrators from altering files in the folder. Read-only replicated folders have been added to prevent users from adding or changing files. You can use the DFS Management snap-in to enable access-based enumeration for a Distributed File System (DFS) namespace.
Failover Cluster	There are no significant security-related changes.	What's New in Failover Clusters
Active Directory Domain Services	The Authentication mechanism assurance feature has been added to control access to resources, such as files, folders, and printers, based on whether the user logs on with a certificate-based logon method and the type of certificate that is used for logon.	What's New in Active Directory Domain Services
Group Policy	There are no significant security-related changes.	What's New in Group Policy
Web Server (IIS)	Request filtering has been added to allow you to restrict the types of HTTP requests that Internet Information Services (IIS) will process.
Network Policy Server	There are no significant security-related changes.	What's New in Network Policy Server (NPS)
Networking	The Direct Access feature has been added to provide remote, Internet-connected users with access to your organization network resources without using gateway technologies such as virtual private network (VPN) or Terminal Services.	What's New in Networking