Windows server – Sempati Kopek Oteli http://www.sempatikopekoteli.com/ Mon, 15 Nov 2021 19:06:46 +0000 en-US hourly 1 https://wordpress.org/?v=5.8 http://www.sempatikopekoteli.com/wp-content/uploads/2021/11/icon-30-120x120.png Windows server – Sempati Kopek Oteli http://www.sempatikopekoteli.com/ 32 32 New Emergency Updates from Microsoft Fix Windows Server Authentication Issues http://www.sempatikopekoteli.com/new-emergency-updates-from-microsoft-fix-windows-server-authentication-issues/ Mon, 15 Nov 2021 09:35:02 +0000 http://www.sempatikopekoteli.com/new-emergency-updates-from-microsoft-fix-windows-server-authentication-issues/ Microsoft has released out of band updates to resolve authentication failures related to Kerberos delegation scenarios affecting domain controllers (DCs) running supported versions of Windows Server. On affected systems, end users cannot sign in to services or applications using Single sign-on (SSO) in on-premises Active Directory or Azure Active Directory hybrid environments. These issues affect […]]]>

Microsoft has released out of band updates to resolve authentication failures related to Kerberos delegation scenarios affecting domain controllers (DCs) running supported versions of Windows Server.

On affected systems, end users cannot sign in to services or applications using Single sign-on (SSO) in on-premises Active Directory or Azure Active Directory hybrid environments.

These issues affect systems running Windows Server 2019 and earlier, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.

The emergency updates address “a known issue that could cause authentication failures related to Kerberos tickets you acquired from Service for User to Self (S4U2self),” a Microsoft announcement said on Sunday.

“This issue occurs after you install the November 9, 2021 security updates on domain controllers (DCs) that are running Windows Server.”

The full list of out of band updates Microsoft released over the weekend includes:

How to Deploy OOB Updates

You will not be able to install these emergency updates through Windows Update, nor will they automatically install on affected domain controllers.

To download the standalone update package, you will need to search for them in the Microsoft Update Catalog (you can also use the download links available above).

You can import this update into Windows Server Update Services (WSUS) manually using the instructions available in the Microsoft Update Catalog.

When Microsoft confirmed these issues on Thursday, the company said that users might see one or more of the following errors on affected systems:

  • Event Viewer can display Microsoft-Windows-Kerberos-Key-Distribution-Center event 18 recorded in the system event log
  • Error 0x8009030c with the text Web Application Proxy has encountered an unexpected event is logged in the Azure AD Application Proxy event log in Microsoft-AAD Application Proxy connector event 12027
  • Network traces contain the following signature similar to the following:
    • 7281 24:44 (644) 10.11.2.12 .contoso.com KerberosV5 KerberosV5: TGS Request domain: CONTOSO.COM Sname: http / xxxxx-xxx.contoso.com
    • 7282 7290 (0). CONTOSO.COM


Source link

]]>
New ‘MysterySnail’ exploit used to hijack Windows Server deployments http://www.sempatikopekoteli.com/new-mysterysnail-exploit-used-to-hijack-windows-server-deployments/ http://www.sempatikopekoteli.com/new-mysterysnail-exploit-used-to-hijack-windows-server-deployments/#respond Thu, 14 Oct 2021 11:25:49 +0000 http://www.sempatikopekoteli.com/new-mysterysnail-exploit-used-to-hijack-windows-server-deployments/ Cyber ​​security Experts have helped reverse a mysterious new Remote Access Trojan (RAT) that exploited a zero day in an essential Windows driver to initiate a privilege escalation exploit. Discovered and reported by Kaspersky, Microsoft fixed the zero-day exploited by the Trojan in the October 2021 edition of Patch Tuesday. “The exploit had many debug […]]]>

Cyber ​​security Experts have helped reverse a mysterious new Remote Access Trojan (RAT) that exploited a zero day in an essential Windows driver to initiate a privilege escalation exploit.

Discovered and reported by Kaspersky, Microsoft fixed the zero-day exploited by the Trojan in the October 2021 edition of Patch Tuesday.


Source link

]]>
http://www.sempatikopekoteli.com/new-mysterysnail-exploit-used-to-hijack-windows-server-deployments/feed/ 0
For Microsoft Windows Server 2022. KB5005538 versions for .NET Framework 3.5 and 4.8 http://www.sempatikopekoteli.com/for-microsoft-windows-server-2022-kb5005538-versions-for-net-framework-3-5-and-4-8/ http://www.sempatikopekoteli.com/for-microsoft-windows-server-2022-kb5005538-versions-for-net-framework-3-5-and-4-8/#respond Thu, 14 Oct 2021 04:12:33 +0000 http://www.sempatikopekoteli.com/for-microsoft-windows-server-2022-kb5005538-versions-for-net-framework-3-5-and-4-8/ As part of today’s Connectivity Day for October 2021, Microsoft has released the Global Update for KB5006699 for Windows Server 2022, as well as the Global Update for Microsoft .NET Framework 3.5 and 4.8 for Windows Server. 2022. Updated October 12, 2021. Includes the Reliability Improvement Package in the .NET configuration. Microsoft recommends that you […]]]>

As part of today’s Connectivity Day for October 2021, Microsoft has released the Global Update for KB5006699 for Windows Server 2022, as well as the Global Update for Microsoft .NET Framework 3.5 and 4.8 for Windows Server. 2022. Updated October 12, 2021. Includes the Reliability Improvement Package in the .NET configuration. Microsoft recommends that you use the .NET Framework Update as part of routine maintenance practices. To download and install the update, go to Settings -> Update & security -> Windows Update and select Looking for Updates And Download and install now Absoutely. You can download this update from the Windows Update, Microsoft Update, Windows Server Update Services, or Microsoft Update list. To use this update, you must have .NET Framework 3.5 or 4.8 for Windows Server 2022 installed. More information about this update can be found below or through Microsoft.

Download -> Download Update KB5005538 for Windows Server 2022

You can download KB5005538 for Windows Server 2022 directly from Microsoft:

October 12, 2021-KB5005538. Global update for .NET Framework 3.5 and 4.8

The update includes the following improvements and bug fixes:

  • October 12, 2021 update for Microsoft Server operating system version 21H2. Includes overall reliability improvements for .NET Framework 3.5 and Microsoft Server Operating System version 21H2 4.8. To use this update, you must have .NET Framework 3.5 or 4.8 installed on Microsoft Server Version 21H2.

More information on KB5005538 for Windows Server 2022 can be found here Microsoft.

Going through Update .NET Framework History


Source link

]]>
http://www.sempatikopekoteli.com/for-microsoft-windows-server-2022-kb5005538-versions-for-net-framework-3-5-and-4-8/feed/ 0
Chinese group APT IronHusky exploits zero-day Windows Server privilege escalation http://www.sempatikopekoteli.com/chinese-group-apt-ironhusky-exploits-zero-day-windows-server-privilege-escalation/ http://www.sempatikopekoteli.com/chinese-group-apt-ironhusky-exploits-zero-day-windows-server-privilege-escalation/#respond Thu, 14 Oct 2021 04:01:00 +0000 http://www.sempatikopekoteli.com/chinese-group-apt-ironhusky-exploits-zero-day-windows-server-privilege-escalation/ One of the vulnerabilities Microsoft corrected on Tuesday has been exploited by a Chinese cyber espionage group since at least August. The attack campaigns targeted IT companies, defense contractors and diplomatic entities. According to Kaspersky Lab researchers, the malware deployed with the exploit and its command and control infrastructure indicates a connection with a Chinese […]]]>

One of the vulnerabilities Microsoft corrected on Tuesday has been exploited by a Chinese cyber espionage group since at least August. The attack campaigns targeted IT companies, defense contractors and diplomatic entities.

According to Kaspersky Lab researchers, the malware deployed with the exploit and its command and control infrastructure indicates a connection with a Chinese APT group known as IronHusky which has been operating since 2017, but also with other APT activities. based in China. go back to 2012.

Privilege Escalation Vulnerability in Windows GDI Driver

The group has been observed exploiting a previously unknown vulnerability in Win32k.sys, a system driver that is part of the Windows Graphical Device Interface (GDI), which has been a common source of vulnerabilities in the past. The default, followed as CVE-2021-40449, affects all supported and unsupported versions of Windows, and allows code to run with system privileges.

Since this is a privilege escalation vulnerability, it is only used to gain complete control over targeted systems, but is not the original entry method. The exploit used in the attacks borrows code from a public exploit for another Wink32k vulnerability patched in 2016 (CVE-2016-3309). Although the exploit was written to support all versions of Windows since Vista, Kaspersky researchers have only seen it used on Windows servers.

“In the discovered exploit, attackers are able to achieve the desired memory state using GDI palette objects and use a single call to a kernel function to create a read primitive and d ‘writing from kernel memory, “said the researchers in their report. “This step is easily accomplished, as the operating process runs with Medium IL and therefore it is possible to use publicly known techniques to disclose the kernel addresses of currently loaded kernel drivers / modules. In our opinion , it would be better if the Medium IT processes had limited access to functions such as NtQuerySystemInformation or EnumDeviceDrivers. “

Mystery Snail RAT

Hackers used the elevation of privilege exploit to deploy a Remote Shell Trojan (RAT) that Kaspersky dubbed MysterySnail. Attackers can use this malicious program to execute Windows shell commands, collect information about disks and folders, delete, read and download files, kill processes, etc.

A sample of the malware was first uploaded to the VirusTotal database on August 10 and is notable for its unusually large size of 8.29MB. Indeed, the malware bundles a stand-alone version of the OpenSSL library, which it uses for encrypted communications, and two very large functions that only waste CPU clock cycles and are probably meant to evade emulation and virus detection.

Another interesting feature is that the malware attempts to tunnel its communications through a proxy server if the direct connection to the command and control server is blocked. It does this by listing the values ​​under the “Software Microsoft Windows CurrentVersion Internet Settings ProxyServer” registry key.

“The analysis of the MysterySnail RAT helped us discover campaigns using other variants of the analyzed malware as well as study and document code changes made to this tool over a six-month period,” the researchers said. “With the help of Kaspersky Threat Attribution Engine (KTAE) and the discovery of the first variants of MysterySnail RAT, we were able to find a direct overlap of code and functionality with malware attributed to actor IronHusky.”

IronHusky has been leading cyber espionage campaigns since 2017 and its previous selection of targets suggested a geopolitical agenda. For example, the group targeted Mongolian government entities, which are not a common target, ahead of a meeting with the International Monetary Fund in 2018. Prior to that, the group was seen targeting Russian military contractors. At the time, it was using standard Trojans like PlugX and PoisonIvy which were typical of APT activity in Chinese.

Copyright © 2021 IDG Communications, Inc.


Source link

]]>
http://www.sempatikopekoteli.com/chinese-group-apt-ironhusky-exploits-zero-day-windows-server-privilege-escalation/feed/ 0
Microsoft Defender for Endpoint Preview Brings Benefits to Windows Server 2012 R2 and Windows Server 2016 Users – Redmondmag.com http://www.sempatikopekoteli.com/microsoft-defender-for-endpoint-preview-brings-benefits-to-windows-server-2012-r2-and-windows-server-2016-users-redmondmag-com/ http://www.sempatikopekoteli.com/microsoft-defender-for-endpoint-preview-brings-benefits-to-windows-server-2012-r2-and-windows-server-2016-users-redmondmag-com/#respond Fri, 08 Oct 2021 21:29:05 +0000 http://www.sempatikopekoteli.com/microsoft-defender-for-endpoint-preview-brings-benefits-to-windows-server-2012-r2-and-windows-server-2016-users-redmondmag-com/ New Microsoft Defender for Endpoint Preview Brings Benefits to Windows Server 2012 R2 and Windows Server 2016 Users Microsoft this week announced a “revamped solution stack” for Microsoft Defender for Endpoint that promises to strengthen protections and simplify configurations when using Windows Server 2012 R2 and Windows Server 2016 products. However, additional support for Windows […]]]>

New

Microsoft Defender for Endpoint Preview Brings Benefits to Windows Server 2012 R2 and Windows Server 2016 Users

Microsoft this week announced a “revamped solution stack” for Microsoft Defender for Endpoint that promises to strengthen protections and simplify configurations when using Windows Server 2012 R2 and Windows Server 2016 products.

However, additional support for Windows Server 2012 R2 and Windows Server 2016 products in Microsoft Defender for Endpoint is still in the preview stage, and there are many caveats. In addition, Microsoft Defender for Endpoint (formerly known as “Microsoft Defender Advanced Threat Protection”) requires you to have E5 type license in place.

The E5 license requirement looked like a kind of buzz-kill, based on comments found in Microsoft’s Twitter ad on the new Unified Solutions Stack preview.

However, if organizations have this E5 license, then this so-called “modernized unified solution” promises to bring similar Microsoft Defender for Endpoint protections to those older servers that were generally available previously in the Windows Server 2019 product. The ad stated that “the solution is functionally equivalent to Microsoft Defender for Endpoint on Windows Server 2019”.

Additionally, the Group Policy templates used with Windows Server 2019 will work for older servers.

“You can now use the Group Policy templates for Windows Server 2019 to manage Defender on Windows Server 2012 R2 and 2016,” the announcement said.

Benefits of the unified Microsoft Defender solution for endpoints
Here is the list of enhancements available for these older server products with the new unified solution package, according to a description of the Microsoft document “Onboard Windows Servers”:

Additionally, the new unified solution does not require the use of Microsoft Monitoring Agent to achieve Microsoft Defender for Endpoint protections. Use of this agent was previously required for Windows Server 2012 R2 and Windows Server 2016.

Microsoft Offers this technical document for organizations wishing to abandon the Microsoft Monitoring Agent approach. IT pros can use Microsoft Endpoint Configuration Manager for this switch, but it won’t be fully automated until version 2111, the document explains in a note.

Unified Solution Preview Warnings
The new Unified Solution Stack for Microsoft Defender for Endpoint is only in the preview stage for use with Windows Server 2012 R2 and Windows Server 2016. Known issues, as described in the “Windows Embedded Servers” document from Microsoft, could be problematic.

For example, Azure Security Center will not display alerts yet, according to the document:

For Windows Server 2012 R2 and 2016 running Modern Unified Solution Preview, integration with Azure Security Center / Azure Defender for Servers for alerts and automated deployment is not yet available. Although you can install the new solution on these machines, no alerts will be displayed in Azure Security Center.

Additionally, the new unified solution stack does not support the “OMS Gateway” proxy server to connect to Microsoft Defender for Endpoint Cloud Services. It’s just not supported.

Microsoft Defender Antivirus will not have a user interface when used with Windows Server 2012 R2 with the new Unified Solution Stack preview. Microsoft Defender Antivirus “only allows basic operations” on Windows Server 2016 with preview.

Windows Server 2012 R2 and Windows Server 2016 users don’t get all attack surface reduction rules with preview, the document says. Details have not been cataloged.

Finally, “operating system upgrades are not supported” when using the new Unified Solution Stack Preview.

Perhaps the above caveats are only temporary hurdles, as Microsoft plans to “have full Azure Defender integration as a public preview in Q1 2022!” by the ad.

About the Author

Kurt Mackie is Senior News Producer for 1105 Media’s Converge360 Group.



Source link

]]>
http://www.sempatikopekoteli.com/microsoft-defender-for-endpoint-preview-brings-benefits-to-windows-server-2012-r2-and-windows-server-2016-users-redmondmag-com/feed/ 0
Microsoft adds Azure features to Windows Server 2022 http://www.sempatikopekoteli.com/microsoft-adds-azure-features-to-windows-server-2022/ http://www.sempatikopekoteli.com/microsoft-adds-azure-features-to-windows-server-2022/#respond Thu, 07 Oct 2021 00:57:00 +0000 http://www.sempatikopekoteli.com/microsoft-adds-azure-features-to-windows-server-2022/ Just a month after the launch of Windows Server 2022, users are exploring everything the new platform has to offer, including new features like Hyper-V virtual machine support. Launched last month, Windows Server 2022 includes multi-layered security, hybrid features with Azure, file server enhancements, container support with Kubernetes, and new tools in Windows Admin Center. […]]]>

Just a month after the launch of Windows Server 2022, users are exploring everything the new platform has to offer, including new features like Hyper-V virtual machine support.

Launched last month, Windows Server 2022 includes multi-layered security, hybrid features with Azure, file server enhancements, container support with Kubernetes, and new tools in Windows Admin Center. Let’s take a closer look at these features.

More integration with Azure: A key feature of Server 2022 is the ability to connect on-premises servers with cloud-based Azure Arc and Azure Stack HCI platforms.

Microsoft recognizes that customers run applications in hybrid and on-premises environments, which is why the company introduced Azure Services for Windows Server.

Microsoft vice president of program management, core operating system and edge infrastructure, Bernardo Caldas, said: “With Azure Arc and Azure Stack HCI, customers can modernize the layers of management and virtualization, respectively. “

Server 2022 also includes new features within Azure. Azure Automanage, currently in preview, brings cloud automation and the Microsoft Cloud Adoption Framework for Azure, which provides best practice strategies for cloud management. Azure Automanage for Windows Server will allow users to migrate to Azure using file transfer over SMB via QUIC without having to change the network IP address. Additionally, Azure Automange for Windows Server enables patch implementation for Windows Server Azure virtual machines.

Microsoft is also working with Kubernetes to enable container support for Server 2022 and bring functionality to Azure Kubernetes Service (AKS) and AKS on Azure Stack HCI. Azure Kubernetes Service (AKS) with native support for .NET enables customers to modernize their applications with Kubernetes.

Other improvements: SMB compression in the file server, which improves the transfer of application files by compressing data while it is in transit over a network. Windows Admin Center also includes a new event viewer and gateway proxy support for Azure connected scenarios.

Multi-layered security: Secure-core server enables partners to deliver hardware, firmware, and drivers to secure server systems, and enables IT teams to enforce security across the hardware, firmware, and virtualization layers. Secured Connectivity adds AWS-256 encryption with support for Server Message Block (SMB) and secure encrypted HTTPS.

More Support: Windows Server 2022 supports up to 48 terabytes of memory and 2,048 logical cores running on 64 physical sockets.

Caldas adds, “Customers can also take advantage of the advancements in Windows containers. For example, Windows Server 2022 improves application compatibility of Windows containers, includes HostProcess containers for node configuration, supports IPv6 and dual stack, and enables consistent network policy implementation with Calico.

Windows Server 2022 is available now.


Source link

]]>
http://www.sempatikopekoteli.com/microsoft-adds-azure-features-to-windows-server-2022/feed/ 0
Windows Server 2008 End of Life: Don’t Prepare, Prepare to Pay http://www.sempatikopekoteli.com/windows-server-2008-end-of-life-dont-prepare-prepare-to-pay/ http://www.sempatikopekoteli.com/windows-server-2008-end-of-life-dont-prepare-prepare-to-pay/#respond Wed, 06 Oct 2021 15:45:18 +0000 http://www.sempatikopekoteli.com/windows-server-2008-end-of-life-dont-prepare-prepare-to-pay/ 14e January 2020 marked the official end date of the Windows Server 2008 end-of-support lifecycle, meaning that organizations still using the product ran the risk of maintaining vulnerable systems that could prove crippling to critical business operations if no action was taken. For businesses unable to move applications to Microsoft Azure or move to a […]]]>

14e January 2020 marked the official end date of the Windows Server 2008 end-of-support lifecycle, meaning that organizations still using the product ran the risk of maintaining vulnerable systems that could prove crippling to critical business operations if no action was taken.

For businesses unable to move applications to Microsoft Azure or move to a new system, whether due to a lack of compatible applications or supporting technology and expertise, the only option is turned out to be the option of continuing to pay Microsoft for Extended Security Updates (ESUs).

While ESUs have so far proven to be beneficial in ensuring that regulatory or compliance standards can continue to be met, while providing basic security bugfixes, this is an expensive route to take. , with costs continuing to rise as Microsoft moves resources away from supporting Windows Server 2008 significantly. As a result, companies were naturally exploring alternative methods to secure their business after the first ESU payment in early 2020. The start However, the Covid-19 pandemic has forced companies to focus on more urgent tasks, such as supporting their work remotely. employees. Now, with the restrictions easing and companies able to work back to normalcy before the pandemic, preparing to avoid another costly ESU payment needs to be high on the business agenda.

ESU countdown enters straight line

With the next ESU renewal due in January 2022, the countdown is on for businesses. This means that within six months of cost increases of 30-50%, now is the time to act. The urgency of making a significant system change is further exacerbated by the fact that ESUs for Windows Server 2008 will expire in January 2023, leaving those systems exposed to dangerous security vulnerabilities.

On top of the increased costs, the other downside of ESUs is that they only cover security bug fixes, and if something goes wrong with internal systems, companies don’t get any external support. Continuing to rely on ESUs also means that businesses are forced to continue with their legacy systems in place, meaning they are limited in their ability to operate only with the economy and efficiency of outdated technology. underlying.

Explore the solutions

With the deadline approaching and many companies ignoring the alternatives available, using the right technology and outside expertise is the best way to prepare effectively. Moving applications to an updated Windows server is not an easy task for many companies, however, with complications from older runtime environments such as Java 1.3 or .Net 2.0 putting an end to a successful change. .

Tools from an external vendor, such as compatibility packages, can isolate outdated runtimes so that applications can be successfully moved to the latest supported and secure Windows server, such as 2016 or 2019. The technology container resulting brings together the runtimes, application files, components, and deployment tools needed to ensure that old applications can run efficiently and smoothly on the new server, and are easily deployed through pure cloud or hybrid platforms .

This method ensures that businesses benefit financially from avoiding unnecessary application rewrites and the high cost of having to continue with ESUs. Efficiency is also achieved through easier maintenance of an updated server and by allowing users to complete tasks faster and without complexity, while organizations are also able to prioritize sustainability. avoiding the need to physically replace entire systems.

Prepare for the end of life

While preparing for the end of ESUs for Windows Server 2008 is an immediate emergency for businesses, it is also important to take note of the new end-of-life roadmap that will apply to other systems over the coming years. coming years. Extended support for Windows Server 2012 will end in October 2023, and Microsoft also recently announced the end of support for its flagship Windows 10 operating system on 14e October 2025. What is certainly evident is that the end-of-life treadmill will continue to use a range of systems for years to come, and long-term preparation at all stages will be crucial for businesses.

With the right solutions in place, achievable goals can be achieved in a short period of time, which means for organizations it is not too late to act immediately to ensure readiness and avoid the next costly ESU in January. 2022. Urgency is the name of the game, however, and those who take proactive action now will be able to successfully ride the great wave of end-of-life dates on the horizon.


About the Author

Mat Clothier is CEO and founder of Cloudhouse, he leads the business by ensuring that companies can make all their applications a future without having to rethink unnecessarily when moving existing Windows applications to the cloud or Windows 10. Previously, Mat was CTO for Cloudhouse with a proven track record of working in the information technology and service industry. Skills in application virtualization, Microsoft technologies, managed services, enterprise software and PaaS. Mat is a strong entrepreneurial professional with a Bachelor of Science (BSc) focused on Computer Systems Networks and Telecommunications from the University of Plymouth.

Featured Image: © Filins


Source link

]]>
http://www.sempatikopekoteli.com/windows-server-2008-end-of-life-dont-prepare-prepare-to-pay/feed/ 0
Windows Server 2022: a cheat sheet http://www.sempatikopekoteli.com/windows-server-2022-a-cheat-sheet/ http://www.sempatikopekoteli.com/windows-server-2022-a-cheat-sheet/#respond Thu, 30 Sep 2021 19:24:29 +0000 http://www.sempatikopekoteli.com/windows-server-2022-a-cheat-sheet/ Microsoft has just released its most recent Windows Server platform. Explore enhanced hybrid cloud capabilities, enhanced security, and enhanced support for large on-premises applications. Image: Stephen Brashear, Getty Images The latest version of the Windows Server Long Term Support release, Windows Server 2022, is now available. Perhaps it’s best to think of it as a […]]]>

Microsoft has just released its most recent Windows Server platform. Explore enhanced hybrid cloud capabilities, enhanced security, and enhanced support for large on-premises applications.

Image: Stephen Brashear, Getty Images

The latest version of the Windows Server Long Term Support release, Windows Server 2022, is now available. Perhaps it’s best to think of it as a continuing evolution of the release series that started with Windows Server 2016, improving security, adding enhanced hybrid cloud capabilities, and improving its support for larger, on-premises applications. Now synchronized with versions of Windows Azure, it is an efficient on-premises platform that scales from simple file and print to running massive data warehouses and large-scale business applications like SAP.

SEE: Windows 11 Cheat Sheet: Everything You Need to Know (Free PDF) (TechRepublic)

What is Windows Server 2022?

Windows Server 2022 is the new version of the Windows Server Long Term Service Channel for Data Centers and On-Premises Virtual Machines. The two main editions are Standard and Datacenter. Although both editions of Windows Server 2022 offer the same basic server functionality that builds on existing Windows Server functionality, there are a few differences in how they support Hyper-V virtual machines and how they manage networking and storage.

If you are building a virtual infrastructure, you will need to choose Datacenter, as it adds support for an unlimited number of virtual machines (the standard only supports two), as well as shielded Hyper-V virtual machines for improved isolation and security, and support for both software. network and storage defined.

Both versions support the same set of core features:

Windows containers: Unlike virtual machines, containers enable virtualization at the operating system level by providing just enough access to the operating system, libraries, and underlying resources to host applications in isolated user space.

Active Directory Domain Services: Privileged Access Management (PAM) helps combat credential theft by working with Microsoft Identity Manager (MIM) to protect the Active Directory (AD) forest of accounts with privileged access. Additionally, new processes are in place to request administrative access and monitoring of these accounts, including the expiring links feature, which limits the administrative window period based on a specified period.

Active Directory Federation Services (ADFS) continues to provide simple, secure identity federation and single sign-on (SSO) between ADFS-secured enterprises and partner organizations. It allows authentication of users stored in LDAP or cloud-based providers.

Hyper-V includes hot management of virtual network adapters and memory for virtual machines. For security-conscious administrators, Datacenter includes protected virtual machines that minimize tampering or theft of virtual machine data and states by encrypting both and preventing inspection of video signals and disks.

Windows Defender: Microsoft’s Windows Server Antimalware application is installed by default in Windows Server 2022.

Storage Spaces Direct enables high availability storage to be created from local storage systems, including JBODs stored locally or on a network as part of a storage pool.

The minimum requirements remain the same:

  • 1.4 GHz 64-bit processor
  • Compatible with x64 instruction set
  • Supports NX and DEP
  • Supports CMPXCHG16b, LAHF / SAHF and PrefetchW
  • Supports second level address translation (EPT or NPT)
  • 512 MB (2 GB for the Server installation option with Desktop Experience)
  • Type Error Correcting Code (ECC) or similar technology, for physical host deployments
  • An Ethernet adapter capable of at least 1 gigabit per second throughput
  • Compliant with PCI Express Architecture Specification
  • UEFI 2.3.1c based system and firmware that supports Secure Boot
  • Trusted Platform Module 2.0

SEE: A new Microsoft Store: what does it mean for you and your business? A lot in fact (TechRepublic)

Why is Windows Server 2022 important?

Windows 10 has rolled out a series of virtualization and processor-based security updates as part of its Secure Base initiative, one of the reasons for the small set of supported processors in Windows 11. Microsoft is bringing this model to Windows Server 2022 as an optional set of security tools, offering what it calls a secure server, with secure hardware and firmware from server partners as well as its own software tools. This allows you to use Credential Guard to protect connections and the integrity of hypervisor-protected code with your applications. At the same time, it improves network security, upgrades HTTPS support to TLS 1.3, and adds enhanced AES-256 encryption to file sharing SMB protocol.

There are also significant improvements for Azure integration, either as hybrid cloud systems managed by Azure Arc or for transferring data between on-premises installations and cloud systems. These include a much smaller Server Core installation for use in containers or as an application host VM with remote management. Other improvements to the Windows Admin Center management tool improve its event viewer and support more Azure management from your Windows servers.

Microsoft has also improved the scalability options of Windows Server. If you are running large applications, you now have support for 48TB of memory and 2048 cores in 64 sockets. Other application hosting features include enhanced support for Windows containers for use with Kubernetes applications, including advanced container networking tools that add support for IPv6.

If you’re running Windows Server images in Azure, you’ll get additional features including Azure Automanage, hotfix for virtual machine images, better migration options, and support for SMB through the new QUIC protocol.

When was Windows Server 2022 released?

A preview program started in March 2021. General availability of Windows Server 2022 was announced on September 1, 2021, with a launch event at the Windows Server Summit on September 16.

How can I get Windows Server 2022 and how much does it cost?

Three editions are available: Standard, Datacenter and Essentials. The Datacenter version is intended for use in large-scale data centers, where you need to host and manage large fleets of virtual machines. It is typically used for ERP systems and for hybrid and private clouds as an alternative to tools like Azure Stack HCI. Standard is the familiar small application server or operational database server, with limited virtualization requirements. Small businesses with basic file and printing needs, and up to 25 employees, can choose the Essentials version.

Windows Server 2022 is available in the Microsoft Volume Licensing Service Center for customers with existing license agreements, or in the Azure Marketplace for use as an Azure virtual machine. You can also download trial versions from Windows Evaluation Center, with ISO and VHD installation options.

Microsoft licenses Windows Server 2022 using a per-core licensing model, with CALs required for users and devices accessing your servers. Like Windows Server 2019, licenses are sold in packs of 2 and 16 cores with a minimum of 8 cores per processor and 16 core licenses per server.

  • Essential: $ 501 (per server license). No CAL required.
  • Standard: $ 972 (for 16 cores). CALs required.
  • Data center: $ 6,155 (for 16 hearts). CALs required.

Also look


Source link

]]>
http://www.sempatikopekoteli.com/windows-server-2022-a-cheat-sheet/feed/ 0
Windows Server 2022 is here! – Virtualization review http://www.sempatikopekoteli.com/windows-server-2022-is-here-virtualization-review/ http://www.sempatikopekoteli.com/windows-server-2022-is-here-virtualization-review/#respond Mon, 27 Sep 2021 21:22:38 +0000 http://www.sempatikopekoteli.com/windows-server-2022-is-here-virtualization-review/ New Windows Server 2022 is here! “Overall, there aren’t really a lot of new features, and what there is, isn’t all available for your traditional on-premises Windows server,” says our hands-on review expert, Paul Schnackenburg. By Paul Schnackenburg 09/27/2021 Calmly generally available in mid-August then officially on September 1, Windows Server 2022 is here. Microsoft […]]]>

New

Windows Server 2022 is here!

“Overall, there aren’t really a lot of new features, and what there is, isn’t all available for your traditional on-premises Windows server,” says our hands-on review expert, Paul Schnackenburg.

Calmly generally available in mid-August then officially on September 1, Windows Server 2022 is here.

Microsoft recently hosted a Windows Server Summit to kick it off, with a two-hour livestream featuring different presenters covering different aspects of the new features, as well as video-on-demand content. Compare that to the great fanfare that would have accompanied a new version of Windows Server just a few years ago. For someone who was there in the beginning (I still remember the smell of the thick manuals printed for Windows Server NT 3.51 that I devoured from start to finish when setting up my first server), I cannot tell. ‘prevent Windows from thinking that the server is going quietly in the background.

However, there are some very useful features and there are certainly reasons to migrate (but not as much as in the past), so let’s dig in.

I watched the preview in April (“Windows Server 2022 Is Coming!”) And most of this information is from the GA version.

The three main areas are Secure Core Server, SMB over QUIC, and Storage Migration Service, with additional honorable mentions for Security, Networking, and Hyper-V. I’ll also provide my own analysis of where each feature actually brings benefits in the real world and the marketing aspect.

Secure primary server
As the name suggests, Microsoft is using technology built into newer PC devices to protect against firmware attacks and expanding it to the server platform. This is timely as firmware attacks are on the increase and it is important to have a strong guarantee that the underlying hardware is secure.

Comprised of six domains, Secure Core servers from leading server manufacturers will ship with a Trusted Platform Module (TPM) 2.0, Bitlocker plus Virtualization Based Security (VBS), enabled right out of the box. The six areas are:

  1. Hypervisor-Based Code Integrity (HVCI)

  2. DMA boot protection

  3. System Guard

  4. Secure boot

  5. VBS

  6. TPM 2.0

Each of them contributes to a trusted hardware platform: the TPM stores Bitlocker keys and other secrets securely; VBS uses hardware virtualization (not a fully separate virtual machine, just an area of ​​memory protected using Hyper-V) to stop credentials attacks (Mimikatz); and Secure Boot verifies the signatures on the boot software (the operating system itself, UEFI and all EFI applications).

HVCI relies on VBS to protect changes to the Control flow guard (CFG) bitmap and checks device drivers for EV certificates. CFG is a part of Windows that stops malicious applications trying to corrupt the memory of benign applications. System Guard builds on these lower-level features and validates the entire boot chain using static root of trust protection for measurement (SRTM), dynamic root of trust for measurement (DRTM) ) and the system management mode (SMM).

Secure Core Server Extension in Windows Admin Center
[Click on image for larger view.] Secure Core Server Extension in Windows Admin Center

There is no doubt that these are welcome additions in a server operating system, BUT ask yourself how many of your servers that you are going to be running in your data center in 2022 and beyond are going to be physical waiters? Because all these protections are only available on New servers that are Secure Core (or an existing server, with a TPM 2.0 chip where the vendor provides verified firmware drivers). So you might be running a Hyper-V cluster, maybe domain controllers, and maybe a very large SQL server or two. But if you are running your virtualized domain controllers, if you are running Windows virtual machines on VMware, the Secure Core server will bring you little or no benefit. That’s not to say that some of these features will (and some are already) available to VMs running on Hyper-V, or as IaaS VMs in Azure, but they aren’t fully protected as Secure Core servers.

Server message block
SMB in Windows Server 2022 received a lot of love. You can now use AES-256-GCM and AES-256-CCM encryption for traffic and Signature supports GMAC acceleration.

Even cooler, SMB compression can now be enabled on the server, client, share, or even in individual file copies (using Robocopy), which at the cost of slightly higher usage of the processor, significantly reduces the network bandwidth used.

SMB 3 Signature and Encryption Settings
[Click on image for larger view.] SMB 3 Signature and Encryption Settings

If you use Direct remote memory access (RDMA) To speed up your Hyper-V nodes’ access to Storage Spaces Direct, for example using SMB Direct, you can now encrypt this traffic. Additionally, you now have granular control over encryption between nodes in a cluster as well as inbound / outbound traffic to the cluster.

Note that all of these features are alone available between Windows Server 2022 nodes Where when communicating with Windows 11 clients. Encryption features, for example, will negotiate what each end supports and revert to unencrypted, so to really make sure all traffic is protected at the highest level, you need to upgrade ALL servers / clients.

SMB Share Compression and Encryption Settings
[Click on image for larger view.] SMB Share Compression and Encryption Settings

PME on QUIC
This is for me the most important feature of Windows Server 2022, along with the most real application. Basically, this is SMB over UDP, with all traffic protected by TLS 1.3, allowing you to securely deliver file shares to remote users without using a VPN. Again, it’s only available when logging in from Windows 11 (but at least this upgrade is free, as long as your client device has the required hardware).

The additional door here is the server version – Windows Server 2022 is available in the same Standard and Datacenter (with Desktop / Core) versions that we are used to, plus a new version, Datacenter: Azure Edition. This new edition is the alone one that supports SMB on QUIC. Azure Edition alone runs in Azure as the name suggests OR on Azure Stack HCI. This name itself is very confusing because it implies that it is running in Azure (it is not, you are running it on-premises) and that it has something to do with Azure Stack Hub (this is not, Hub is an integrated system that you buy from a vendor that runs the same software as Azure, with only a few versions behind). Azure Stack HCI is a version of Windows Server that you run on your own hardware, with hyperconverged infrastructure (HCI) so that storage is shared between nodes using Storage Spaces Direct (S2D). This version of Windows Server is a subscription version that you pay monthly, and in turn it will receive regular updates.

The bottom line: SMB on QUIC is only available for a new file server that you are running in Azure or on Azure Stack HCI in your datacenter, and only if you are connecting from a Windows 11 client. Particularly disappointing is the artificial limitation of not offering SMB on QUIC in Windows Server 2022 Standard / Datacenter. It should be noted that SMB on WHO WHAT is currently in preview, but you have support from Microsoft.

Storage migration service
Led by Ned Pyle at Microsoft, this feature has been present in Windows for a few versions now, allowing for a seamless migration of file servers from legacy operating system versions to more modern versions. You point a destination server to an existing file server (or if you have a fleet, you can have a Storage Migration Service server that orchestrates migrations from multiple sources to multiple destination servers), it will copy data up to that both are in sync, then you can seamlessly migrate to the new one. Server names, share names, permissions, everything is migrated and your users will notice very little impact. This service now supports Linux Samba servers, NetApp file shares, and continues support for Windows file servers, including clustered ones.


Source link

]]>
http://www.sempatikopekoteli.com/windows-server-2022-is-here-virtualization-review/feed/ 0
Windows Server 2022 gets General Full Version http://www.sempatikopekoteli.com/windows-server-2022-gets-general-full-version/ http://www.sempatikopekoteli.com/windows-server-2022-gets-general-full-version/#respond Sat, 25 Sep 2021 09:09:01 +0000 http://www.sempatikopekoteli.com/windows-server-2022-gets-general-full-version/ Microsoft has announced the full general release of Windows Server 2022 software for users worldwide. The company confirms that the Long Term Servicing Channel (LTSC) version, which offers 10 years of support, is now available to all users. This release is another big part of Windows 11 ahead of launch later this year, as Microsoft […]]]>

Microsoft has announced the full general release of Windows Server 2022 software for users worldwide.

The company confirms that the Long Term Servicing Channel (LTSC) version, which offers 10 years of support, is now available to all users.


Source link

]]>
http://www.sempatikopekoteli.com/windows-server-2022-gets-general-full-version/feed/ 0