To access to all videos, check video section of Active Directory Windows 2008 and 2008 R2 Documentat Possibly related posts: (automatically generated)Domain Controllers and Active Directory Domains Part 2Creating an additional domain controller in an existing domainStep By Step Guide for Windows Server 2008 Domain Controller and DNS ServerHow to Create an additional domain controller in. The following documentation for Windows 7 and Windows Server 2008 R2 Service Pack 1 is provided here: Deployment Guide for Windows Server 2008 R2 with SP1 and Windows 7 with SP1; Hotfixes and Security Updates included in Windows 7 and Windows Server 2008 R2 Service Pack 1; Installing Windows Server 2008 R2 with SP1 (“readme”). Windows Server 2003 Standard Edition (R2, Service Pack 1 or Service Pack 2). For the initial configuration tasks please follow my other Windows Server 2008 articles found on the Related Windows.
I've seen several posts on the new 'authentication assurance' feature coming in Windows Server 2008 R2. The term we decided to go with is authentication mechanism assurance because it is actually the authentication mechanism that is assured. Authentication mechanism assurance uses certificate policies that are mapped to security groups. The certificates that are issued from the policy grant users who use them to logon additional group memberships in their access token. The expected scenario for using this feature is that a user with a smart card or token device (e.g. USB token) logs on using a certificate (issued from a policy mapped to an administrator defined security group). With this addition group membership added to the access token of the user account a distinction can be made (through that group membership) that indicates the user logged on using a specific type of certificate. This allows resources on the network (and elsewhere) to be secured as normal (using group memberships in the access control list), but has the ability to effectively distinguish that the user logged on with a smart card, USB token, or some other type of certificate logon method. Since the administrator can map different types of certificates (using different certificate policies) to different group memberships, it is also possible to distinguish the type of certificate.
Windows Server 2008 R2 Documentation Free
Garageband free download full version. As an example, consider this scenario: Three certificate policies
- Confidential
- Secret
- Top Secret
Now assume that these policies are mapped to three different security groups:
- Confidential Users (mapped to Confidential certificate policy)
- Secret Users (mapped to Secret certificate policy)
- Top Secret Users (mapped to Top Secret certificate policy)
Now consider there are three different types of smart cards (they could all be the same type of smart card). Imagine they are categorized differently as in they have different colors or stickers indicating the following):
- Confidential (receives a certificate issued from a certificate template that is associated with the Confidential certificate policy)
- Secret smart card (receives a certificate issued from a certificate template that is associated with the Secret certificate policy)
- Top Secret smart card (receives a certificate issued from a certificate template that is associated with the Top Secret certificate policy)
![Server Server](https://softwaredepot.co/media/catalog/product/cache/9/image/1200x1200/85e4522595efc69f496374d01ef2bf13/w/i/windows_server_2008_r2_standard.jpg)
Now resource administrators could secure resources in this way:
- Resources considered Confidential could grant access to the following groups: Confidential Users, Secret Users, and Top Secret Users.
- Resources considered Secret could grant access to only the following groups: Secret Users and Top Secret Users.
- Resources considered Top Secret could grant access to only the Top Secret Users group.
![Windows Server 2008 R2 Documentation Windows Server 2008 R2 Documentation](/uploads/1/2/4/8/124866128/129836627.jpg)
Such a configuration would allow users who logon with Confidential smart cards to access the resources secured for Confidential Users. The users who logon with Secret smart cards can access the resources shared to the Secret Users group. The users who logon with Top Secret smart cards can access the resources shared to the Top Secret Users group. The users who logon using a username and password will not be able to access any of the resources described above.
Therefore, the authentication mechanism assurance allows administrators to secure resources (including applications) such that only users who logged on with a certificate based mechanism are granted access. Further, whether the user is able to gain access to specific resources also depends on the type of certificate (indicated by the certificate template and policy) that the user presents during logon.
This posting is provided 'AS IS' with no warranties, and confers no rights.
Active11 months ago
Our goal is to upgrade a machine from Windows Server (WS) 2008 R2 to WS 2016. For now, we don't want to perform a clean-install to the server OS.
But according to Microsoft documentation, there is no direct path to upgrade from WS 2008 R2 to WS 2016 but we can upgrade from WS 2008 R2 to WS 2012 R2, and then to WS 2016.
Since we are not going to use WS 2012 R2 at all, I was wondering if I can use evaluation versions of WS 2012 R2 and WS 2016 to sequentially upgrade from WS 2008 R2 to 2016, and then buy retail version (of WS 2016) to convert the WS 2016 evaluation to a retail version. Is this possible?
Humberto Castellon73611 gold badge33 silver badges1616 bronze badges
Tae-Sung ShinTae-Sung Shin
2 Answers
It is always possible to update evaluation version to retail using DISM cmdlet. According to the Microsoft document - https://docs.microsoft.com/en-us/windows-server/get-started/installation-and-upgrade
'You can upgrade from an evaluation version of the operating system to a retail version, from an older retail version to a newer version, or, in some cases, from a volume-licensed edition of the operating system to an ordinary retail edition.'
Windows Server 2008 R2 Documentation Requirements
Also, you can check Server Role upgrade matrix here: https://docs.microsoft.com/en-us/windows-server/get-started/server-role-upgradeability-table
batistuta09batistuta09
I once used retail versions to upgrade a
2008 R2
to 2012 R2
and then to 2016
, that works. But I don't think you can use an evaluation version to upgrade a retail version at all. But you may not have to activate the 2012 R2
before moving on to 2016
, so any 2012 R2
retail DVD may help.This reason why you may want to upgrade rather than do a clean install, is that you have complicated third party software on the server that is very difficult or impossible to install on a clean OS.
Peter HahndorfPeter Hahndorf11k33 gold badges3131 silver badges5353 bronze badges