Read-Only Domain Controller and Server Core
All this week, I've been at an internal Microsoft conference. Today, I attended a session that definitely got me excited. The session was given by a Product Manager on the Directory Services team. The topic covered the new Directory Services features coming with Longhorn Server. One of the new features that got me jazzed was the new Read-Only Domain Controller role. It is basically exactly like it sounds.
By default, an RODC doesn't actually store any passwords ("user secrets"). Not only that, but the replication is unidirectional so an RODC won't replicate any information back to the primary domain controller. These features in-turn reduce the attack surface of a Windows Server.
The story that is trying to be won with this new feature in this release is the Branch Office story. Basically, for a company that is large enough to have branch offices (where physical security might not be as strong), instead of deploying a fully blown domain controller, you can now deploy a read-only domain controller. This ensures that if the remote domain controller is compromised, that the entire AD forest is not compromised (since by default, there is very little chance that a username/password combinationĀ isĀ cached that could be used to compromise the rest of the domain).
Combine this new features with the new "Server Core" installation option, and you come one step closer to a true "domain appliance." What is Server Core? Server Core is an install path of Longhorn Server (as of Beta 2) that does not install the unnecessary components of the OS (like the GUI or applications like Internet Explorer (after all, why in the world would I need Internet Explorer on a Server?!?!?)). Not only does this further reduce the attack surface of Windows Server, it also will minimize the amount of patching and maintenance that is required. This is something that the Linux/Unix servers have been doing great for a while, so I'm happy to see Windows Server finally catching up in this space!
I'm thinking once I settle into a permanent home up here in the Seattle area, I may very well end up using Longhorn Server at home to actually build up my own personal Domain at home (which I haven't done to date since I haven't really known all that much about maintaining/hardening servers; and seeing that Longhorn Server is significantly hardened by default and I can use Server Core to reduce the attack surface even more, I might as well get started :D).
Exciting times ahead of us, indeed.