• Oct 30, 2012  I am working with a Lenovo Thinkserver that came preloaded with Microsoft Windows Server 2008 R2 SP1. When I attempt to locate technical documentation online (.on the Microsoft website) the links often direct me to Windows Server 2012 documentation. Will MS support Win Server 2008 much longer. Here is the information about Windows Server 2008 R2.
• This article contains information about Volume Activation for Windows Vista, Windows Server 2008, Windows Server 2008 R2, and Windows 7. It lists links to documentation about Volume Licensing and Volume Activation 2.0.

Any edition of Windows Server 2008 may be installed without activation and evaluated for an initial 60 days. If you need more time to evaluate Windows Server 2008, the 60 day evaluation period may be reset (or re-armed) three times, extending the original 60 day evaluation period by up to 180 days for a total possible evaluation time of 240 days.

I've seen several posts on the new 'authentication assurance' feature coming in Windows Server 2008 R2. The term we decided to go with is authentication mechanism assurance because it is actually the authentication mechanism that is assured. Authentication mechanism assurance uses certificate policies that are mapped to security groups. The certificates that are issued from the policy grant users who use them to logon additional group memberships in their access token. The expected scenario for using this feature is that a user with a smart card or token device (e.g. USB token) logs on using a certificate (issued from a policy mapped to an administrator defined security group). With this addition group membership added to the access token of the user account a distinction can be made (through that group membership) that indicates the user logged on using a specific type of certificate. This allows resources on the network (and elsewhere) to be secured as normal (using group memberships in the access control list), but has the ability to effectively distinguish that the user logged on with a smart card, USB token, or some other type of certificate logon method. Since the administrator can map different types of certificates (using different certificate policies) to different group memberships, it is also possible to distinguish the type of certificate.

As an example, consider this scenario: Three certificate policies

1. Confidential


2. Secret


3. Top Secret

Now assume that these policies are mapped to three different security groups:

Windows Server 2008 R2 Documentation Pdf

1. Confidential Users (mapped to Confidential certificate policy)


2. Secret Users (mapped to Secret certificate policy)


3. Top Secret Users (mapped to Top Secret certificate policy)

Now consider there are three different types of smart cards (they could all be the same type of smart card). Imagine they are categorized differently as in they have different colors or stickers indicating the following):

1. Confidential (receives a certificate issued from a certificate template that is associated with the Confidential certificate policy)


2. Secret smart card (receives a certificate issued from a certificate template that is associated with the Secret certificate policy)


3. Top Secret smart card (receives a certificate issued from a certificate template that is associated with the Top Secret certificate policy)

Now resource administrators could secure resources in this way:

1. Resources considered Confidential could grant access to the following groups: Confidential Users, Secret Users, and Top Secret Users.


2. Resources considered Secret could grant access to only the following groups: Secret Users and Top Secret Users.


3. Resources considered Top Secret could grant access to only the Top Secret Users group.

Such a configuration would allow users who logon with Confidential smart cards to access the resources secured for Confidential Users. The users who logon with Secret smart cards can access the resources shared to the Secret Users group. The users who logon with Top Secret smart cards can access the resources shared to the Top Secret Users group. The users who logon using a username and password will not be able to access any of the resources described above.

Therefore, the authentication mechanism assurance allows administrators to secure resources (including applications) such that only users who logged on with a certificate based mechanism are granted access. Further, whether the user is able to gain access to specific resources also depends on the type of certificate (indicated by the certificate template and policy) that the user presents during logon.

This posting is provided 'AS IS' with no warranties, and confers no rights.

Windows Server is the platform for building an infrastructure of connected applications, networks, and web services, from the workgroup to the data center.

Use the links below to view technical content for IT professionals for the different versions of Windows Server.

Important

Do you have Windows running on your PC? Windows 10, Windows 8 or 8.1? Windows 7? Do you have a problem? Go to Microsoft Support - just type your problem into the search bar. They have information about Windows, Office, Skype, you name it.

The information below is only about Windows Server.

Windows Server 2008 R2 Documentation Download

Windows Server 2016

Windows Server 2012 R2 and Windows Server 2012

Windows Server 2008 R2 and Windows Server 2008

Windows Server 2003

Windows Server 2003 Technical Library - download a PDF version of the archived content

Product evaluations

Related links

Tip

Are you having a problem? Start with Microsoft Support - just type your problem into the search bar. You can get help with Windows, Office, Skype, you name it.