Logo
HOW TO
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Server

Windows Server 2012 : Enhanced security and compliance (part 2) - BitLocker enhancements, DNSSEC

4/5/2014 2:08:02 AM

BitLocker enhancements

BitLocker Drive Encryption is a data protection feature first introduced in Windows Vista and Windows Server 2008. BitLocker encrypts entire disk volumes to help safeguard sensitive business data from theft, loss, or inappropriate decommissioning of computers.

BitLocker has been enhanced in several ways in Windows Server 2012 and Windows 8:

  • It’s now easy to provision BitLocker before deploying the operating system onto systems. This can be done either from the Windows Preinstallation Environment (WinPE) or by using Microsoft Deployment Toolkit (MDT) 2012 to deploy your Windows installation.

  • The process of encrypting a volume with BitLocker can occur more rapidly in Windows Server 2012 and Windows 8 by choosing to encrypt only the used disk space instead of both used and unused disk space, as was the only option in previous versions of Windows .

  • Standard users can change their BitLocker personal identification number (PIN) or password for the operating system volume or the BitLocker password for fixed data volumes. This change makes it easier to manage BitLocker-enabled clients because it means that users can choose PINs and passwords that are easier for them to remember.

  • A new feature called BitLocker Network Unlock allows a network-based key protector to be used for automatically unlocking BitLocker-protected operating system volumes on domain-joined computers when these computers are restarted. This can be useful when you need to perform maintenance on computers and the tasks that you need to perform require a restart to be applied.

  • BitLocker supports a new kind of enhanced storage device called Encrypted Hard Drive, which offers the ability to encrypt each block on the physical drive and not just volumes on the drive.

  • BitLocker can now be used for failover clusters and cluster shared volumes.

Encrypting only used disk space when enabling BitLocker on a volume.

Figure 1. Encrypting only used disk space when enabling BitLocker on a volume.

DNSSEC

Domain Name System Security Extensions (DNSSEC) is a suite of extensions that adds security to the DNS protocol. DNSSEC enables all the records in a DNS zone to be cryptographically signed and provides origin authority, data integrity, and authenticated denial of existence. DNSSEC is important because it allows DNS servers and resolvers to trust DNS responses by using digital signatures for validation to ensure that the responses they return have not been modified or tampered with in any way.

DNSSEC functionality was first included in the DNS Server role of Windows Server 2008 R2 and has been significantly enhanced in Windows Server 2012. The following are a few of the enhancements included in DNSSEC on Windows Server 2012:

  • Support for Active Directory–integrated DNS scenarios, including DNS dynamic updates in DNSSEC signed zones

  • Support for updated DNSSEC standards, including NSEC3 and RSA/SHA-2 and validation of records signed with updated DNSSEC standards (NSEC3, RSA/SHA-2)

  • Automated trust anchor distribution through Active Directory with easy extraction of the root trust anchor and automated trust anchor rollover support per RFC 5011

  • An updated user interface with deployment and management wizards

  • PowerShell support for configuring and managing DNSSEC

Configuring DNSSEC on your DNS servers can now be done with the DNS Manager console. Simply right-click a zone and select Sign The Zone under the DNSSEC menu option:

image with no caption

This opens the Zone Signing Wizard, and by following the prompts, you can select the Key Master for the zone, configure a Key Signing Key (KSK) used for signing other keys, configure a Zone Signing Key (ZSK) used for signing the zone data, configure Next Secure (NSEC) resource records to provide authenticated denial of existence, configure distribution of Trust Anchors (TAs) and rollover keys, and configure values for DNSSEC signing and polling:

image with no caption
Other -----------------
- Windows Server 2012 : Full Windows experience (part 2) - Configuring User Profile Disks
- Windows Server 2012 : Full Windows experience (part 1) - RemoteFX enhancements,Configuring RemoteFX, Enhanced USB redirection
- Windows Server 2012 : Support for open standards
- Microsoft SharePoint 2013 : Working with Visio Services - Customizing Visio Services solutions
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 4) - Adding data graphics , Web part connections
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 3) - Mapping external data to shapes
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 2) - Refreshing external data
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 1) - Obtaining external data
- Microsoft SharePoint 2013 : Looking at Visio Services (part 4) - Visio Services security considerations,Supported data scenarios
- Microsoft SharePoint 2013 : Looking at Visio Services (part 3) - Visio Graphics Service service application
 
 
REVIEW
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
 
VIDEO TUTORIAL
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
 
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
Top 10
- Microsoft Excel : How to Use the VLookUp Function
- Fix and Tweak Graphics and Video (part 3) : How to Fix : My Screen Is Sluggish - Adjust Hardware Acceleration
- Fix and Tweak Graphics and Video (part 2) : How to Fix : Text on My Screen Is Too Small
- Fix and Tweak Graphics and Video (part 1) : How to Fix : Adjust the Resolution
- Windows Phone 8 Apps : Camera (part 4) - Adjusting Video Settings, Using the Video Light
- Windows Phone 8 Apps : Camera (part 3) - Using the Front Camera, Activating Video Mode
- Windows Phone 8 Apps : Camera (part 2) - Controlling the Camera’s Flash, Changing the Camera’s Behavior with Lenses
- Windows Phone 8 Apps : Camera (part 1) - Adjusting Photo Settings
- MDT's Client Wizard : Package Properties
- MDT's Client Wizard : Driver Properties
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro