Inside Windows Server 1002003 [Electronic resources] نسخه متنی

New Features in Windows Server 2003

Windows 2000 was the first Microsoft product to contain a tightly integrated set of cryptography tools. Windows Server 2003 improves on these tools and incorporates changes and advancements promulgated in industry standards since the release of Windows 2000. These new features include the following:

• Key recovery.
  One of the more exciting new features in Windows Server 2003 is the ability to store and re-issue data encryption keys that users have lost or were erased.




• User auto-enrollment.
  This feature permits issuing User certificates as soon as a user logs on to the domain from an XP or Windows Server 2003 client. A User certificate can be used for EFS, S/MIME, and IPSec. This significantly reduces the complexity of deploying these applications.




• 3DES and AES support.
  The Microsoft crypto provider in Windows Server 2003 now supports 3DES (Triple-DES) and the Advanced Encryption Standard (AES), making the system compliant with FIPS-140, a U.S. government standard for PC-based cryptography.




• FIPS 180-2 support .
  Windows Server 2003 supports the extended hashing algorithms specified in the new Secure Hash Standard, publication FIPS 180-2. You can get a copy of this standard at csrc.nist.gov/encryption/shs/dfips-180-2.pdf. The new algorithms are enhancements to the current 160-bit Secure Hashing Algorithm-1 (SHA1) standard. They are SHA-256, SHA-384, and SHA-512.




• Delta CRLs.
  To avoid lengthy, unmanageable Certificate Revocation Lists (CRL), the latest RFC provides for the periodic issuance of a base CRL with frequent updates, called

  Delta CRLs . Distributing Delta CRLs requires far fewer network and client resources than distributing a full CRL each time a change occurs.




• Manageable certificate templates.
  A new template version in Windows Server 2003 supports updated certificate extensions with the ability to set optional values for those extensions.




• Smart card improvements.
  With Windows Server 2003 and XP, you can now use smart cards to log on to a server via Remote Desktop. The NET and RUNAS utilities have also been improved to work with smart cards.




• CA Root certificate updates .
  When validating a certificate issued by an outside CA, an XP or Windows Server 2003 client will automatically use the Windows Update web site to check for a copy of the Root CA certificate. This simplifies deployment of solutions involving third-party PKIs.




• Qualified Subordination.
  Classic PKI implementations can be difficult to extend between organizations because of the unlimited nature of the cross-trusts. Windows Server 2003 takes advantage of RFC-compliant constraints to limit the range and types of certificates that can be trusted from outside hierarchies.