Microsoft has been putting in more and more effort to secure their systems in the time since the old Windows NT days. In this article we will focus on the new advanced features that they have introduced in their latest version – Windows Server 2012.
Dynamic Access Control
Dynamic Access Control is a new feature designed to help you control and audit wanted and unwanted access to your network shares. When any sensitive information on your file server needs a special kind of protection, you can easily tag it. You can tag a single file or a large amount of information where tags are inherited in a way similar to NTFS permissions. The access to these tagged resources can be given based on not only the user and its group membership information, but also on different active directory attributes (claims), such as Country, for example. Once you’ve identified the sensitive information and you’ve issued claims to control the access to it, you can easily manage the permissions centrally through central Access policies. Dynamic Access Control takes you even one step further. You can use Rights Management services to encrypt sensitive Office files so that they are encrypted when they leave the organization’s network.
We know BitLocker from Windows Vista and Windows Server 2008, but it had all kinds of limitations in those versions. Now, in Windows Server 2012, BitLocker is finally a really useful tool.
One of its new cool features is called network protector mode, which gives you the ability to unlock encrypted disks located all over your network as long as they belong to an Active Directory joined server. Another significant change is that the new BitLocker can encrypt disk drives even before the Windows installation. It also allows a standard user to change BitLocker PINs and passwords so that less administrative help is needed. And the most important thing about the new BitLocker: it only encrypts the used drive space. This way, it becomes much faster.
UEFI and Secure Boot
Windows Server 2012 allows you to install the operating system in a more secure manner if the hardware supports UEFI (Unified Extensible Firmware Interface). UEFI is a substitute for the still commonly used BIOS firmware. While you can still install Server 2012 on BIOS, UEFI gives you more features, such as Secure boot, faster boot time, and the ability to boot from disks larger than 2 TB (terabytes). So make sure that you use UEFI in case your hardware supports it.
The Secure boot feature that UEFI unlocks helps your system protect itself from unsecure firmware, drivers, and operating systems. It can prevent them from running during boot time. This drastically reduces the risk of rootkits and boot viruses taking over control of your system.
There’s no doubt there will be even more interesting features in the next Windows versions. But we all have to wait to see them…