Remote Desktop support for DirectX 11. RemoteFX was introduced in Windows Server 2008 R2 SP1 as a way to get rich media, audio and video support hosted centrally on a server and pushed out to thin clients. It was, however, only really effective on a local, or at least a really fast, network. DirectX 11 support has been added to the virtual GPU that RemoteFX uses, so that even users connecting to a virtual desktop over the Internet (with high latency and some packet less) will be able to use graphics-intensive applications like Photoshop and video editing applications without a bunch of buffering, straining, or stuttering. In addition, media remoting has been improved so applications can stream video and audio in a much more bandwidth-efficient way, which will both lower your transmission costs and improve the end-user experience, too.
SMB directory leasing. As part of Windows Server 8, you get the SMB (Server Message Block) 2.2 protocol—an incremental upgrade over the SMB 2.0 protocol that’s been in Windows Server for years, but with a couple of important distinctions. One is the new support for directory leasing, which is great for branch offices or other remote locations that depend on file-share based access to content on servers not on premises. By “leasing” directories from a true source, clients at branch office locations pull metadata in any given directory directly from the cache, rather than making a full round trip to and from the remote server. The server uses an SMB 2 protocol feature to notify clients when directory information changes, and then the cache can be updated. This is ideal for situations where you have a read-only directory that’s shared out, or a personal folder that is read/write (like a user’s home directory) but isn’t shared to other users.
Shadow copies for SMB shares. This feature is new to the beta, too – now you can get ease of volume shadow copies (those instant data file copies that happen in the background) on file shares too, and not just on physical volumes not over a network. This is great for backup and restore of application-specific data that lives on a SAN or NAS system and expands the reach of the “Previous Versions” feature, too.
The notion of “primary computers.” Roaming profiles have always been one of the banes of Windows administrators. It’s been an all-or-nothing affair: either you enable a user’s profile to roam with him or her to every computer on your network, or none of the computers were able to roam. Roaming was great when offices were in one location, but as soon as a user who was homed on a server in Seattle logged on to a machine in London, you started the see the problem—the entire profiles, sometimes hundreds of megabytes of information, had to be transmitted over the network before the user could log in. Enter “primary computers,” a new feature where you as the administrator can designate a few computers as machines that will always get a profile roamed, folders redirected, and so on. A user logging into any machine NOT designated as a primary computer would then create a standard local profile, which eliminates bogging down the network. This is very useful in managing network traffic among a swath of traveling users, especially in the mornings when everyone on your network typically logs on.
Dynamic Access Control. DAC is a great addition to the product and should make both accessing and security data on your system a lot more straightforward than it has been in previous editions of Windows. With DAC, you can tag data with different classifications (“sensitive,” “for finance only,” “do not forward,” and so on) and then automatically classify all data like it on a Windows Server 8 machine. For example, you could tag documents in a set of Finance folders as sensitive and then all future documents would get that tag. You can then act on that tag to configure access for different users and also set up what amounts to claims-based access for that data independent of NTFS (or ReFS) permissions. You can also allow users to automatically request access to given data directly through the UI, and likewise, administrators can grant that access more easily.
Effective access. This feature is akin to the resultant set of policy, or RSoP, features that were introduced in Group Policy in Windows Server 2003. Within the permissions and security dialog for any given file system object, you can model what permissions a certain user has for that object. What’s more, you can also model what permissions that user would have if certain information about the user were changed—for example, his group membership or her departmental access claims. It makes it very easy to see if permissions will work, and which specific ACL entries will do what you like, rather than the sometimes trial-and-error based process that ensues when ACLs need to be modified.
Ready to get started evaluating these new features in your own environment? You can download the beta from Microsoft TechNet.
Follow SearchWindowsServer on Twitter @WindowsTT.
ABOUT THE AUTHOR
Jonathan Hassell is an author, consultant and speaker residing in Charlotte, N.C. Jonathan's books include RADIUS, Hardening Windows and recently Windows Vista: Beyond the Manual.
This was first published in March 2012