${lead}
${lead}
Hotpatching, robust SMB, integrated OpenSSH server – practical admin food is available in Windows Server 2025. But how do the MS Store and Bluetooth fit in?
(Image: iX)
A new Windows Server update raises concerns and anticipations among administrators, as Microsoft’s widely employed system necessitates a blend of innovative and essential legacy features. iX cover author Evgenij Smirnov discusses in an interview why the nascent 2025 release is a significant upgrade.
What is the most important new feature in Windows Server 2025 for administrators – and why?
For those who manage servers on-premises using the desktop GUI, the integration of a terminal is a standout addition. Moreover, for administrators who use Azure Arc to merge cloud-based management into their system management strategies, hotpatching is beneficial. It enhances the availability of services and streamlines the update process.
SSH is a protocol familiar to many Linux administrators. Why is it now advantageous to implement this with Windows?
The most notable advancement beyond WinRM or DCOM remoting is the cross-platform capability to manage systems from any client platform, including Windows, Unix, Linux, or macOS. The protocol inherently supports transport encryption, providing robust protection against the interception of administrative communications.
Yet, SSH comes with its complexities and potential security concerns. An explicitly authenticated SSH session does not comply with guidelines designed to prevent interactive logins and similarly exposes credentials like a typical RDP session. Shifting to SSH for PowerShell remoting currently results in a loss of JEA capabilities and often necessitates assigning elevated privileges to user accounts. This scenario increases the importance of JIT (Just-In-Time) administration, which many organizations have yet to effectively adopt. Additionally, the practice of logging in via SSH with key pairs introduces new challenges—private keys stored in the user context must be secured with DPAPI, unless using a key distribution service is an option.
What unexpected changes are there in the new Windows Server?
The integration with Windows 11 was surprisingly extensive, resulting in the inclusion of Microsoft Store, WinGet, and even WLAN and Bluetooth capabilities in the server environment. The practical applications for these features are still evolving, and typical server hardware does not usually include WLAN or Bluetooth modules. From a security standpoint, these new features pose additional challenges for administrators—they will need to strictly manage both store access and wireless communications, tasks previously exclusive to client management and addressed by endpoint management systems.
Evgenij, many thanks for the answers! Readers can find a detailed test of the new Windows Server 2025 in the new iX 10/2024, which is available from today. The October issue places a special focus on the thoroughly renovated Active Directory.
In the “Three questions and answers” series, iX aims to get to the heart of today’s IT challenges – regardless of whether it is the user’s view in front of the PC, the manager’s view or the everyday life of an administrator. Do you have any suggestions from your day-to-day work or that of your users? Whose tips on which topic would you like to read in a nutshell? Then please write to us or leave a comment in the forum.
(fo)