Use PSResourceGet to manage PowerShell modules and scripts

Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Sun, 15 Mar 2026 22:09:55 GMT https://www.techtarget.com/searchwindowsserver editor@techtarget.com <p>Managing PowerShell resources is a critical task for administrators, who must ensure that scripts and modules are up to date and correctly configured across environments.</p> <p>With the release of PSResourceGet, Microsoft has improved upon the original PowerShellGet module by producing a modernized approach to <a href="https://www.techtarget.com/searchITOperations/video/Automate-PowerShell-scripts-for-self-healing-IT-infrastructure">managing PowerShell resources</a>. This article looks at some of PowerShellGet's limitations, the problems solved by PSResourceGet and its key capabilities, and practical examples of how to use PSResourceGet in daily workflows.</p> <section class="section main-article-chapter" data-menu-title="Problems that PSResourceGet Solves"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Problems that PSResourceGet Solves</h2> <p>As useful as PowerShellGet has been, PSResourceGet was developed to address several key issues, including:</p> <ul class="default-list"> <li><b>Complexity and performance issues</b>. Microsoft designed PowerShellGet with a provider model that relied on the PackageManagement module, which led to bottlenecks and added complexity in managing dependencies.</li> <li><b>Usability and extensibility.</b> Because it was based on an older codebase, PowerShellGet was neither user-friendly nor easy to extend, making bug fixes and implementing new features difficult.</li> <li><b>Compatibility concerns</b>. Because it was written in PowerShell, keeping PowerShellGet <a href="https://www.techtarget.com/searchwindowsserver/tip/Why-you-should-consider-an-upgrade-from-PowerShell-51-to-7">compatible with all supported versions of PowerShell</a> was a challenge.</li> </ul> <p>By rewriting PowerShellGet's replacement in C# and removing its dependency on PackageManagement, PSResourceGet offers a more efficient and maintainable approach.</p> </section> <section class="section main-article-chapter" data-menu-title="PSResourceGet capabilities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>PSResourceGet capabilities</h2> <p>As the new package manager for PowerShell, PSResourceGet is a comprehensive tool to manage all types of PowerShell artifacts available from repositories, including modules, scripts, <a href="https://www.techtarget.com/searchwindowsserver/tip/See-whats-new-in-Desired-State-Configuration-v3">Desired State Configuration resources</a> and role capabilities.</p> <p>For each resource type, PSResourceGet lets administrators:</p> <ul class="default-list"> <li>Install, update and remove resources.</li> <li>Manage dependencies automatically.</li> <li>Manage repositories that provide resources.</li> <li>Search repositories for resources.</li> </ul> <p>All capabilities are exposed in the module through cmdlets.</p> </section> <section class="section main-article-chapter" data-menu-title="Benefits of PSResourceGet"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Benefits of PSResourceGet</h2> <p>Now that we've covered the purpose of PSResourceGet and its capabilities, let's cover the advantages of using PSResourceGet over PowerShellGet.</p> <h3>Improved performance</h3> <p>The most significant and immediate benefit of PSResourceGet is speed. For example, the following script compares the search performance of both modules:</p> <pre class="language-powershell"><code>Measure-Command {     Find-Module -Name Microsoft.PowerShell.PSResourceGet } | Select-Object TotalSeconds Measure-Command {     Find-PSResource -Name Microsoft.PowerShell.PSResourceGet } | Select-Object TotalSeconds</code></pre> <p>After running these commands a few times, PSResourceGet typically executes twice as fast as PowerShellGet. Results can vary depending on the testing environment, including the host machine and internet connection.</p> <h3>Compatibility</h3> <p>To maintain compatibility with previous versions of PowerShellGet, Microsoft released a <a href="https://github.com/PowerShell/PowerShellGet/tree/master">compatibility module</a> designed to accept commands in the same syntax as PowerShellGet and call the equivalent PSResourceGet commands. This approach lets administrators continue running scripts that use PowerShellGet syntax while also benefiting from PSResourceGet enhancements.</p> <h3>Maintainability and extensibility</h3> <p>Although this might not be immediately noticeable for most users, one goal for PSResourceGet was to build a module that could easily implement changes based on customer feedback. From the start, the codebase was written to be clean and efficient so Microsoft could quickly address bugs and feature requests.</p> </section> <section class="section main-article-chapter" data-menu-title="Using PSResourceGet"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Using PSResourceGet</h2> <p>To start using PSResourceGet, you might have to install it. For all versions of PowerShell prior to 7.4, PSResourceGet isn't included by default, so we will use PowerShellGet's Install-Module cmdlet for the installation:</p> <pre class="language-powershell"><code>Install-Module -Name Microsoft.PowerShell.PSResourceGet</code></pre> <p>After installation, you can verify by importing it, running a command from the module or simply listing the commands in the module:</p> <pre class="language-powershell"><code>Get-Command -Module Microsoft.PowerShell.PSResourceGet</code></pre> <h3>Managing repositories</h3> <p>A repository is a location to publish PowerShell resources and retrieve them. The most well-known is the PowerShell Gallery. Using PSResourceGet, you can find the currently configured repositories:</p> <pre class="language-powershell"><code>Get-PSResourceRepository</code></pre> <p>By default, PowerShell only includes the PowerShell Gallery. To add other repositories, such as an internal private repository hosted in GitHub Packages, use the following code:</p> <pre class="language-powershell"><code>$splat = @{     Name     = 'GitHubOrg'     Uri      = 'https://nuget.pkg.github.com/<GitHubOrg>/index.json'     Trusted  = $true     Priority = 10 } Register-PSResourceRepository @splat</code></pre> <p>In this case, the script designates the repository as trusted and assigns it to a higher priority than the PowerShell Gallery.</p> <p>You can verify the change by rerunning Get-PSResourceRepository.<b></b></p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_1-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_1-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_1-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_1-f.jpg 1280w" alt="A command window shows a PowerShell command used to list repositories registered for use with PSResourceGet." height="103" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Re-run the Get-PSResourceRepository command after registering a GitHub repository as a trusted source for PowerShell resources. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>To see the full list of supported repository types, you can refer to <a href="https://learn.microsoft.com/en-us/powershell/gallery/powershellget/supported-repositories?view=powershellget-3.x">Microsoft's documentation.</a></p> <h3>Installing modules</h3> <p>The most common use for PSResourceGet is to install modules. This is very similar to using Install-Module, but instead use:</p> <pre class="language-powershell"><code>Install-PSResource -Name Microsoft.Graph</code></pre> <p>If you want a specific version, PSResourceGet has a lot more flexibility than PowerShellGet. The Version parameter accepts any valid Nuget version <a target="_blank" href="https://learn.microsoft.com/en-us/nuget/concepts/package-versioning?tabs=semver20sort#version-ranges" rel="noopener">range</a>, while PowerShellGet required three version parameters. For example, to install an exact version, use the following command:</p> <pre class="language-powershell"><code>Install-PSResource -Name Microsoft.Graph -Version 2.21.0</code></pre> <p>To specify a version range, such as greater than 1.5 but less than 2.0, you can use:</p> <pre class="language-powershell"><code>Install-PSResource -Name Microsoft.Graph -Version '[1.5,2.0)'</code></pre> <p>To validate your version range, use Find-PSResource.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_2-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_2-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_2-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_2-f.jpg 1280w" alt="A command window runs a PowerShell command to find a module between a specific version range. " height="242" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>The command checks for versions of the Microsoft.Graph module that are at least version 1.5 but less than version 2.0. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>PSResourceGet will install the latest version listed in the provided range.</p> <h3>Installing modules across several servers</h3> <p>To ensure the entire environment has the appropriate modules installed, you can use PSResourceGet through PowerShell remoting. For example, to manage Windows updates, you might want to install the PSWindowsUpdate module. The following script -- which requires PowerShell v7 because it uses the<b> </b><a href="https://www.techtarget.com/searchwindowsserver/tutorial/PowerShell-ForEach-Object-cmdlet-picks-up-speed">Parallel parameter of Foreach-Object</a> -- retrieves a list of servers from Active Directory and then installs the module remotely:</p> <pre class="language-powershell"><code>Get-ADComputer -Filter 'OperatingSystem -like "*Server*"' | ForEach-Object -ThrottleLimit 5 -Parallel {     Invoke-Command -ComputerName $_.Name -ScriptBlock {         Install-Module -Name Microsoft.PowerShell.PSResourceGet -Confirm:$false -Force         Install-PSResource -Name PSWindowsUpdate -Confirm:$false     } }</code></pre> <p>The script will install PSResourceGet if it isn't installed with Install-Module, then it will install PSWindowsUpdate with Install-PSResource.</p> <h3>Browse from the command line</h3> <p>Because PSResourceGet is so much faster than PowerShellGet, browsing the PowerShell Gallery from the command line makes more sense. For example, if you know there's a <a href="https://www.techtarget.com/searchwindowsserver/tutorial/Reveal-Windows-file-server-permissions-with-PowerShells-help">module to import Excel files</a> but can't remember the name, you can search for it:</p> <pre class="language-powershell"><code>Find-PSResource -Name '*Excel'</code></pre> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_3-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_3-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_3-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_3-f.jpg 1280w" alt="A command window with a PowerShell command that searches for resources using a wildcard. " height="142" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Use the Find-PSResource command to search for PowerShell resources in the registered repositories with 'Excel' at the end of the name. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>This command returns several modules, one of which is ImportExcel. To see the full metadata for the module, query it directly:</p> <pre class="language-powershell"><code>Find-PSResource -Name 'ImportExcel' | fl *</code></pre> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_4-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_4-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_4-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/ahowell_psresourceget_4-f.jpg 1280w" alt="A command window that shows a PowerShell command to display a module's metadata. " height="330" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Execute a search to that displays all the metadata for the ImportExcel module. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The output shows important information, such as the ProjectUri property, which you can use to verify it is the proper module.</p> </section> <section class="section main-article-chapter" data-menu-title="PSResourceGet offers scalability and reliability"> <h2 class="section-title"><i class="icon" data-icon="1"></i>PSResourceGet offers scalability and reliability</h2> <p>PSResourceGet offers improved package management in PowerShell, providing <a href="https://www.techtarget.com/searchwindowsserver/tutorial/Try-these-PowerShell-Start-Job-examples-for-more-efficiency">better speed</a> and reliability. By directly addressing user feedback and the issues with PowerShellGet, PSResourceGet presents a more streamlined and efficient approach to reduce time spent on repetitive tasks and allow more time to focus on automation and scripting.</p> <p><i>Anthony Howell is an IT strategist with extensive experience in infrastructure and automation technologies. His expertise includes PowerShell, DevOps, cloud computing, and working in both Windows and Linux environments.</i></p> </section> The updated package manager for PowerShell improves performance, simplifies module management and streamlines repository handling to free up time for automation tasks. https://cdn.ttgtmedia.com/rms/onlineimages/keyboard_g1077903946.jpg https://www.techtarget.com/searchwindowsserver/tutorial/Use-PSResourceGet-to-manage-PowerShell-modules-and-scripts Tue, 07 Oct 2025 15:42:00 GMT Use PSResourceGet to manage PowerShell modules and scripts <p>Defragmentation, also known as <i>defragging</i> or <i>defrag</i>, is the process of rearranging data on a storage medium, such as a hard disk drive (<a href="https://www.techtarget.com/searchstorage/definition/hard-disk-drive">HDD</a>), to ensure efficient storage and access.</p> <p>Defragmenting a hard drive can improve a computer's or laptop's performance and speed. To reduce fragmentation, a disk optimization tool typically uses compaction to free up larger areas of space. Certain disk defragmentation tools might try to keep smaller files together, especially if they're often accessed sequentially.</p> <p>Fragmentation is less common in Linux-based file systems. The Linux journaling system stores data across multiple locations on the disk and automatically moves it around as soon as it senses fragmentation.</p> <p>Longtime users of Windows and Mac computers will remember when defragmentation was strictly a manual process they had to initiate themselves. However, Windows and <a href="https://www.techtarget.com/whatis/definition/Mac-OS">macOS</a> have been automatically defragmenting disks for some time -- Windows, since the Vista release, and macOS since Mac OS X 10.2.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/Qnk2FP3_r-I?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <section class="section main-article-chapter" data-menu-title="Why is defragmentation important?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why is defragmentation important?</h2> <p>Defragmentation can solve and mitigate computer problems such as slow speeds, freezes and extended boot times. If there is not enough contiguous space to hold complete files on an HDD, files can become fragmented, and the storage <a href="https://www.techtarget.com/whatis/definition/algorithm">algorithms</a> on the disk separate the data to fit it inside the available space. Defragmentation consolidates these fragmented files so all the related pieces are aligned.</p> <p>A fragmented hard drive is like a huge, jumbled-up load of laundry, with all the different clothing types and colors mixed up. Once the HDD is defragmented, system performance improves because all the jumbled-up data is reorganized and stored appropriately.</p> </section> <section class="section main-article-chapter" data-menu-title="The benefits of defragging"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The benefits of defragging</h2> <p>The following are the main benefits of defragmenting a hard drive:</p> <ul class="default-list"> <li><b>Files stay organized.</b> Over time, adding and deleting files from a hard drive can scatter the data, especially if it is running low on storage space. Defragmentation organizes the individual files, resulting in improved hard drive speed.</li> <li><b>Unused space is freed.</b> Any unused space on a hard drive can be maximized by defragmentation. Sometimes, it can also create more usable space if <a href="https://www.techtarget.com/whatis/definition/bit-binary-digit">bits</a> of data are left over from deleted files.</li> <li><b>The HDD life is extended.</b> With regular defragmentation, the files on a hard drive stay organized. This means the mechanical and <a href="https://www.computerweekly.com/feature/Spinning-disk-hard-drives-Good-value-for-many-use-cases">spinning components of a hard drive</a> aren't used as extensively, which, in turn, extends the lifespan of a hard drive.</li> </ul> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/example_of_file_fragmentation-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/example_of_file_fragmentation-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/example_of_file_fragmentation-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/example_of_file_fragmentation-f.png 1280w" alt="An image showing an HDD before and after defragmentation. " height="179" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>This shows a hard drive before and after defragmentation. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="How does fragmentation occur?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How does fragmentation occur?</h2> <p>Fragmentation happens over time and can be caused by many different things. The following are a few reasons why fragmentation occurs inside a hard drive:</p> <ul class="default-list"> <li>If an excessively large file, such as a media or movie file, cannot fit into the empty spaces on a hard drive, fragmentation will occur.</li> <li>If an existing file is updated, but the space it occupies does not have room for any new changes, then it will cause fragmentation.</li> <li>The file system -- the part of the operating system (OS) that controls how files are stored -- might break the files into smaller chunks when trying to save them quickly.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="How to perform defragmentation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to perform defragmentation</h2> <p>Most contemporary OSes have built-in disk defragmentation tools that perform the defragmentation process automatically. However, some OSes, such as Microsoft <a href="https://www.techtarget.com/searchenterprisedesktop/definition/Windows-7">Windows 7</a> and beyond, can also be defragmented manually.</p> <p>To manually defragment a hard drive on a <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Troubleshooting-the-most-common-issues-with-Windows-11">Windows 11 machine</a>, perform the following steps:</p> <ol class="default-list"> <li>Go to the search bar on the Start menu and type <b>defrag</b>.</li> <li>On the <b>Defragment and Optimize Drives </b>option, select the drive that needs to be defragmented and click on <b>Optimize</b>.</li> </ol> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/defrag-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/defrag-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/defrag-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/defrag-f.jpg 1280w" alt="A screenshot showing the defragmentation process for a Windows SSD." height="466" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>This shows the defragmentation process. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>This process is almost identical to defragmenting a server hard drive, such as a <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-2016">Windows Server 2016</a> or a <a href="https://www.techtarget.com/searchwindowsserver/tip/Compare-the-features-in-the-Windows-Server-2022-editions">Windows Server 2022</a> drive.</p> <p>It is also possible to change the schedule of defragmentation on a Windows 11 machine using the following steps:</p> <ol class="default-list"> <li>Go to the search bar on the Start menu and type <b>defrag</b>.</li> <li>On the <b>Defragment and Optimize Drives </b>option, select the drive where defragmentation needs to be rescheduled, and click on <b>Change settings</b> under <b>Scheduled optimization</b>. Options include daily, weekly, monthly or not at all.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="How often do you need to defrag a hard drive?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How often do you need to defrag a hard drive?</h2> <p>The frequency of defragging a hard drive depends on its usage. Because modern versions of both Windows and macOS come with built-in optimization tools, there's no need to manually perform defragmentation, especially if the computer is always on. However, if a device is routinely shut down after each use, its built-in defragmentation utilities might be prevented from running automatically. In such cases, running the defragmentation utility once a month is probably a good idea.</p> <p>By default, a Windows 11 machine defragments a hard drive once a week; macOS does not have a defragmentation schedule option but defragments in real time.</p> </section> <section class="section main-article-chapter" data-menu-title="How long does disk defragmentation take?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How long does disk defragmentation take?</h2> <p>The time required for defragmentation of a disk drive can vary considerably, due to the following factors:</p> <ul class="default-list"> <li><b>The size of the drive.</b> The larger the drive, the longer the defragmentation process lasts.</li> <li><b>Speed of the hard drive.</b> The faster the drive, the faster the defragmentation process goes.</li> <li><b>Speed of the processor. </b>The faster the processor executes the process, the faster the defragmentation proceeds.</li> <li><b>Fragmentation level.</b> The more fragmented the drive, the longer the defragmentation takes.</li> <li><b>First-time defragmentation. </b>If a hard drive has never been defragmented before, the first time might take longer than normal.</li> </ul> <p>It is also important to remember that solid-state drives do not require defragmentation.</p> </section> <section class="section main-article-chapter" data-menu-title="What's the difference between defragmentation and disk cleanup?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What's the difference between defragmentation and disk cleanup?</h2> <p>The terms <i>defragmentation</i> and <i>disk cleanup</i> are sometimes used interchangeably, but this is incorrect: They are different.</p> <p>Disk defragmentation is strictly limited to reorganizing the physical storage of data to group related data and improve storage and retrieval efficiency.</p> <p>Disk cleanup is also about storage efficiency, but its purpose is to remove files from storage that have accumulated over time but are no longer necessary. This includes temp files, system files and other files that are just taking up space.</p> <p><i>Primary data storage is often all-flash, but solid-state hybrid drives (SSHD) blend flash and hard disk drives. Learn </i><a href="https://www.techtarget.com/searchstorage/feature/Hybrid-drive-vs-SSD-Whats-best-for-your-organization"><i>how an SSHD differs from an SSD and an HDD</i></a>,<i> </i><i>and the benefits and drawbacks of each.</i></p> </section> Defragmentation, also known as 'defragging' or 'defrag,' is the process of rearranging the data on a storage medium, such as a hard disk drive (HDD), to ensure efficient storage and access. https://cdn.ttgtmedia.com/visuals/digdeeper/1.jpg https://www.techtarget.com/searchwindowsserver/definition/defragmentation Wed, 20 Aug 2025 15:37:00 GMT What is defragmentation? <p>NTFS, which stands for NT file system and the New Technology File System, is the <a href="https://www.techtarget.com/searchstorage/definition/file-system">file system</a> that many versions of the <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows">Windows</a> and <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-OS-operating-system">Windows Server</a> operating systems (<a href="https://www.techtarget.com/whatis/definition/operating-system-OS">OSes</a>) use for storing, organizing, and retrieving files on hard disk drives (<a href="https://www.techtarget.com/searchstorage/definition/hard-disk-drive">HDDs</a>) and solid-state drives (<a href="https://www.techtarget.com/searchstorage/definition/SSD-solid-state-drive">SSDs</a>).</p> <p>NTFS is the primary file system for recent versions of Windows and Windows Server OSes. A computer's OS creates and maintains the file system on a storage drive or device. The file system essentially organizes the data into files. It controls how data files are named, stored, retrieved and updated and what other information can be associated with the files -- for example, data on <a href="https://www.techtarget.com/searchwindowsserver/tip/This-PowerShell-module-takes-control-of-NTFS-permissions">file ownership and user permissions</a>.</p> <p>With Windows 2008, Microsoft introduced self-healing NTFS, which means that the file system can automatically correct transient corruption issues without taking the volume offline. Also, if a computer restarts after a system failure, NTFS automatically restores data using the <a href="https://www.techtarget.com/whatis/definition/log-log-file">log file</a> and checkpoint information.</p> <section class="section main-article-chapter" data-menu-title="How is NTFS used?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How is NTFS used?</h2> <p>NTFS continues to be the primary file system for Windows 10, Windows 11 and Windows Server versions 2016, 2019, 2022 and 2025. These Windows OSes use NTFS to organize, name and store files on SSDs and HDDs.</p> <p>NTFS can be used with Cluster Shared Volumes (CSV) to easily manage a large number of logical unit numbers (<a href="https://www.techtarget.com/searchstorage/definition/logical-unit-number">LUNs</a>) in a <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows-Server-failover-clustering">Windows Server failover cluster</a>. Additionally, the CSV provides continuously available volumes in these clusters. The NTFS volumes can be simultaneously accessed by multiple cluster nodes in a failover cluster. Multiple nodes in <a href="https://www.techtarget.com/searchcloudcomputing/definition/Windows-Azure">Azure</a> Local (versions 23H2 and 22H2) can also use NTFS and CSV to access the same disk (LUN) that's provisioned as an NTFS volume.</p> <p>The clustered roles can fail over quickly from one node to another without requiring a <a href="https://www.techtarget.com/searchstorage/definition/volume">volume</a> to be dismounted and then remounted. There's also no need to take a volume offline or use the disruptive chkdsk.exe tool to <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-scan-and-repair-disks-with-Windows-10-Check-Disk">correct transient corruption issues</a> of disk volumes. Instead, NTFS includes a self-healing capability by default to automatically, efficiently, and reliably eliminate corruption in the background. If there is a major issue that NTFS cannot automatically fix, it will notify users along with possible solutions.</p> <p>Authorized users, such as <a href="https://www.techtarget.com/searchnetworking/definition/system-administrator">system admins</a>, can use NTFS to restore a system after a failure event, such as a server crash. In addition, NTFS uses its log file and checkpoint information to recover data and maintain file system consistency. Admins can also use the chkdsk utility to scan and analyze the drive while the volume is online.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/posey_file_systems1_091620.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/posey_file_systems1_091620_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/posey_file_systems1_091620_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/posey_file_systems1_091620.jpg 1280w" alt="Screen capture showing Windows 10 using NTFS by default." height="222" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Screen capture showing Windows 10 using NTFS by default. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>NTFS is very useful when the space on a volume is limited because it allows flexible capacity allocations. <a href="https://www.itprotoday.com/microsoft-windows/how-can-i-copy-disk-quotas-from-one-volume-to-another-">Disk quotas</a> can be used to control disk space usage, while many files can be compressed to store more data on NTFS volumes. Volume space can also be increased by adding unallocated space.</p> <p>NTFS can be used to set permissions and access controls on files and folders. Also, data can be encrypted using <a href="https://www.techtarget.com/searchenterprisedesktop/definition/BitLocker">BitLocker Drive Encryption</a>. These approaches help to secure files and lower the possibility of corruption by malicious users like hackers and data thieves.</p> <p>NTFS is frequently used for large volumes up to 8 petabytes (<a href="https://www.techtarget.com/searchstorage/definition/petabyte">PB</a>), where older file systems like file allocation table (<a href="https://www.techtarget.com/whatis/definition/file-allocation-table-FAT">FAT</a>) and High-Performance File System (HPFS) are unsuitable. For large VDHX files larger than 1 terabyte (<a href="https://www.techtarget.com/searchstorage/definition/terabyte">TB</a>), users must use the Format-Volume <a href="https://www.techtarget.com/whatis/definition/cmdlet">cmdlet</a> in <a href="https://www.techtarget.com/searchwindowsserver/definition/PowerShell">Windows PowerShell</a> with specific Windows-defined parameters.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/rtyXJC6RdpA?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="How NTFS works"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How NTFS works</h2> <p>The OS determines which file system will be used. For example, NTFS is the default file system for Windows 10/11 and for all versions of Windows Server after version 2016. But older versions of Windows -- <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows-NT">Windows NT</a>, Windows 95, Windows 98, Windows 2000 -- support either HPFS or FAT file systems.</p> <p>When an HDD is formatted or initialized, it is divided into <a href="https://www.techtarget.com/searchstorage/definition/partition">partitions</a>. Partitions are the major divisions of the hard drive's physical space. Within each partition, the OS keeps track of all the files it stores. Each file is stored on the HDD in one or more <a href="https://www.techtarget.com/whatis/definition/cluster">clusters</a> or disk spaces of a predefined uniform size. A cluster refers to the smallest unit of size that the NTFS can reference when accessing storage</p> <p>In NTFS, cluster sizes range from 4 kilobytes (<a href="https://www.techtarget.com/searchstorage/definition/kilobyte">KB</a>), which is the default size, to 2048 KB. NTFS supports different combinations of cluster sizes and volumes. For example, a 4 KB cluster can have a maximum volume of 16 TB, while the maximum volume for a 2048 KB cluster can be as high as 8 PB.</p> <p>Cluster size and deployment often determine system performance. In general, higher cluster sizes offer increased volume and file capacity. This can be a big advantage when a volume holds many large files, and in situations involving the <a href="https://www.techtarget.com/searchvirtualdesktop/tip/What-is-Hyper-V-on-Windows-11-and-what-can-it-do">use of Hyper-V</a>, <a href="https://www.techtarget.com/searchdatamanagement/definition/SQL">Structured Query Language</a> or <a href="https://www.techtarget.com/searchstorage/definition/data-deduplication">deduplication</a>. On the other hand, smaller clusters can be used to minimize wasted space when storing small files. That said, Microsoft discourages the use of clusters smaller than 4 KB.</p> </section> <section class="section main-article-chapter" data-menu-title="NTFS features"> <h2 class="section-title"><i class="icon" data-icon="1"></i>NTFS features</h2> <p>Some of the notable features of NTFS include:</p> <ul class="default-list"> <li><b>Quick file access.</b> NTFS uses a binary tree directory scheme to index files and keep track of file clusters. This allows for efficient file sorting, organization, and retrieval.</li> <li><b>File size.</b> NTFS supports very large files, with maximum allowable volumes of 16 TB.</li> <li><b>Continuously available volumes</b>. NTFS can be used with the CSV file system in Windows Server failover clusters to enable multiple cluster nodes to access continuously available volumes simultaneously.</li> <li><b>User permissions.</b> NTFS has an access control list (<a href="https://www.techtarget.com/searchnetworking/definition/access-control-list-ACL">ACL</a>) that lets a server administrator control who can access specific files and the access type.</li> <li><b>Compression.</b> Integrated file <a href="https://www.techtarget.com/searchstorage/definition/compression">compression</a> shrinks file sizes and provides more storage space.</li> <li><b>Unicode file naming.</b> Because it supports file names based on <a href="https://www.techtarget.com/whatis/definition/Unicode">Unicode</a>, long file names can be used with a wider array of characters. Short names can also be used on the system volume to ensure application compatibility. NTFS also supports extended-length paths.</li> <li><b>Security features.</b> NTFS provides increased data security with features like encryption, rich <a href="https://www.techtarget.com/whatis/definition/metadata">metadata</a> and disk quotas.</li> <li><b>Extra storage space. </b>With NTFS, extra storage space can be created by mounting a volume at any empty folder on a local NTFS volume.</li> </ul> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windowsserver-what_is_metadata-h.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windowsserver-what_is_metadata-h_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windowsserver-what_is_metadata-h_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windowsserver-what_is_metadata-h.png 1280w" alt="Text illustration showing a presenter highlighting examples of metadata" height="244" width="279"> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Advantages of NTFS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Advantages of NTFS</h2> <p>There are several advantages to using NTFS, which are included below.</p> <ul class="default-list"> <li><b>Support for large volumes.</b> NTFS supports volumes ranging in size from 16 TB to 8 PB on Windows Server 2019 and newer, and on Windows 10, v1709 and newer.</li> <li><b>Control.</b> NTFS provides disc quotas, which enable administrators to limit and control the amount of storage space on shared drives.</li> <li><b>Performance.</b> NTFS uses file compression, which shrinks file sizes, increasing file transfer speeds and providing more storage space.</li> <li><b>Security.</b> NTFS's built-in security features let administrators grant permissions to sensitive data, restricting access to certain users. NTFS also supports <a href="https://www.techtarget.com/searchsecurity/definition/encryption">encryption</a> to protect data integrity.</li> <li><b>Easy logging for transaction rollbacks.</b> NTFS logs all <a href="https://www.techtarget.com/searchcio/definition/transaction">transactions</a>, making it possible to rollback transactions in order to restore a system and recover data. The built-in logging and auditing system also allows administrators to track files that have been deleted, added or changed in any way.</li> <li><b>Reliability.</b> Data and files can be quickly restored in the event of a system failure or error, because NTFS dynamically remaps clusters with bad sectors and allocates new clusters for data.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Disadvantages of NTFS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Disadvantages of NTFS</h2> <p>The main disadvantages of the NTFS file system are:</p> <ul class="default-list"> <li><b>Limited OS compatibility.</b> The main disadvantage of NTFS is that it is read-only with non-Windows OSes, such as <a href="https://www.techtarget.com/whatis/definition/Mac-OS">macOS</a>.</li> <li><b>It's unsuitable for smaller volumes.</b> NTFS has a lot of space overhead -- 4 megabytes (<a href="https://www.techtarget.com/searchstorage/definition/megabyte">MB</a>) of drive space on a 100-MB partition -- making it unsuitable for volumes smaller than 400 MB. The overhead also makes it impossible to format floppy disks with NTFS.</li> <li><b>No built-in file encryption. </b>While NTFS provides data encryption, it doesn't support file encryption. This can allow anyone to view the data stored on an NTFS volume, for example, by using a low-level disk editing utility.</li> <li><b>Possible partition size limitations. </b>Underlying hardware limitations might limit the partition size possible with NTFS. The partition table is also limited to a maximum of 2 TB.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="NTFS vs. FAT vs. HPFS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>NTFS vs. FAT vs. HPFS</h2> <p>File systems are generally differentiated by the OS and the type of drive they are used with. NTFS is one <a href="https://www.techtarget.com/searchstorage/feature/4-different-file-systems-and-how-theyre-evolving">type of file system</a>. NTFS is the Windows 10/11/Server equivalent of the older Windows file systems: FAT and HPFS.</p> <p>Although NTFS, FAT, and HPFS are all file systems for Windows OSes, they have several differences.</p> <p>Both FAT and HPFS are only supported under older versions of Windows. In particular, HPFS, which was first introduced with OS/2 1.2, is now only supported under the now-end-of-life (<a href="https://www.techtarget.com/whatis/definition/end-of-life-EOL">EOL</a>) Windows NT OS versions 3.1, 3.5, and 3.51. FAT (specifically, FAT32) is available for Windows 98/Windows 95 OSR2 and Windows 2000.</p> <p>FAT is a very simple file system. A FAT-formatted disk is allocated in clusters. The cluster size depends on the volume size. FAT supports only read-only, hidden, system and archive file attributes.</p> <p>FAT uses a file allocation table that resides at the very top of the volume and is stored -- along with the root directory -- in a fixed location to allow for the system's <a href="https://www.techtarget.com/searchwindowsserver/definition/boot">boot</a> files to be correctly located. The FAT directory structure is not organized in any particular way. Every time a file is created, an entry is created in the FAT table. The FAT table must be regularly updated to prevent data loss.</p> <p>One advantage of the FAT system is that it allows for file undeletes. Undeletes are not possible with older Windows OS (e.g., Windows NT) and their associated older file systems. Also, FAT starts out with little overhead, making it a suitable file system for drives or partitions that are smaller than 200 MB. The main drawback of FAT is that for volumes of over 200 MB, disk performance tends to decrease. Another is that it is not possible to set permissions on files that are FAT partitions.</p> <p>HPFS organizes drives into multiple 8-MB bands, with files usually contained within one of these bands and in contiguous sectors. The file system maintains the directory organization of FAT, although directory entries under HPFS hold more information than they would under FAT. Also, unlike FAT where files are given the first open location on the drive, the directory entries in HPFS point to the FNODE. HPFS also automatically sorts the directory based on filename and provides increased flexibility by allowing for files to be composed of data and special attributes.</p> <p>In contrast to FAT, HPFS is best for drives in the 200-400 MB volume range. It is not suited for volumes under 200 MB due to the overhead involved. And for volumes over 400 MB, it often causes performance degradation. Another limitation of HPFS is that it is not possible to set security on HPFS under Windows NT.</p> <p>NTFS supports bigger volumes and cluster sizes than HPFS and FAT. Unlike these other file systems, NTFS doesn't use any special locations or objects on the disc. Additionally, it is not dependent on the underlying hardware, so it can often avoid partition size limitations.</p> </section> <section class="section main-article-chapter" data-menu-title="Advantages of NTFS over FAT and HPFS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Advantages of NTFS over FAT and HPFS</h2> <p>Like HPFS, NTFS organizes files into directories and also automatically sorts the directories based on filenames.</p> <p>NTFS offers several improvements over FAT and HPFS in terms of performance, extendibility and security. It also removes many of FAT and HPFS's limitations. For example, it increases the size of files and volumes. In fact, it can support volumes as large as 8 PB on Windows Server 2019 and newer and Windows 10, version 1709 and newer.</p> <p>Additionally, NTFS provides excellent performance even with larger volumes (400 MB or more). This is one of its standout advantages over FAT and HPFS.</p> <p>NTFS also eliminates problems related to a fixed sector size (common with HPFS). Additionally, performance does not degrade with larger volume sizes (common with FAT), making NTFS ideal for volumes of 400 MB or more. These advantages are particularly valuable for high-end systems and <a href="https://www.techtarget.com/searchnetworking/definition/file-server">file servers</a>.</p> <p>Unlike HPFS, NTFS doesn't include special data objects. This allows the file system to avoid fatal single-sector failures. It also tracks and protects all the objects on the disk and maintains multiple copies of the <a href="https://www.itprotoday.com/it-infrastructure/jsi-tip-2709-manage-the-size-of-the-master-file-table-reserved-zone-on-windows-2000-">Master File Table</a> (MFT).</p> <p>NTFS also allows for better recoverability because it keeps track of transactions through a log. Chkdsk can use the log to roll back transactions to the last commit point to recover files and also maintain consistency within the file system. The built-in recoverability capabilities in NTFS mean that there's rarely any need to run a disk repair utility on NTFS partitions to recover data and avoid data loss.</p> <p>NTFS also supports <a href="https://www.techtarget.com/searchwindowsserver/definition/hotfix">hot fixing</a>. When it detects a bad sector, it uses a table of hotfixes to handle write errors. It does this by using the hotfixes entry to logically point to an existing good sector and mark the original sector as bad. FAT does not support hot fixing. HPFS does support hot fixing, but not with the version included in Windows NT.</p> <p>NTFS provides additional functionality unavailable with FAT or HPFS. It provides a rich and flexible platform that other file systems can use. NTFS also supports multiple <a href="https://www.techtarget.com/searchnetworking/definition/data-streaming">data streams</a>, is POSIX.1 compliant, and allows for the addition of user-defined attributes to a file.</p> <p>Finally, NTFS includes numerous security features that are not available with FAT or HPFS. For one, it fully supports the Windows NT security model. It provides ACL-based security for files and folders, meaning certain authorized users (e.g., admins) can set permissions and restrict or allow specific users and groups. NTFS also supports BitLocker drive encryption to protect critical system information on NTFS volumes.</p> </section> <section class="section main-article-chapter" data-menu-title="NTFS vs. FAT32 vs. exFAT"> <h2 class="section-title"><i class="icon" data-icon="1"></i>NTFS vs. FAT32 vs. exFAT</h2> <p>Microsoft developed FAT32, the 32-bit version of the FAT file system, before NTFS, making FAT32 the oldest Windows file system. FAT 32 works with every version of Mac, Linux and Windows. However, it is generally considered less efficient than NTFS.</p> <p>In contrast to NTFS, which supports volumes of up to 8 PB in size, FAT32 has a smaller 4 GB file size. This means file partitions are limited to a maximum size of 4 GB. If a file size is larger, FAT32 is not particularly efficient.</p> <p>FAT32 is easier to format and simpler to use than NTFS. Its file allocation table is a less complex way to organize files than the MFT in NTFS. For these reasons, FAT32 is more commonly used with devices that need wide compatibility, such as memory cards, external hard drives, and devices with USB ports.</p> <p>An evolution of FAT32 is exFAT. It retains the positive characteristics of FAT32 -- a lightweight, more flexible file allocation system -- while overcoming some of its limitations. For example, FAT32 can only store files up to 4 GB, while exFAT can handle file sizes of up to 128 PB. Unlike FAT32, which allows a maximum partition size of 2 TB, exFAT allows partitions of up to 128 TB. These improvements make exFAT suitable for removable drives that have larger file sizes (+4 GB) but don't need the wide compatibility provided by FAT32.</p> <p>exFAT works with Windows and modern versions of macOS systems. It requires additional software to work with older Linux systems, although it does work with Linux Kernel 5.7 and newer Linux versions. In contrast, NTFS only works with Windows systems. It is read-only on Mac systems and works with some Linux systems.</p> <p>NTFS is the best choice for formatting internal hard drives if the system uses a Windows OS since it supports large and continuously available volumes, increases system reliability by correcting <a href="https://www.techtarget.com/searchwindowsserver/tip/How-to-detect-data-corruption-in-files-and-folders">corruption issues</a>, and provides numerous data security features including encryption, disk quotas, and rich metadata.</p> <p>The file system chosen -- NTFS, FAT, or exFAT-- mainly depends on the device type. FAT32 is best suited for USB drives, removable HDDs and gaming consoles with file sizes smaller than 4 GB, regardless of whether the system is based on Windows, Mac or Linux OS. ExFAT can be a better choice for external hard drives or flash drives that need storage capacities greater than 4 GB.</p> </section> <section class="section main-article-chapter" data-menu-title="The file system takeaway"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The file system takeaway</h2> <p>All the file systems discussed above -- NTFS, FAT32, HPFS, and exFAT -- have their strengths and weaknesses. However, each is also used in a variety of computing contexts, from personal computing to the enterprise. NTFS is prominent among the three because of its connection to Windows.</p> <p><i>Learn more about the differences between these </i><a href="https://www.techtarget.com/searchwindowsserver/answer/Whats-the-difference-between-FAT32-FAT16-and-NTFS"><i>well-established file systems</i></a><i> and how they are used in enterprises today.</i></p> </section> NTFS, which stands for NT file system and the New Technology File System, is the file system that many versions of the Windows and Windows Server operating systems (OSes) use for storing, organizing, and retrieving files on hard disk drives (HDDs) and solid-state drives (SSDs). https://cdn.ttgtmedia.com/visuals/digdeeper/5.jpg https://www.techtarget.com/searchwindowsserver/definition/NTFS Wed, 09 Jul 2025 12:30:00 GMT What is NTFS and how does it work? <p>The blue screen of death (BSOD) -- also known as a stop error screen, blue screen error, fatal error or bugcheck -- is a critical error screen that can be displayed by <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows">Microsoft Windows</a> operating systems (OSes). In June 2025, Microsoft <a href="https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/" target="_blank" rel="noopener">announced</a> that they were retiring the BSOD after 32 years. The new interface for unexpected restarts will be available in late summer 2025 across all Windows 11 24H2 devices. It will feature a black screen and maintain any necessary technical information on-screen.</p> <p>If and when a BSOD appears, it is an indication that Microsoft Windows has encountered a very severe issue from which it cannot recover on its own. A BSOD functionally renders an affected system nonoperational until the issue is resolved with some form of intervention by the user.</p> <p>The term <i>blue screen of death</i> is a reference to the color of a user's system screen when the BSOD is triggered. A user's screen will turn blue with white text, providing a message that the system has encountered a problem. Once the BSOD appears, the system is largely inoperable or dead from a functional perspective.</p> <p>A BSOD incident typically comes with no warning and all unsaved work is immediately lost. That could be the least of a user's problems, as the system is not usable until the issue that triggered the BSOD is resolved.</p> <p>BSODs have been a part of the Windows OS since the release of <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows-NT">Windows NT</a> 3.1 in 1993. It was originally designed as a <a href="https://www.techtarget.com/searchdatacenter/definition/kernel">kernel</a> error handler for situations where the OS couldn't recover from a critical error. A BSOD is intended to act as a protective measure, forcing the system to shut down to prevent catastrophic hardware failure.</p> <p>A BSOD is a full system failure at the Windows kernel level due to an issue with Windows drivers and/or hardware. It is not an application crash. If the browser crashes, Windows continues to run. It's very rare that an app can cause a blue screen because they commonly run at a higher level in the OS.</p> <p>While a BSOD has always had white text on a blue screen, the information and design of the BSOD has changed. Over the years, Microsoft has modified the BSOD's appearance and the information it displays in an attempt to make it somewhat user-friendly and informative.</p> <section class="section main-article-chapter" data-menu-title="What causes BSOD?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What causes BSOD?</h2> <p>A BSOD incident can be triggered by several hardware and software issues.</p> <h3>Hardware failures</h3> <p>Among the types of hardware issues that can be at fault are the following:</p> <ul class="default-list"> <li>Faulty memory, including system random access memory (<a href="https://www.techtarget.com/searchstorage/definition/RAM-random-access-memory">RAM</a>).</li> <li>Overheating components.</li> <li>Processor (<a href="https://www.techtarget.com/whatis/definition/processor">CPU</a>) malfunctions.</li> <li>Graphics processing unit (<a href="https://www.techtarget.com/searchvirtualdesktop/definition/GPU-graphics-processing-unit">GPU</a>) malfunctions and motherboard <a href="https://www.techtarget.com/whatis/definition/BIOS-basic-input-output-system">BIOS</a> bugs.</li> <li>Power supply issues.</li> <li>Hardware running beyond its specification limits.</li> </ul> <h3>Software conflicts</h3> <p>Various types of software issues can also lead to a BSOD, including the following:</p> <ul class="default-list"> <li>Poorly written or incompatible <a href="https://www.techtarget.com/searchenterprisedesktop/definition/device-driver">device drivers</a>.</li> <li>Bugs in the OS kernel.</li> <li>Corrupted system files.</li> <li>Conflicts between system processes.</li> <li><a href="https://www.techtarget.com/searchsecurity/tip/10-common-types-of-malware-attacks-and-how-to-prevent-them">Malware infections</a>.</li> <li>Recent software updates. As seen in the 2024 CrowdStrike incident, third-party software updates can also cause widespread BSOD issues by introducing kernel-level conflicts.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Common BSOD stop codes"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Common BSOD stop codes</h2> <p>During a BSOD, stop codes appear at the bottom of the screen. There are 270 <a target="_blank" href="https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-code-reference2" rel="noopener">stop codes</a>, but most are exceptionally rare. The following are the most common:</p> <ul class="default-list"> <li><span style="font-family: 'courier new', courier, monospace;">KMODE_EXCEPTION_NOT_HANDLED</span> is an error in the kernel process associated with incompatibility or equipment malfunction.</li> <li><span style="font-family: 'courier new', courier, monospace;">NTFS_FILE_SYSTEM</span> is a drive error caused during read or write, usually due to data integrity on disk or in memory.</li> <li><span style="font-family: 'courier new', courier, monospace;">DATA_BUS_ERROR</span> is the result of errors in RAM. The cause might be incompatible or defective memory sticks.</li> <li><span style="font-family: 'courier new', courier, monospace;">IRQL_NOT_LESS_OR_EQUAL</span> is an error that might be due to a malfunction of the drivers, system services or incompatible software.</li> <li><span style="font-family: 'courier new', courier, monospace;">PAGE_FAULT_IN_NONPAGED_AREA</span> is an error related to the swap file during operation of file systems or failure of a service or software.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Troubleshooting and resolving BSOD"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Troubleshooting and resolving BSOD</h2> <p>By taking the following troubleshooting steps, it's often possible to quickly resolve a BSOD incident:</p> <ol class="default-list"> <li><b>Document the error code.</b> When a BSOD appears, users should write down the error code.</li> <li><b>Reboot the system.</b> Windows will attempt to determine the problem and fix it. In some instances, that will be enough to address the problem.</li> <li><b>Review recent system changes.</b> If the problem persists, users should think back to what they did before the BSOD occurred. Was a new program installed, driver updated, or new app installed or upgraded? If so, that might have caused the BSOD.</li> <li><b>Run System File Checker.</b> Corrupt system files are a common root cause of a BSOD.</li> <li><b>Safe mode.</b> Boot into safe mode to uninstall recent updates or drivers that might have caused the issue.</li> <li><b>Test hardware.</b> Test system RAM, monitor system temperatures and verify power supply integrity.</li> <li><b>Consider a System Restore.</b> If the error persists after a user installs a new program/hardware, updates a driver or installs a Windows update, consider a system rollback using <a href="https://www.techtarget.com/searchwindowsserver/definition/System-Restore">System Restore</a>. This Windows feature takes a snapshot of a computer, OS and apps, and saves it for emergencies such as this.</li> <li><b>Scan for malware.</b> A virus check for a persistent BSOD is a good idea. Users should restart their computers in safe mode by hitting F5 at boot for the menu option and then run their antivirus software. An even better option is to have a USB drive with a preinstalled antivirus to boot from rather than the computer. However, users must plan ahead to create and use such a USB drive.</li> <li><b>Use the Blue Screen Troubleshooter.</b> Both Windows 10 and Window 11 have the Get Help app that integrates a useful troubleshooting tool. After rebooting in safe mode, type "Troubleshoot BSOD error" in the Get Help app and then follow the guided process to help troubleshoot BSOD issues.</li> <li><b>Start over with a clean install.</b> As a last-resort option, users can <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-perform-a-factory-reset-on-a-Windows-11-desktop">reset Windows</a> or perform a <a href="https://www.techtarget.com/searchitchannel/definition/clean-install">clean install</a>. However, users should back up all important data to an external hard drive before reinstalling Windows.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="Prevention measures for BSOD"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Prevention measures for BSOD</h2> <p>Though not all BSOD incidents can be easily prevented by users, the following steps can be taken to reduce the risk:</p> <ul class="default-list"> <li><b>Keep Windows and drivers updated.</b> Regularly update the Windows OS and device drivers to ensure compatibility and fix known issues.</li> <li><b>Use reliable antivirus/antimalware software. </b>Install and maintain up-to-date antivirus software with an active scanner and firewall to protect against malware that can potentially trigger a BSOD.</li> <li><b>Monitor system performance.</b> Use built-in Windows tools, including the Resource Monitor, to <a href="https://www.techtarget.com/searchitoperations/feature/Compare-8-tools-for-IT-monitoring">keep an eye on system performance</a> and identify potential issues before they cause a BSOD.</li> <li><b>Maintain proper hardware cooling.</b> Monitor system temperature and ensure the system is functioning correctly to prevent overheating. Part of that effort can be as easy as cleaning dust from fans and vents regularly.</li> <li><b>Avoid overclocking.</b> Refrain from overclocking system resources beyond manufacturer specifications, as this can lead to system instability and a BSOD.</li> <li><b>Be cautious with new software installations.</b> Only download and install software from reputable sources to minimize the risk of malware or incompatible programs.</li> <li><b>Perform regular disk checks.</b> Use Windows' built-in tools, such as CHKDSK, to scan for and repair disk errors that could lead to system crashes.</li> <li><b>Run memory diagnostics.</b> Periodically use the Windows Memory Diagnostic tool to check for RAM issues that could cause a BSOD.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Changes to the BSOD in late summer 2025"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Changes to the BSOD in late summer 2025</h2> <p>In the announcement, Microsoft stated that a resilient organization has the ability to "maintain productivity and minimize disruptions," which is why they are moving away from the BSOD, in favor of "streamlining the unexpected restart experience."</p> <p>As well as waving goodbye to the famous blue screen, Windows is incorporating quick machine recovery - a recovery mechanism for PCs - and improvements to crash dump collection to reduce restart time for users. Microsoft says these changes are part of a larger effort to reduce descriptions caused by unexpected restarts.</p> </section> <section class="section main-article-chapter" data-menu-title="BSOD in different Windows versions"> <h2 class="section-title"><i class="icon" data-icon="1"></i>BSOD in different Windows versions</h2> <p>The BSOD screen has changed over the years across multiple versions of Windows.</p> <p>Up to Windows 7, the BSOD was full of hardware information that was useless to most users.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/editorial/062819_SED_BSOD_Fig2.png"> <img data-src="https://www.techtarget.com/rms/editorial/062819_SED_BSOD_Fig2_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/editorial/062819_SED_BSOD_Fig2_mobile.png 960w,https://www.techtarget.com/rms/editorial/062819_SED_BSOD_Fig2.png 1280w" alt="Screenshot of the former blue screen of death format." data-credit="TheWindowsClub.com" height="351" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>This is the old blue screen of death format. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Starting with Windows 8, it scaled down the amount of information and put a large sad emoticon on the screen. It also put a QR code on the screen so users can look up the cause of the blue screen with their smartphones.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/editorial/062819_SED_New-BSOD_Fig3.png"> <img data-src="https://www.techtarget.com/rms/editorial/062819_SED_New-BSOD_Fig3_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/editorial/062819_SED_New-BSOD_Fig3_mobile.png 960w,https://www.techtarget.com/rms/editorial/062819_SED_New-BSOD_Fig3.png 1280w" alt="Screenshot of the blue screen of death format for Windows 10." data-credit="TheWindowsClub.com" height="270" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>This is the new BSOD format with Windows 10. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Windows 11 briefly experimented with a black screen before reverting to blue.</p> </section> <section class="section main-article-chapter" data-menu-title="The CrowdStrike BSOD"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The CrowdStrike BSOD</h2> <p>Perhaps the most infamous BSOD ever occurred in July 2024 with the <a href="https://www.techtarget.com/whatis/feature/Explaining-the-largest-IT-outage-in-history-and-whats-next">CrowdStrike incident</a>.</p> <p>CrowdStrike is an endpoint security vendor whose technology is widely deployed across large enterprise and mission-critical operations across the transportation, <a href="https://www.techtarget.com/healthtechsecurity/news/366596025/Global-IT-outage-forces-hospitals-to-cancel-appointments">healthcare</a>, financial services and media sectors.</p> <p>The CrowdStrike Falcon endpoint agent hooks into Microsoft as a Windows kernel process. A logic <a href="https://www.techtarget.com/searchsecurity/news/366596023/Defective-CrowdStrike-update-triggers-mass-IT-outages">flaw in an automated update for CrowdStrike</a> triggered a BSOD that had a massive impact on IT around the world.</p> </section> <section class="section main-article-chapter" data-menu-title="BSOD in non-Windows systems"> <h2 class="section-title"><i class="icon" data-icon="1"></i>BSOD in non-Windows systems</h2> <p>A BSOD is specific to Microsoft Windows OS, but there are somewhat similar kinds of critical errors on non-Windows systems.</p> <p>In both Linux and Apple macOS there is the concept of a <a href="https://www.techtarget.com/searchdatacenter/definition/kernel-panic">kernel panic</a>. That error screen can vary based on OS version. Much like a BSOD, a kernel panic is triggered by bad code interacting with the OS kernel, which then renders the system unstable.</p> </section> The blue screen of death (BSOD) -- also known as a stop error screen, blue screen error, fatal error or bugcheck -- is a critical error screen that can be displayed by Microsoft Windows operating systems (OSes). https://cdn.ttgtmedia.com/visuals/digdeeper/1.jpg https://www.techtarget.com/searchwindowsserver/definition/blue-screen-of-death-BSOD Wed, 02 Jul 2025 00:00:00 GMT What is the blue screen of death (BSOD)? <p>Active Directory (AD) is Microsoft's proprietary directory service that enables network admins to manage users, permissions and their access to networking resources. It runs on <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-OS-operating-system">Windows Server</a> and stores information about <a href="https://www.techtarget.com/searchapparchitecture/definition/object">objects</a>, such as shared network resources, on a corporate network in a logical, hierarchical format. This enables administrators to manage those resources, as well as the users who need to access those resources to get their work done.</p> <p>A <a href="https://www.techtarget.com/searchwindowsserver/definition/domain-controller">domain controller</a> is needed to run the AD service. A <a href="https://www.techtarget.com/whatis/definition/domain">domain</a> controller is a server running a version of the Windows Server operating system that has Active Directory Domain Services (<a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Active-Directory-Domain-Services-AD-DS">AD DS</a>) installed. By installing AD DS, admins can configure a specific server role for a computer, such as the role of a domain controller.</p> <section class="section main-article-chapter" data-menu-title="What is the role of Active Directory and what is it used for?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is the role of Active Directory and what is it used for?</h2> <p>Active Directory stores data about all the objects on a network. An object is a single element, such as a user, group, application or shared device, such as a server or printer. Objects are normally defined as either resources, such as printers or computers, or security principals, such as users or groups.</p> <p>Active Directory uses a set of rules known as the <i><a href="https://www.techtarget.com/searchdatamanagement/definition/schema">schema</a></i> to define object classes and their attributes. The schema also determines the format of each object's name. AD also includes a global catalog that contains information about all the objects. The schema and global catalog make it easy for network admins to identify and manage objects. Also, by storing relevant information about user accounts on a network, such as their names and passwords, AD enables other authorized users and admins on that network to access this information.</p> <p>AD also enables admins, users and applications to publish and find objects and the objects' properties. They can do this via AD's <a href="https://www.techtarget.com/searchdatamanagement/definition/query">query</a> and index mechanism. Additionally, AD provides a <a href="https://www.techtarget.com/searchdisasterrecovery/definition/data-replication">replication</a> service that has two roles. It ensures that all domain controllers in a network contain a complete copy of all directory information for their domain, and it ensures that any change to the data in the directory is replicated to all domain controllers in the domain. By maintaining replicas of directory data on all domain controllers, the replication service ensures the directory's availability and also optimizes its performance for all users.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h.png 1280w" alt="what are the services in Active Directory graphic" height="304" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Microsoft Active Directory provides a variety of services to manage network security and control access to applications and other resources. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="What is Active Directory Domain Services?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is Active Directory Domain Services?</h2> <p>In older versions of Windows Server -- Windows 2000 Server and Windows Server 2003 -- the directory service was named Active Directory. However, from Windows Server 2008 R2 and Windows Server 2008 onward, Microsoft changed the name of the directory service to Active Directory Domain Services.</p> <p>AD DS stores directory information, including information about user accounts. It does this using a <a href="https://www.techtarget.com/whatis/definition/structured-data">structured data</a> store known as the <i>directory</i>. This directory enables the directory information to be organized in a logical and hierarchical format. AD DS also makes directory data available to authorized network users and administrators, allowing them to access it as required.</p> <p>As with AD, AD DS includes a replication system that automatically builds and updates the global catalog server, which is a domain controller. This catalog stores a full, writable replica of all objects and their attributes in a domain, as well as partial, <a href="https://www.techtarget.com/searchwindowsserver/definition/Read-only">read-only</a> replicas of all the other domains in the <a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory-forest-AD-forest">forest</a>. Such attribute replication makes it easy for users and admins to search for objects in AD DS.</p> <p>AD DS provides security through built-in sign-in <a href="https://www.techtarget.com/searchsecurity/definition/authentication">authentication</a> and <a href="https://www.techtarget.com/searchsecurity/definition/access-control">access control</a> mechanisms. These mechanisms allow authorized users to access network resources and enable admins to easily manage directory data and organization throughout the network using a single network username and password.</p> <p>To further support network admins, AD DS provides policy-based administration. This enables admins to easily manage even complex networks.</p> </section> <section class="section main-article-chapter" data-menu-title="Active Directory modes, protocols and services"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Active Directory modes, protocols and services</h2> <p>Several different services constitute Active Directory. The main service is Domain Services, but Active Directory also has the following other services:</p> <ul class="default-list"> <li><strong>Active Directory Lightweight Directory Services (AD LDS)</strong> is an independent mode of AD, meaning it operates independently of AD domains or forests and can be installed without affecting AD. It provides directory services for applications, including a data store, and uses standard application programming interfaces (<a href="https://www.techtarget.com/searchapparchitecture/definition/application-program-interface-API">APIs</a>) to access application data. However, it doesn't include AD's infrastructure features.</li> <li><strong>Lightweight Directory Access Protocol (<a href="https://www.techtarget.com/searchmobilecomputing/definition/LDAP">LDAP</a>)</strong> is a directory service protocol used to access and maintain directories over a network. Based on a <a href="https://www.techtarget.com/searchnetworking/definition/client-server">client-server</a> model, LDAP runs on a layer above the <a href="https://www.techtarget.com/searchnetworking/definition/TCP-IP">TCP/IP</a> stack. LDAP cannot be used to create directories or to specify how a directory service should operate. Its main function is to help with directory management.</li> <li><strong>Active Directory Certificate Services (AD CS)</strong> is used to generate, manage and share <a href="https://www.techtarget.com/searchsecurity/definition/PKI">public key infrastructure</a> certificates. A certificate uses encryption to enable a user to exchange information over the internet securely with a <a href="https://www.techtarget.com/searchsecurity/definition/public-key">public key</a>. These certificates provide confidentiality through encryption; authenticate computers, users and device accounts on a network; and help to maintain the integrity of digital documents through <a href="https://www.techtarget.com/searchsecurity/definition/digital-signature">digital signatures</a>.</li> <li><strong>Active Directory Federation Services (<a href="https://www.techtarget.com/searchmobilecomputing/definition/Active-Directory-Federation-Services-AD-Federation-Services">AD FS</a>)</strong> authenticates user access to multiple applications -- even on different networks -- using single sign-on (<a href="https://www.techtarget.com/searchsecurity/definition/single-sign-on">SSO</a>). As the name indicates, SSO only requires the user to sign on once rather than use multiple dedicated authentication keys for each service. By allowing the secure sharing of digital identity and entitlements rights across security and enterprise boundaries, AD FS helps to streamline user experiences as they access internet-facing applications.</li> <li><strong>Active Directory Rights Management Services (AD RMS)</strong> enables organizations to protect their documents using information rights management (<a href="https://www.techtarget.com/searchcontentmanagement/definition/information-rights-management-IRM">IRM</a>). With AD RMS, they can create IRM policies to specify who can access sensitive information, thus preventing its use or misuse by unauthorized people.</li> </ul> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/SK8Yw-CiRHk?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Key features of AD and AD DS logical model"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Key features of AD and AD DS logical model</h2> <p>Active Directory Domain Services uses a logical model consisting of forests, domains and organizational units (<a href="https://www.techtarget.com/searchwindowsserver/definition/organizational-unit-OU">OUs</a>). This model is important because it provides a way to do the following:</p> <ul class="default-list"> <li>Store and manage information about network resources.</li> <li>Store and manage application-specific data from directory-enabled applications.</li> <li>Enable administrators to organize users, computers, devices and other elements of a network into a hierarchical containment structure.</li> </ul> <p>Different objects, such as users and devices that share the same database, are on the same domain. A <a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory-tree-AD-tree">tree</a> is one or more domains grouped together with hierarchical trust relationships. A forest is a group of multiple trees. Forests provide security boundaries, while domains -- which share a common database -- can be managed for settings such as authentication and encryption. These different elements have the following functions:</p> <ul class="default-list"> <li>A <b>forest </b>is the top-level container in AD DS. It refers to a group of one or more AD domains. It provides a common logical structure for those domains and automatically links them with two-way, transitive trust relationships. These relationships enable AD DS to provide security across multiple domains or forests. They also enable domains to extend authentication services to users in domains outside their own forest.</li> <li>A <b>domain </b>is a container or partition within a forest. It provides network-wide user identity, so user identities need to be created only once. Once that is done, they can be referenced on any computer joined to the forest in which that domain is located. Domains use one or more domain controllers to store user accounts and user credentials, provide authentication services for users and control access to network resources. A domain controller for a particular domain has a copy of the directory for the entire domain in which it is located.</li> <li>An <b>OU</b> is the smallest element of the AD DS logical model. OUs form a hierarchy of containers within a domain. Admins typically use OUs to simplify administrative tasks, such as the application of <a href="https://www.techtarget.com/searchwindowsserver/definition/Group-Policy">Group Policies</a>. OUs are also useful for the delegation of authority, which allows owners to transfer administrative control -- full or limited -- over objects to other users or groups in order to simplify the management of those objects.</li> </ul> <p>The domain-forest-OU model of AD DS applies regardless of the <a href="https://www.techtarget.com/searchnetworking/definition/network-topology">network topology</a> and the number of domain controllers required within each domain.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/windowsserver-domain_forest_configuration-f.png"> <img data-src="https://www.techtarget.com/rms/onlineImages/windowsserver-domain_forest_configuration-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/windowsserver-domain_forest_configuration-f_mobile.png 960w,https://www.techtarget.com/rms/onlineImages/windowsserver-domain_forest_configuration-f.png 1280w" alt="domain forest configuration diagram" height="358" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Microsoft uses a tree and forest arrangement to create hierarchies with Active Directory to manage network assets and user access to network resources. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Key features of AD and Active Directory Domain Services"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Key features of AD and Active Directory Domain Services</h2> <p>One of the main features of AD and AD DS is that they use a structured and hierarchical data store to logically organize and publish directory information, i.e., information about the objects stored in the AD DS directory. These objects may include the following:</p> <ul class="default-list"> <li>Users.</li> <li>Groups.</li> <li>Computers.</li> <li>Domains.</li> <li>OUs.</li> <li>Security policies.</li> </ul> <p>A standardized schema is used to define object classes, attributes and names, as well as the constraints and limits on instances of these objects. The default schema in AD is modeled after the International Organization for Standardization <a href="https://www.techtarget.com/searchsecurity/definition/X509-certificate">X.500</a> series of standards for directory services. It is also extensible, meaning classes and attributes can be added to it and modified as needed. The AD schema is stored in the schema directory partition and replicated to all domain controllers in a forest.</p> <p>Another important feature of AD is that it uses four directory partition types to store and copy different types of data in the Ntds.dit file on a domain's domain controller. Users and administrators can access this information throughout a domain. A directory partition typically contains data about a domain, configuration, schema and applications.</p> <p>AD and AD DS feature a query and index mechanism. This mechanism enables network users or applications to find objects and their properties stored in AD. Finally, AD's replication service distributes directory data across a network. AD includes Knowledge Consistency Checker, which automatically creates replication connections from a source domain controller to a destination domain controller and generates the replication topology for the AD forest.</p> </section> <section class="section main-article-chapter" data-menu-title="Trusting terminology"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Trusting terminology</h2> <p>Active Directory relies on <a href="https://www.techtarget.com/searchwindowsserver/tip/Best-Practices-for-Active-Directory-Forest-Trusts">trusts</a> to facilitate authentication and to provide security across multiple domains or forests. These trust relationships apply to both domains and forests in AD. AD trusts work properly only if every resource has a direct trust path to a domain controller in the domain in which it is located. Also, to enable facilitation, Windows checks if a domain being requested by a user or computer already has a trust relationship with the requesting account's domain.</p> <p>The most important trust-related terms used in AD include the following:</p> <ul class="default-list"> <li>A <b>one-way trust</b> is when a first domain (Domain A) allows access privileges to users on a second domain (Domain B). However, Domain B does not allow users access to Domain A. Simply put, it is a unidirectional authentication path between Domains A and B.</li> <li>A <b>two-way trust</b> is when two domains trust each other. Thus, authentication requests can be passed between these domains, meaning each domain enables access to users of the other domain.</li> <li>A <b>trusted domain </b>is a single domain that enables user access to another domain, which is called the <i>trusting domain</i>. Forests used trusted domain objects to store all of the trusted namespaces, such as domain tree names, <a href="https://www.techtarget.com/whatis/definition/User-Principal-Name-UPN">user principal name</a> suffixes, service principal name suffixes and <a href="https://www.techtarget.com/searchsecurity/definition/security-identifier">security identifier</a> namespaces used in partner forests.</li> <li>A <b>transitive trust</b> can extend beyond two domains and allow access to other trusted domains within a forest. In AD, a two-way, transitive trust relationship is automatically established between new domains and parent domains in a forest.</li> <li>A <b>nontransitive trust</b> is a one-way trust that is limited to two domains. It is typically used to deny trust relationships with other domains.</li> <li>A <b>forest trust</b> provides seamless authentication and authorization across multiple AD forests, thus enabling access to resources and other objects in those forests. It can be one-way or two-way transitive.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="History and development of Active Directory"> <h2 class="section-title"><i class="icon" data-icon="1"></i>History and development of Active Directory</h2> <p>Microsoft offered a preview of Active Directory in 1999 and released it a year later with Windows 2000 Server. Microsoft continued to develop new features with each successive Windows Server release.</p> <p>Windows Server 2003 included a notable update to add forests and the ability to edit and change the position of domains within forests. Domains on Windows 2000 Server could not support newer AD updates running in Server 2003.</p> <p>Windows Server 2008 introduced AD FS. Additionally, Microsoft rebranded the directory for domain management as AD DS, and AD became an umbrella term for the directory-based services it supported. AD DS is available in all the latest versions of Windows Server, including Windows Server 2016, Windows Server 2019, Windows Server 2022 and Windows Server 2025.</p> <p>Windows Server 2016 updated AD DS to improve AD security and migrate AD environments to cloud or <a href="https://www.techtarget.com/searchcloudcomputing/definition/hybrid-cloud">hybrid cloud</a> environments. Security updates included the addition of privileged access management. <a href="https://www.techtarget.com/searchsecurity/definition/privileged-access-management-PAM">PAM</a> monitors access to an object, the type of access granted and what actions the user takes. PAM adds bastion AD forests to provide an additional secure and isolated forest environment. Windows Server 2016 ended support for devices on Windows Server 2003.</p> <p>In December 2016, Microsoft released Azure AD Connect, now called Microsoft Entra Connect, to join an on-premises Active Directory system with <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Azure-Active-Directory-Windows-Azure-AD">Azure AD</a>, now called Microsoft Entra ID. Through this integration, organizations could connect all the identities and access controls on their local networks with Microsoft's cloud services, such as <a href="https://www.techtarget.com/searchenterprisedesktop/definition/Microsoft-Office-365-suite">Office 365</a>, and enable user-friendly SSO for those services. Azure AD Connect worked with systems running Windows Server 2008, Windows Server 2012, Windows Server 2016 and Windows Server 2019. All 1.x versions of Azure AD Connect were retired on Aug. 31, 2022.</p> </section> <section class="section main-article-chapter" data-menu-title="Domains vs. workgroups"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Domains vs. workgroups</h2> <p>A <i>workgroup</i> is Microsoft's term for Windows machines connected over a <a href="https://www.techtarget.com/searchwindowsserver/definition/peer-to-peer-network-P2P-network">peer-to-peer (P2P) network</a>. Workgroups are another unit of organization for Windows computers in networks. Workgroups enable these machines to share files, internet access, printers and other resources over the network. P2P networking removes the need for a server for authentication. There are several differences between domains and workgroups:</p> <ul class="default-list"> <li>Domains, unlike workgroups, can host computers from different local networks.</li> <li>Domains can be used to host many more computers than workgroups. Domains can include thousands of computers; workgroups typically have an upper limit of close to 20.</li> <li>In domains, at least one server is a computer, which is used to control permissions and security features for every computer within the domain. In workgroups, there is no server, and computers are all peers.</li> <li>Domain users typically require security identifiers, such as logins and passwords, unlike workgroups.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Main competitors to Active Directory"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Main competitors to Active Directory</h2> <p>Other directory services on the market that provide similar functionality to AD include the following:</p> <ul class="default-list"> <li><b>Red Hat Directory Server</b> is an LDAP-based directory that manages user access to multiple systems in <a href="https://www.techtarget.com/searchdatacenter/definition/Unix">Unix</a> environments. It provides a network-based registry to centralize identity information and includes user ID- and certificate-based authentication to restrict access to data in the directory. In addition, it provides centralized, fine-grained access control over the directory and enhanced data protection, even if the number of systems and users increases.</li> <li><b>Apache Directory</b> is an <a href="https://www.techtarget.com/whatis/definition/open-source">open source</a> project that runs on <a href="https://www.theserverside.com/definition/Java">Java</a> and operates on any LDAP server, including systems on Windows, <a href="https://www.techtarget.com/whatis/definition/Mac-OS">macOS</a> and <a href="https://www.techtarget.com/searchdatacenter/definition/Linux-operating-system">Linux</a>. It provides an LDAP v3-compliant directory server and an <a href="https://www.techtarget.com/searchapparchitecture/definition/Eclipse-Eclipse-Foundation">Eclipse</a>-based directory tool called Apache Directory Studio. Additionally, the software includes an Apache Directory LDAP API that provides a convenient way to access all types of LDAP servers.</li> <li><b>OpenLDAP </b>is another open source alternative to AD. Specifically, it is an open source implementation of LDAP, with modules like a standalone LDAP load balancer <a href="https://www.techtarget.com/whatis/definition/daemon">daemon</a>; standalone LDAP daemon (server); and various libraries, tools and sample clients to implement LDAP.</li> </ul> <p><em>IT must carefully manage various Group Policies for desktops to ensure the correct policies are implemented. Learn when <a href="https://www.techtarget.com/searchenterprisedesktop/tip/When-does-AD-domain-joined-Group-Policy-override-local">AD domain-joined Group Policy overrides local</a>. </em></p> </section> Active Directory (AD) is Microsoft's proprietary directory service that enables network admins to manage users, permissions and their access to networking resources. https://cdn.ttgtmedia.com/visuals/digdeeper/5.jpg https://www.techtarget.com/searchwindowsserver/definition/Active-Directory Fri, 11 Apr 2025 09:00:00 GMT What is Active Directory (AD)? <p>A Windows zero-day under active exploitation should take the top of the patching priority list this month, but admins should carve out time to handle three other vulnerabilities that require manual intervention.</p> <p>Microsoft delivered corrections for 121 vulnerabilities on April Patch Tuesday with 11 rated critical and the remainder with a severity level of important. Most of the vulnerabilities reside in the Windows operating system with 90, but Microsoft Office ranks second with 20 flaws requiring patches.</p> <section class="section main-article-chapter" data-menu-title="Microsoft corrects exploited Windows zero-day"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft corrects exploited Windows zero-day</h2> <p>This month's most pressing vulnerability is a Windows Common Log File System Driver elevation-of-privilege flaw, CVE-2025-29824, rated important with a CVSS rating of 7.8. It affects most Windows Server and desktop systems, but patches for Windows 10 for x64-based and 32-bit systems were not immediately available.</p> <p>An attacker with local access -- either physically or via some <a href="https://www.techtarget.com/searchwindowsserver/tutorial/PowerShell-7-remoting-expands-management-horizons">remote access tool</a> -- only needs a regular user account to use the exploit code.</p> <p>"In this case, the attacker will gain full system privileges, so they own the box. That puts Windows as our highest-risk update this month," said Chris Goettl, vice president of product management for security products at Ivanti.</p> <p>Microsoft said a ransomware group called Storm-2460 targeted organizations across the U.S., Venezuela, Spain and Saudi Arabia. Storm-2460 would infiltrate vulnerable systems, gain system-level privileges for unrestricted control of the machine and then deploy its malware.</p> </section> <section class="section main-article-chapter" data-menu-title="3 vulnerabilities will require extra work"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3 vulnerabilities will require extra work</h2> <p>In some instances, applying the Microsoft security updates will not completely stop a threat. Administrators must take additional steps with mitigations for three vulnerabilities this month to keep their Windows systems safe.</p> <p>The first is a Windows Kerberos elevation-of-privilege vulnerability, CVE-2025-26647, rated important with an 8.1 CVSS score. This flaw only affects Windows Server systems.</p> <p>Until corrected in vulnerable systems, <a href="https://www.techtarget.com/searchsecurity/definition/Kerberos">Kerberos</a> -- the network authentication protocol in Windows -- will not properly validate input, which an attacker can exploit to escalate their privileges. The attacker only needs network access, but Microsoft rates the attack complexity as high, meaning that the threat actor must set the right conditions to trigger the exploit.</p> <p>"An authenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server," Microsoft wrote.</p> <p>Even after installing the April Patch Tuesday update, <a href="https://www.techtarget.com/searchwindowsserver/tip/New-Active-Directory-features-coming-in-Windows-Server-2025">Windows domain controllers will still be vulnerable</a> until administrators enable protections by manually changing registry settings. This is the first step in another three-phase rollout designed to help organizations avoid authentication failures and service outages by performing an audit on systems to find noncompliant certificates.</p> <p>"For this one in particular, Microsoft is concerned that the fix is going to cause problems for organizations," Goettl said. "So, while they've pushed the update, it is not turned on until you choose to do so. So, there is an additional step that needs to be taken there."</p> <p>In the next phase, slated to start on July 8, installing that month's security update on the domain controllers will start the Enforced by Default phase, which gives admins the option to switch a system back to Audit mode to make any adjustments. In the final phase, on Oct. 14, Microsoft will switch domain controllers to Enforcement mode and remove the ability to make further registry changes.</p> <p>The second flaw requiring further mitigation work is a Windows New Technology File System (NTFS) information disclosure vulnerability, CVE-2025-21197, rated important with a CVSS score of 6.5. It affects Windows Server and desktop systems. Patches for Windows 10 systems were not immediately available.</p> <p>"To mitigate against possible application compatibility risks, the fix to address this vulnerability has been released as disabled by default. However, administrators have been given the ability to enable this behavior if needed through a registry key," Microsoft wrote.</p> <p>Related to this vulnerability is a Windows <a href="https://www.techtarget.com/searchwindowsserver/definition/Resilient-File-System-ReFS">Resilient File System</a> (ReFS) information disclosure flaw, CVE-2025-27738, rated important for Windows Server and desktop systems with a CVSS rating of 6.5.</p> <p>Microsoft is disabling the fix for both CVE-2025-27738 and CVE-2025-21197 by default to avoid potential application compatibility issues. The company instructs customers to follow the directions <a target="_blank" href="https://support.microsoft.com/en-us/topic/access-check-enhancements-to-prevent-unauthorized-disclosure-of-file-paths-25750bf2-46b8-48b1-b2e6-cc9fc613656a" rel="noopener">at this link</a> to manually enable the correction via a registry key. The fix will enhance access checks on NTFS and ReFS volumes to prevent unauthorized users from viewing the full file path to a resource.</p> </section> <section class="section main-article-chapter" data-menu-title="Other security updates of note for April Patch Tuesday"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Other security updates of note for April Patch Tuesday</h2> <ul class="default-list"> <li>Two Microsoft SharePoint remote code execution vulnerabilities, CVE-2025-29793 and CVE-2025-29794, are rated important with CVSS 7.2 and 8.8 scores, respectively. Microsoft gave the flaws an exploitability assessment of "exploitation more likely." These vulnerabilities are particularly dangerous due to the low attack complexity, lack of requiring user interaction and fact that the threat actor only needs basic user privileges.</li> <li>Microsoft released four fixes in its developer tools ecosystem: Visual Studio (CVE-2025-29802, CVSS rating 7.3), Visual Studio (CVE-2025-29804, CVSS rating 7.3), Visual Studio Code (CVE-2025-20570, CVSS rating 6.8) and Visual Studio Tools for Applications and SQL Server Management Studio (CVE-2025-29803, CVSS rating 7.3). While they all have an exploitability assessment of "exploitation less likely," it is important for enterprises to quickly <a href="https://www.techtarget.com/searchsecurity/tip/Top-4-source-code-security-best-practices">close security holes in developer tools</a> to prevent a threat actor from accessing sensitive information or adding malicious code to a product.</li> <li>A Microsoft System Center elevation-of-privilege vulnerability, CVE-2025-27743, is rated important with a CVSS score of 7.8. Microsoft said the flaw is triggered by reusing System Center installer .exe files, and customers should delete the files and download the latest version of their System Center product as a .zip file.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Microsoft cancels plan to stop driver support in WSUS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft cancels plan to stop driver support in WSUS</h2> <p>Microsoft said it would delay its plan to end driver update synchronization to Windows Server Update Services (WSUS) servers planned this month on April 18. The company said feedback from customers with disconnected device scenarios spurred Microsoft to change its decision.</p> <p>Microsoft deprecated WSUS driver synchronization, but will continue to support it. The company recommends that customers <a href="https://www.techtarget.com/searchwindowsserver/tip/SCCM-driver-management-strategies-for-the-modern-world">explore other options</a>, such as Microsoft Intune and Windows Autopatch.</p> <p><i>Tom Walat is the site editor for Informa TechTarget's SearchWindowsServer site.</i></p> </section> Microsoft delivers fixes for 121 vulnerabilities with 11 rated critical this month. Admins will have extra mitigation work to correct three flaws. https://cdn.ttgtmedia.com/rms/onlineimages/security_a296619547.jpg https://www.techtarget.com/searchwindowsserver/news/366622229/Exploited-Windows-zero-day-addressed-on-April-Patch-Tuesday Wed, 09 Apr 2025 11:43:00 GMT Exploited Windows zero-day addressed on April Patch Tuesday <p>A domain controller is a server that processes authentication requests from users and computers within a computer <a href="https://www.techtarget.com/whatis/definition/domain">domain</a>. Domain <a href="https://www.techtarget.com/whatis/definition/controller">controllers</a> are most commonly used in Windows <a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory">Active Directory</a> (AD) domains, but are also used with other types of identity management systems.</p> <p>Domain controllers maintain directory service information for their domains, including users, <a href="https://www.techtarget.com/searchsecurity/definition/authentication">authentication</a> credentials and enterprise <a href="https://www.techtarget.com/searchsecurity/definition/security-policy">security policies</a>.</p> <section class="section main-article-chapter" data-menu-title="What are the main functions of a domain controller?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the main functions of a domain controller?</h2> <p>Domain controllers restrict access to domain resources by authenticating user identity through login credentials and preventing unauthorized access to those resources.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h.png 1280w" alt="Graphic listing the services in Active Directory." height="304" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Domain services, such as those that domain controllers provide, are just one part of Microsoft Active Directory. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Domain controllers apply security policies to requests for access to domain resources. For example, in a <a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory-domain-AD-domain">Windows AD domain</a>, the domain controller draws authentication information for user accounts from AD.</p> <p>A domain controller can operate as a single system, but is usually implemented in <a href="https://www.techtarget.com/whatis/definition/cluster">clusters</a> for improved reliability and availability. For domain controllers running under Windows AD, each cluster comprises a primary domain controller and one or more backup domain controllers.</p> <p>Insecure sites can use a read-only domain controller to speed up authentication. In <a href="https://www.techtarget.com/searchdatacenter/definition/Unix">Unix</a> and <a href="https://www.techtarget.com/searchdatacenter/definition/Linux-operating-system">Linux</a> environments, domain controllers can manage <a href="https://www.techtarget.com/searchmobilecomputing/definition/LDAP">Lightweight Directory Access Protocol</a> domains.</p> </section> <section class="section main-article-chapter" data-menu-title="Why is securing a domain controller important?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why is securing a domain controller important?</h2> <p>Domain controllers authorize all domain access, blocking unauthorized access to domain resources while allowing users access to authorized directory services. They also store many of the secrets that a domain uses to protect users and data. If someone gains unauthorized access to a domain controller, they can quickly gain access to all the data stored on the network, making domain controllers a primary target for attackers.</p> <p>It is important to harden the domain controller with additional security mechanisms, such as the following:</p> <ul class="default-list"> <li><a href="https://www.techtarget.com/searchsecurity/definition/firewall">Firewalls</a>.</li> <li>Isolated networks.</li> <li>Security protocols and encryption to protect stored data and data in transit.</li> <li>Restricted use of insecure protocols, such as <a href="https://www.techtarget.com/searchenterprisedesktop/definition/Remote-Desktop-Protocol-RDP">Remote Desktop Protocol</a>, on controllers.</li> <li>Deployment in a physically restricted location for security.</li> <li>Expedited patch and configuration management.</li> <li>Blocking internet access for domain controllers.</li> <li>Dedicated administrator accounts.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="How are domain controllers set up in Active Directory?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How are domain controllers set up in Active Directory?</h2> <p>The domain controller is the central server in a Windows AD domain. Domain controllers are servers that can use AD to respond to authentication requests.</p> <p>Experts advise against relying on a single domain controller, even for smaller organizations. Best practices call for one primary domain controller and at least one backup domain controller to avoid downtime caused by <a href="https://www.computerweekly.com/feature/Uptime-and-availability-Making-sense-of-supplier-SLAs">system unavailability</a>.</p> <p>Domain controllers can be deployed on physical servers, running as <a href="https://www.techtarget.com/searchitoperations/definition/virtual-machine-VM">virtual machines</a> (VMs) or as part of a <a href="https://www.techtarget.com/searchcloudcomputing/feature/A-cloud-services-cheat-sheet-for-AWS-Azure-and-Google-Cloud">cloud directory service</a>. It is best practice to deploy each domain controller on a standalone server. This includes virtual domain controllers, which should run on VMs running on different physical hosts. This minimizes the possibility of a compromise on another machine affecting the domain controller.</p> <p>Setting up an AD domain controller includes the following steps:</p> <ul class="default-list"> <li><b>Domain assessment.</b> The first step in setting up a domain controller is to assess the domain in which the controller will be set up. This assessment includes determining what types of domain controllers are needed, where they will be located and how they interoperate with existing systems in the domain.</li> <li><b>New deployment or addition.</b> Whether planning for a new deployment of AD domain controllers or adding a new controller for an existing domain, determine the domain controller location as well as the resources needed to run the centralized domain controller and any virtual domain controllers.</li> <li><b>Security by design.</b> It's imperative to secure a domain controller from internal or external attacks. The domain controller architecture must also be designed to withstand service disruptions such as loss of connectivity, loss of power or system failures.</li> </ul> <p>Specifics for <a target="_blank" href="https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-" rel="noopener">setting up</a> and <a href="https://www.techtarget.com/searchwindowsserver/tip/Configure-domain-controllers-after-Server-2025-upgrade%20">configuring AD domain controllers</a> vary depending on the version of <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-OS-operating-system">Windows Server</a> used on the domain.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/xBVauAnUT0s?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Other domain controller implementation options"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Other domain controller implementation options</h2> <p>The following options are available when setting up a domain controller with AD:</p> <ul class="default-list"> <li><b>Domain Name System server.</b> The <a href="https://www.techtarget.com/searchnetworking/definition/domain-name-system">DNS</a> domain controller can be configured to function as a DNS server. The DNS service provides the mapping of the computer name to its associated Internet Protocol address.</li> <li><b>Global catalog capabilities.</b> The domain controller can be configured to use the global catalog, which enables the controller to return AD information about any object in the organization forest, regardless of whether the object is in the same domain as the domain controller. This is useful for large enterprises with multiple AD domains.</li> <li><b>Read-only domain controller.</b> Domain controllers used in branch offices or in other circumstances where network connectivity is limited can be configured as read-only.</li> <li><b>Directory Services Restore Mode.</b> <a href="https://searchwindowsserver.techtarget.com/definition/Directory-Services-Restore-Mode-DSRM">DSRM</a> enables emergency maintenance, including restoring backups, on the domain controller. A DSRM password must be configured in advance.</li> <li><b>Certificate services.</b> Certificate services enable a domain controller to issue and authenticate certificates for authentication and encryption.</li> <li><b>Group policy.</b> Domain controllers host AD group policies, which can be used to enforce security settings on domain member servers and clients.</li> <li><b>Distributed file system.</b> <a href="https://www.techtarget.com/searchstorage/definition/distributed-file-system-DFS">DFS</a> uses multiple file servers to host shared files. The servers can automatically replicate files and hide the underlying server structure from end users.</li> </ul> <p>The same server can host other Windows services, such as a file share or print server. However, this is not recommended, as these other services could compromise the domain controller.</p> </section> <section class="section main-article-chapter" data-menu-title="What are the benefits of domain controllers?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the benefits of domain controllers?</h2> <p>Domain controller benefits include the following:</p> <ul class="default-list"> <li>Centralized management of authentication enables organizations to authenticate all access requests with a single set of credentials.</li> <li>Enforcement of security policies, such as password age, complexity and lockout, helps to prevent unauthorized access across an enterprise.</li> <li>Access to <a href="https://www.techtarget.com/searchnetworking/definition/file-server">file servers</a>, email and other network resources through domain controllers provides seamless integration with Microsoft AD.</li> <li>Support for secured authentication and transport protocols in domain controllers improves authentication process security.</li> </ul> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/benefits_and_limitations_of_domain_controllers-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/benefits_and_limitations_of_domain_controllers-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/benefits_and_limitations_of_domain_controllers-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/benefits_and_limitations_of_domain_controllers-f.png 1280w" alt="Chart comparing the benefits and limitations of domain controllers." height="235" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Domain controllers help large organizations protect network access authentication and authorization, but they come at a cost. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="What are the limitations of domain controllers?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the limitations of domain controllers?</h2> <p>Some domain controller limitations include the following:</p> <ul class="default-list"> <li>Domain controllers can be a single point of failure for network domain control.</li> <li>Because they control access to the entire network, domain controllers are a target for <a href="https://www.techtarget.com/searchsecurity/definition/cyber-attack">cyberattacks</a>. Successfully hacking a domain controller could give the attacker access to all domain network resources as well as authentication credentials for all users in the domain.</li> <li>Networks that use domain controllers for authentication and access security are dependent on them. To reduce the risk of downtime, controllers can be deployed in clusters.</li> <li>Domain controllers require additional infrastructure and security mechanisms.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Alternatives to domain controllers"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Alternatives to domain controllers</h2> <p>Domain controllers have historically been the center of an organization's <a href="https://www.techtarget.com/searchsecurity/definition/identity-access-management-IAM-system">identity and access management</a>. Still, they don't natively support many of the advanced features that are part of a modern environment.</p> <p>Traditional castle-and-moat-style networks have given way to <a href="https://www.techtarget.com/searchsecurity/definition/zero-trust-model-zero-trust-network">zero-trust</a> networks. Simple passwords are being replaced by <a href="https://www.techtarget.com/whatis/definition/passkey">passkeys</a> and <a href="https://www.techtarget.com/searchsecurity/definition/two-factor-authentication">two-factor authentication</a>.</p> <p><a href="https://www.techtarget.com/searchwindowsserver/tip/How-to-manage-a-migration-to-Microsoft-Entra-ID">Microsoft Entra ID</a> is a cloud-based identity manager. It is part of Microsoft's <a href="https://www.techtarget.com/searchcloudcomputing/definition/Windows-Azure">Azure</a> cloud platform. Entra ID is designed to be secure from the start and support modern authentication.</p> <p><a href="https://www.techtarget.com/searchsecurity/definition/federated-identity-management">Federated identities</a> enable one authentication service to be used for other services. For example, a Google account can be used to sign in to an accounting website.</p> <p>Amazon Web Services Directory Service is a managed AD service offered by Amazon. It hosts an AD environment in AWS.</p> </section> <section class="section main-article-chapter" data-menu-title="Hybrid domain controllers"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Hybrid domain controllers</h2> <p><a href="https://www.techtarget.com/searchcloudcomputing/definition/hybrid-cloud">Hybrid cloud</a> environments, which combine on-premises and cloud-based infrastructure, are becoming more prevalent. Domain controllers can be configured with tools to sync accounts and passwords with a cloud identity provider, such as Microsoft Entra ID. This enables users to have a single set of credentials that works for both on-premises and internet resources.</p> <p>With hybrid deployments, a single management interface can be used to control access to all resources. Hybrid deployments are a good option for organizations that are not ready to move entirely to the cloud, but that use some online resources.</p> <p>Account sync can be set up to be one-way or two-way. In a one-way sync, the on-premises information is sent to the cloud provider. Typically, only password hashes are synced; this prevents the possibility of the passwords being compromised, but could also prevent some features from working, such as self-service password resets. In a two-way sync, the online service can change the on-premises accounts.</p> <p><i>Domain controllers are fundamental to securing unauthorized access to an organization's domains. Learn how to securely set up and </i><a href="https://www.techtarget.com/searchwindowsserver/answer/How-to-deploy-a-Windows-Server-2016-domain-controller"><i>deploy a Windows Server 2022 domain controller</i></a><i>. Also, check out this </i><a href="https://www.techtarget.com/searchwindowsserver/tip/Windows-Server-security-hardening-guide-for-admins"><i>Windows Server 2022 security hardening guide</i></a><i> for admins.</i></p> </section> A domain controller is a server that processes requests for authentication from users and computers within a computer domain. https://cdn.ttgtmedia.com/visuals/digdeeper/3.jpg https://www.techtarget.com/searchwindowsserver/definition/domain-controller Thu, 27 Feb 2025 09:00:00 GMT What is a domain controller? <p>Microsoft is the world's largest vendor of computer software and a leading provider of cloud computing services, video games, computer and gaming hardware, search and other online services. Based in Redmond, Wash., Microsoft has offices across the U.S. and multiple countries worldwide.</p> <section class="section main-article-chapter" data-menu-title="Microsoft origins: 1975 to 1981"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft origins: 1975 to 1981</h2> <p>Bill Gates, who it is believed wrote his first software program at age 13, joined forces with his childhood friend Paul Allen to start Microsoft (originally known as Micro-Soft for <i>microprocessors</i> and <i>software</i>) in April 1975. At the time, Gates left Harvard University, and Allen left his job as a programmer in Boston. They sought to develop a compiler for the Altair 8800, a primitive early personal computer. Gates contacted the manufacturer, Micro Instrumentation and Telemetry Systems (MITS), and offered to write a program for a new computer.</p> <p>Gates and Allen created an interpreter for BASIC, then a <a href="https://www.computerweekly.com/blog/Write-side-up-by-Freeform-Dynamics/Mainframe-Skills-Challenge-or-Opportunity">mainframe programming</a> language, to use with the Altair. MITS hired Gates and Allen in 1975. Within a year, they left to focus on their fledgling company, Microsoft, which they incorporated in 1981.</p> </section> <section class="section main-article-chapter" data-menu-title="Microsoft history: 1980 to 2025"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft history: 1980 to 2025</h2> <p>In 1980, IBM engaged Microsoft to develop an <a href="https://www.techtarget.com/whatis/definition/operating-system-OS">OS</a> for IBM's PC. Called PC-DOS by IBM, Microsoft also marketed its own version, <a href="https://www.techtarget.com/searchenterprisedesktop/definition/MS-DOS">MS-DOS</a> (Microsoft Disk Operating System), which debuted in 1981 and which IBM licensed for its PC. The late 1970s and early 1980s saw Microsoft's fortunes soar, with the company adding more companies to its client roster and licensing MS-DOS to many of them.</p> <p>The initial versions of MS-DOS lacked a <a href="https://www.techtarget.com/whatis/video/An-explanation-of-CLI-GUI-and-NUI">GUI,</a> so users had to type in various commands to open any program. However, Microsoft later developed Interface Manager, a GUI that ran on top of DOS and became <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows">Windows</a> in 1985. Windows, which included numerous graphical features such as drop-down menus and scroll bars, was inspired by the same Xerox PARC research project that <a href="https://www.techtarget.com/whatis/definition/Apple">Apple</a> used to move an arrow across a graphical desktop.</p> <p>In 1986, Microsoft moved its headquarters to Redmond and went public, offering $21 per share in its IPO. The IPO made Gates a multimillionaire. In less than a decade, he became a multibillionaire and one of the world's richest people.</p> <p>Since the late 1990s, Microsoft has been embroiled in numerous legal cases. In 1998, the U.S. Department of Justice filed antitrust charges against the company, accusing it of using its dominant market position to drive its competitors -- such as <a href="https://www.techtarget.com/whatis/definition/Netscape">Netscape</a> -- out of business. Microsoft lost the case, appealed, and lost again. Gates and other Microsoft leaders were forced eventually to modify certain corporate practices to reduce Microsoft's unfair market monopoly. Due to its near-monopoly practices, Microsoft continued throughout the 2000s to face <a href="https://www.computerweekly.com/news/366593634/Microsoft-and-CISPEs-settlement-in-long-running-cloud-antitrust-dispute-proves-controversial">legal challenges</a> and had to pay hefty fines. Despite these challenges, Microsoft remains a healthy technology company with a strong market presence. As of January 2025, it is one of a handful of companies worldwide with trillion-dollar-plus market capitalizations.</p> <p>Over the past two decades, Microsoft has acquired numerous companies, many of them well-known, including <a href="https://www.techtarget.com/searchitoperations/definition/GitHub">GitHub</a>, LinkedIn, Activision Blizzard and Skype. Since February 2014, CEO <a href="https://www.computerweekly.com/news/366545132/Microsofts-Nadella-sees-massive-growth-opportunity-in-AI">Satya Nadella</a> has led Microsoft.</p> </section> <section class="section main-article-chapter" data-menu-title="Microsoft products"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft products</h2> <p>By the late 1980s, Microsoft had become the world's largest PC software company. In the 1990s and 2000s, it continued to grow, developing and releasing new, innovative PC products, such as its Windows OSes, Office software suite and <a href="https://www.techtarget.com/searchenterprisedesktop/definition/Internet-Explorer">Internet Explorer</a> web browser.</p> <p>Over time, the company has forayed into the development of desktops and laptops, Xbox gaming consoles, security products such as antivirus software, security operations platform, endpoint detection and response software, and identity solutions. More recently, Microsoft has started expanding its global presence with cloud-based and <a href="https://www.computerweekly.com/news/366614628/AI-becomes-Microsofts-fastest-growing-business">AI-enabled products</a> like Azure Cloud, the Microsoft 365 software productivity suite, and the <a href="https://www.techtarget.com/whatis/definition/Microsoft-Copilot">Copilot</a> AI-powered chatbot.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_copilot_processes_user_prompts-f_desktop.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_copilot_processes_user_prompts-f_desktop_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_copilot_processes_user_prompts-f_desktop_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/how_copilot_processes_user_prompts-f_desktop.png 1280w" alt="Chart showing how Copilot handles user prompts within Microsoft 365."> <figcaption> <i class="icon pictures" data-icon="z"></i>A look at how Copilot supports user prompts from Office apps. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Windows OS</h3> <p>For the first few years after releasing the Windows OS, Microsoft struggled to make the product a success.</p> <p>It introduced Windows 1.0 in 1983, but the actual release didn't happen until November 1985. Heavily influenced by Apple's existing GUI, Windows 1.0 was more user-friendly than the command-line interface of MS-DOS, with menus a user could access with a keyboard or mouse. However, the presence of Apple's GUI made it hard for Windows to gain traction.</p> <p>It wasn't until the release of Windows 3.0 in 1990 that the OS gained some respect from the PC user base. The release of Windows 3.1 in 1992 finally led to Microsoft OSes earning widespread acceptance. In 1995, the release of Windows 95 -- an OS that integrated MS-DOS with Windows and was as easy to use as Apple's Mac OS -- saw the beginning of a shift from DOS-based applications to Windows-based applications. This fueled the exponential growth and popularity of Windows as the preferred OS for PCs worldwide. By the 1990s, Windows had outsold most of its rival OSes, including CP/M and IBM OS/2.</p> <p>But to run Windows, the PCs first had to load DOS. DOS was a 16-bit OS, while Windows was a 32-bit OS. The result was a crash-prone Windows. In 1992, Microsoft hired veteran developer David Cutler from Digital Equipment Corp. with the intention of building a new 32-bit OS from the ground up. It was called <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows-NT">Windows NT</a> -- the NT standing for "new technology." The first version, Windows NT 3.1, an upgrade over Windows 3.1, was released in 1992.</p> <p>While NT resolved the compatibility issues, its initial versions created other problems. System requirements were so great that few PCs could use it, so Microsoft shifted Windows NT to be a server OS. However, as hardware improved, more people began using Windows NT as a desktop OS.</p> <p>In the late 1990s, Microsoft began merging Windows 95 and Windows NT into one OS. The result was Windows 2000 -- released in the year 2000 -- followed by Windows XP the following year for desktops, and Windows Server 2003 two years later. Even before the release of Windows 2000, previous versions of Windows were running 90% of the world's PCs. Following Windows 2000, Microsoft released Windows XP in 2001, Windows Vista in 2007 and <a href="https://www.techtarget.com/searchenterprisedesktop/definition/Windows-10">Windows 10</a> in 2015. The most recent version of Windows, <a href="https://www.techtarget.com/whatis/feature/Windows-11-explained-Everything-you-need-to-know">Windows 11</a>, came out in 2021.</p> <p>Other Windows releases include the following:</p> <ul class="default-list"> <li>Windows 98 in 1998.</li> <li>Windows ME in 2000.</li> <li><a href="https://www.techtarget.com/searchenterprisedesktop/definition/Windows-7">Windows 7</a> in October 2009.</li> <li>Windows 8 in October 2012 and Windows 8.1 in 2013.</li> </ul> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/microsoft_windows_timeline_the_38_year_evolution-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/microsoft_windows_timeline_the_38_year_evolution-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/microsoft_windows_timeline_the_38_year_evolution-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/microsoft_windows_timeline_the_38_year_evolution-f.png 1280w" alt="Microsoft Windows timeline infographic." height="742" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Microsoft Windows Timeline. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Windows Server</h3> <p>Microsoft NT 3.1 Advanced Server, released in 1993, set the foundation for Microsoft's line of server and business desktop OSes. This OS, which could run on Intel x86 and other CPUs, was designed to handle critical business applications. Although it was replaced by Windows NT 3.5 in 1994, its basic OS kernel is still used for the 32-bit version of Windows 7 and in the NTFS file system.</p> <p>After 1994, Microsoft developed and released other versions of its server OS, including the following:</p> <ul class="default-list"> <li>Windows NT 3.5.1 in 1995.</li> <li>Windows NT 4.0 in 1996.</li> <li>Windows NT 5.0 in 1999.</li> </ul> <p>These subsequent versions improved usability and stability and introduced the idea of the domain-based networking model for centralized network administration and unified user and access control.</p> <p>In 2000, Microsoft released Windows 2000 Server, which further simplified network management with the then-new <a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory">Active Directory</a> user directory feature. This OS also provided enhancements for storage management, web integration and application development. After Windows 2000 Server, Microsoft released nine more server OSes by 2022.</p> <p>Windows Server 2008 and 2008 R2 introduced Microsoft's <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Understand-the-limitations-of-running-Hyper-V-in-Windows-11">Hyper-V</a>, a hardware virtualization product that lets enterprise users create virtual machines (<a href="https://www.techtarget.com/searchitoperations/definition/virtual-machine-VM">VMs</a>) on physical computers. Subsequent versions of Windows Server improved virtualization. Additionally, these versions introduced cloud capabilities, such as Docker-compatible <a href="https://www.techtarget.com/searchitoperations/tip/Containers-vs-VMs-What-are-the-key-differences">containers</a> that enabled companies to take better advantage of technological innovations like hybrid cloud environments, microservices and cloud-native applications.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/windows_server-virtual_machines_vs_containers.png"> <img data-src="https://www.techtarget.com/rms/onlineImages/windows_server-virtual_machines_vs_containers_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/windows_server-virtual_machines_vs_containers_mobile.png 960w,https://www.techtarget.com/rms/onlineImages/windows_server-virtual_machines_vs_containers.png 1280w" alt="Chart comparing the structure of virtual machines and containers." height="380" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>More recent versions of Windows Server have improved virtualization capabilities, such as virtual machines and containers, which are contrasted here. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Windows Server 2022 included advanced multilayer security features and a flexible application development platform. The latest iteration, <a href="https://www.techtarget.com/searchwindowsserver/feature/Will-Windows-Server-2025-release-spark-VMware-migrations">Windows Server 2025</a>, was released in November 2024. It is available in three editions -- Standard, Datacenter and Datacenter Azure Edition. It is the first and only Windows Server OS that supports ARM64 architecture -- the 86-bit version of the ARM64 instruction set.</p> <p>Key features of all Windows Server OSes include Active Directory, which automates the management of user data, security and distributed resources, and enables interoperation with other directories; and Server Manager, a utility to administer server roles and make configuration changes on local or remote machines.</p> <p>Also, from the 2016 version onward, Windows Server is available using two release channels: the Long-Term Servicing Channel (<a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-LTSC-Long-Term-Servicing-Channel">LTSC</a>) and the Annual Channel (AC). Organizations can choose their preferred channel, depending on whether they want a traditional lifecycle of quality and security updates (LTSC) or more frequent releases (AC).</p> <h3>Microsoft Office and Microsoft 365</h3> <p>Building on the success of its OSes, Microsoft moved into the development of productivity software, which it dubbed "Office."</p> <p><a href="https://www.techtarget.com/searchenterprisedesktop/news/252522244/Microsoft-will-sign-idle-users-out-of-Office-web-apps">Microsoft Office</a> first appeared in 1990. The productivity package featured several bundled applications, including Word, Excel and PowerPoint for the desktop. More than two decades later, those applications remain popular with individuals and companies worldwide. Over the years, Microsoft added new products to the Office suite, including <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Outlook">Outlook</a> (an email client), Access (a database management system), OneNote (a note-taking app), <a href="https://www.techtarget.com/searchcontentmanagement/feature/Benefits-of-Microsoft-SharePoint">SharePoint</a> (a set of content management, knowledge management and website creation tools) and <a href="https://www.techtarget.com/searchunifiedcommunications/definition/Microsoft-Teams">Teams</a> (a team collaboration application).</p> <p>Microsoft's pivot toward cloud computing is reflected in the development and release of <a href="https://www.techtarget.com/searchenterprisedesktop/definition/Microsoft-Office-365-suite">Microsoft 365</a>, a cloud-powered productivity platform. First released in 2017 as Office 365 and renamed in 2020, Microsoft 365 is a browser-based yearly subscription version of Office that includes all the products available in the desktop versions of Office (Word, Excel, PowerPoint, Outlook, OneNote, Teams, etc.). It also includes access to OneDrive, Microsoft's cloud storage service (similar to <a href="https://www.techtarget.com/searchmobilecomputing/definition/Google-Drive">Google Drive</a>) that lets users store data in the cloud and sync files with multiple devices.</p> <p>Unlike Microsoft 365, the latest desktop-based version of Office, Office 2024, is sold as a<i> </i>one-time purchase. It does not have all of the same features that are available by default in the cloud- and subscription-based Microsoft 365.</p> <p>Recently, Microsoft has strengthened Microsoft 365 with AI-powered features using Copilot, a <a href="https://www.techtarget.com/searchenterpriseai/tip/7-top-generative-AI-benefits-for-business">generative AI</a> chatbot-cum-assistant that makes it easy for users to draft content, simplify onerous tasks and speed up workflows.</p> <p>The subscription plans for Microsoft 365 are available for the following:</p> <ul class="default-list"> <li>Home and personal use.</li> <li>Small and midsize businesses.</li> <li>Large enterprises.</li> <li>Educational institutions.</li> <li>Nonprofits.</li> </ul> <p>A free version, Microsoft 365 for the web<i>, </i>is also available.<b> </b>Anyone with a Microsoft account can use it in a web browser. Securing the account only requires that users provide a new or existing email address.</p> <h3>Internet Explorer and Edge</h3> <p>Microsoft initially dismissed growing interest in the internet but nevertheless developed and released its first web browser in 1995, Internet Explorer (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/Internet-Explorer">IE</a>). First appearing as an add-on in Windows 95, IE and its subsequent versions were bundled into the Windows OS. It was this decision that prompted the 1998 <a href="https://www.techtarget.com/searchcio/opinion/Google-antitrust-case-could-explore-unknown-threats">antitrust case</a> against Microsoft. That case determined that Microsoft was deliberately stifling competition and building its monopoly in the web browser space. The courts initially ordered Microsoft to remove IE from Windows. However, both parties reached a settlement in 2001 that did not mandate this requirement. The courts ruled that Microsoft was an illegal monopoly and mandated that it make internal changes to eliminate this problem.</p> <p>Microsoft continued development on IE, which remained available in Windows between 1995 and 2013. In 2016, the company stopped providing active technical support for all IE versions except IE 11. It also deprecated the browser in Windows 10 in favor of its newer <a href="https://www.techtarget.com/whatis/definition/Microsoft-Edge">Edge</a> browser. For a few years, Edge gained some traction among users. However, it slowly fell out of favor with them, many of whom preferred the more user-friendly, secure and feature-rich <a href="https://www.techtarget.com/searchcio/news/366616275/DOJs-push-to-breakup-Google-faces-tough-odds">Google Chrome</a> and Mozilla Firefox browsers. In 2019, Microsoft adopted the Chrome-based browser engine from Google and applied its own enhancements.</p> </section> <section class="section main-article-chapter" data-menu-title="Microsoft development platforms"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft development platforms</h2> <p>Microsoft has released numerous developer tools and programming languages since its origins as an OS-only company. <a href="https://www.techtarget.com/searchapparchitecture/tip/5-dead-programming-languages-we-should-never-forget">Visual Basic</a>, an object-oriented language for creating type-safe .NET apps, was released in 1991. Microsoft then expanded to Visual C++ in 1993 and eventually Visual C#, an implementation of the existing <a href="https://www.techtarget.com/whatis/definition/C-Sharp">C#</a> language developed specifically for the .NET platform. In 2002, all these tools were bundled into Visual Studio.</p> <p>Visual Studio is an <a href="https://www.techtarget.com/searchsoftwarequality/definition/integrated-development-environment">IDE</a> that helps software developers write, edit, debug and build code. It includes compilers, code completion tools, source control, extensions and other features that developers need to develop cross-platform applications in various languages, including <a href="https://www.techtarget.com/searchdatamanagement/definition/C">C++</a>, C#, <a href="https://www.theserverside.com/definition/JavaScript">JavaScript</a>, TypeScript and <a href="https://www.techtarget.com/whatis/definition/Python">Python</a>. The most recent versions of Visual Studio also provide AI assistance to help development teams streamline the <a href="https://www.techtarget.com/searchsoftwarequality/definition/software-development-life-cycle-SDLC">software development lifecycle</a>.</p> <p>Also in 2002, Microsoft launched its .NET framework, a programming model to help developers build applications for Windows. The core components of the .NET platform are its <a href="https://www.techtarget.com/whatis/definition/Common-Language-Runtime-CLR">Common Language Runtime</a>, which lets nearly any language compile down to an intermediate language, and the Framework Class Library, which provides core functions for any language.</p> <p>Initially designed for Windows-only development, .NET now covers non-Windows platforms such as <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-choose-between-Windows-10-IoT-and-Linux">Linux</a> and mobile. This led to platform fragmentation: .NET Framework, the original implementation; .NET Core, introduced in 2014 as the successor to Framework that added support for Linux and Mac; and Xamarin, a port of the .NET Framework for Android phones.</p> <p>In 2019, Microsoft worked to combine .NET Framework, .NET Core and Xamarin into a single unified platform called .NET 5 Framework. That was released in 2020. As of 2025, .NET is an <a href="https://www.techtarget.com/whatis/definition/open-source">open source</a> development platform that supports building many types of applications for Android, Apple, Linux and Windows OSes.</p> </section> <section class="section main-article-chapter" data-menu-title="Microsoft management applications"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft management applications</h2> <p>Microsoft develops and sells numerous enterprise-class systems management software tools, including <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-System-Center">System Center</a>, which helps IT administrators deploy, configure, maintain and manage sophisticated corporate data center installations. System Center includes the following components and services:</p> <ul class="default-list"> <li>System Center Operations Manager for centralized monitoring of IT infrastructures.</li> <li>System Center Orchestrator for simplifying data center workflow management.</li> <li>System Center Virtual Machine Manager for configuring and managing virtualized, software-defined data centers.</li> <li>System Center Service Manager to automate and improve IT service management practices.</li> <li>System Center Data Protection Manager for securing data with backup, storage and recovery features.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Microsoft hardware offerings"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft hardware offerings</h2> <p>Microsoft started its hardware division in 1982 to develop a mouse to use with Word. In 1995, it introduced its own keyboard with specific keys for controlling Windows 95.</p> <p>In 2001, it launched the <a href="https://www.computerweekly.com/news/252492522/Xbox-Series-X-PlayStation-5-launches-unleash-UK-network-traffic-surge">Xbox gaming console</a> system as a direct competitor to established gaming companies such as Sony and Nintendo. Since then, Microsoft has released several other iterations of Xbox, including Xbox 360 in 2005, Xbox One in November 2013, and Xbox Series X and Series S in November 2020. Xbox Series X and Series S remain available as of January 2025 and support thousands of popular <a href="https://www.computerweekly.com/blog/When-IT-Meets-Politics/Do-video-games-breed-hackers">video games</a> like Star Wars Outlaws, Call of Duty Black Ops 6 and Age of Mythology Retold.</p> <p>Microsoft also offers the Surface family of <a href="https://www.computerweekly.com/microscope/news/366547016/Tablet-market-under-pressure?">tablet computers</a>, which bundle tablet hardware with the Windows OS. The first Surface appeared in 2012 and has been superseded by several subsequent models. Besides tablets, other products in the touchscreen-based Surface line include laptops and whiteboards.</p> </section> <section class="section main-article-chapter" data-menu-title="Microsoft Azure cloud"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft Azure cloud</h2> <p>Microsoft entered the <a href="https://www.techtarget.com/searchcloudcomputing/definition/public-cloud">public cloud</a> market when it introduced the Windows Azure platform at the Professional Developers Conference in October 2008. Azure became available in February 2010 as a competitor to <a href="https://www.techtarget.com/searchaws/definition/Amazon-Web-Services">AWS</a>. Built as an extension of the Windows NT OS, Azure set the stage for Microsoft's foray into the area of <a href="https://www.techtarget.com/searchcloudcomputing/definition/Platform-as-a-Service-PaaS">platform as a service</a></p> <p>The company renamed the offering <a href="https://www.techtarget.com/searchcloudcomputing/definition/Windows-Azure">Microsoft Azure</a> in March 2014. As Microsoft's public cloud computing platform, Azure provides various cloud services, including those for compute, analytics, storage, networking, management, <a href="https://www.techtarget.com/searchenterpriseai/definition/machine-learning-ML">machine learning</a> and <a href="https://searchdatamanagement.techtarget.com/definition/big-data">big data</a> capabilities. Users can pick from these services to develop and scale new applications, or run existing applications in the public cloud.</p> <p>Much of the appeal of Azure stems from it having the same operating environment as on-premises Windows Server. Customers can migrate their applications from on-premises to Azure, often without modification. Companies can also simplify infrastructure management through a global network of data centers Microsoft manages. Microsoft has also endeavored to make many of its key on-premises applications, such as SQL Server, have the same features in the cloud version as the on-premises version. Currently, the platform offers over 200 products and services, all accessible through the cloud for a wide range of enterprise applications and use cases. As with other Microsoft offerings, <a href="https://www.computerweekly.com/news/366615541/Microsoft-ramps-up-small-language-model-effort">Azure also includes AI capabilities</a> that make it easy for organizations to design and scale AI applications through a single interface.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/l9JkLhvaKA8?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Notable Microsoft acquisitions"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Notable Microsoft acquisitions</h2> <p>Like most large corporations, Microsoft has acquired numerous companies over the years. here are some notable acquisitions:</p> <ul class="default-list"> <li><b>Skype. </b>Microsoft purchased Skype, the <a href="https://www.techtarget.com/searchunifiedcommunications/definition/VoIP">VoIP</a>-based video and text messaging service, from eBay in 2011 for $8.5 billion. Skype is now part of the Windows 11 OS and is used primarily in person-to-person communication, while Microsoft Teams is used for group conversation.</li> <li><b>Nokia. </b>Microsoft acquired <a href="https://www.computerweekly.com/news/366613342/Nokia-sharpens-edge-for-industrial-communications">Nokia</a> for $7.2 billion in 2013. At the time, Microsoft was competing in the smartphone business against Apple and Android, and Nokia was the largest supporter of the Windows Phone OS. But Windows Phone failed to gain traction, lost developers and was discontinued.</li> <li><b>LinkedIn. </b>In December 2016, Microsoft purchased the professional <a href="https://www.techtarget.com/whatis/definition/social-media">social media</a> site LinkedIn for $26 billion. Recently, the company announced plans to tightly integrate LinkedIn with its video conferencing software, Microsoft Teams.</li> <li><b>Nuance Communications.</b> In April 2021, Microsoft announced it would spend $16 billion to acquire <a href="https://www.techtarget.com/healthtechsecurity/news/366593951/Nuance-Communications-Notifies-12M-Individuals-of-Data-Breach">Nuance Communications</a>, the leading maker of speech recognition software Dragon NaturallySpeaking.</li> <li><b>Activision Blizzard.</b> In January 2022, Microsoft sought to boost its position in the gaming industry with the $68 billion <a href="https://www.techtarget.com/searchunifiedcommunications/news/252512262/Activision-Blizzard-deal-positions-Microsoft-for-the-metaverse">acquisition of Activision Blizzard</a>, the maker of game franchises such as <i>Call of Duty</i> and <i>Diablo</i>. Activision became a wholly owned subsidiary of Microsoft in October 2023. UK antitrust officials blocked the deal until August 2023, when Microsoft revised some elements of the deal to keep the company from eliminating competition in the cloud gaming market.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Microsoft leadership"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft leadership</h2> <p>Microsoft has experienced several changes in leadership through the years.</p> <p>Gates led Microsoft from its earliest days before handing over CEO duties in January 2000 to longtime friend and employee Steve Ballmer. Ballmer refocused the company on devices and services, leading to products such as Xbox and Office 365. He stepped down as CEO in February 2014 when he purchased the Los Angeles Clippers NBA team. In January 2015, Ballmer and his wife pledged to donate $15 million as emergency funding to help the people affected by <a href="https://www.techtarget.com/searchhrsoftware/news/366617924/Workforce-planning-lags-behind-rising-climate-disasters">wildfires that raged across Los Angeles</a> for several weeks.</p> <p>After a protracted CEO search, Satya Nadella, who had been executive vice president of Microsoft's cloud and enterprise division, became the new CEO in 2014.</p> <p>Paul Allen, one of Microsoft's co-founders, died in 2018.</p> <p>From 2005 on, Gates <a href="https://www.computerweekly.com/news/252480077/Bill-Gates-steps-down-from-Microsoft-board-to-focus-on-philanthropic-efforts">dedicated himself to his charitable foundation</a>, which he launched in 1994 with his then-wife, Melinda Gates. He pledged to donate virtually all his wealth to charity and remains heavily involved in the foundation that, as of 2020, was the world's third-largest nonprofit. Although he is believed to still influence Microsoft's strategic direction, he is no longer actively involved in day-to-day operations or decision-making.</p> <p><em>Learn about the <a href="https://www.techtarget.com/whatis/feature/Windows-11-vs-Windows-10-What-are-the-differences">differences between Windows 11 and Windows 10</a> and explore the <a href="https://www.techtarget.com/searchwindowsserver/tip/Compare-the-features-in-the-Windows-Server-2022-editions">features in the Windows Server 2022 editions</a>. Read about the <a href="https://www.techtarget.com/searchcloudcomputing/definition/Windows-Azure">identity and access management services of Microsoft Azure</a> and other major cloud providers.</em></p> </section> Microsoft is the world's largest vendor of computer software and a leading provider of cloud computing services, video games, computer and gaming hardware, search and other online services. https://cdn.ttgtmedia.com/visuals/digdeeper/4.jpg https://www.techtarget.com/searchwindowsserver/definition/Microsoft Mon, 24 Feb 2025 00:00:00 GMT What is Microsoft? <p>The C programming language is a procedural and general-purpose language that provides low-level access to system memory. A program written in C must be run through a C <a href="https://www.techtarget.com/whatis/definition/compiler">compiler</a> to convert it into an executable that a computer can run. Many versions of <a href="https://www.techtarget.com/searchdatacenter/definition/Unix">Unix</a>-based operating systems (OSes) are written in C and it has been standardized as part of the Portable Operating System Interface (<a href="https://www.techtarget.com/whatis/definition/POSIX-Portable-Operating-System-Interface">POSIX</a>).</p> <p>Today, the C programming language runs on many different hardware platforms and OSes such as Microsoft and <a href="https://www.techtarget.com/searchdatacenter/definition/Linux-operating-system">Linux</a>.</p> <section class="section main-article-chapter" data-menu-title="Pros and cons of C"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Pros and cons of C</h2> <p>The C language comes with a set of special characteristics, making it one of the most widely used languages of all time. The following are the main benefits of using C:</p> <ul class="default-list"> <li><strong>Structured. </strong>It offers a <a href="https://www.techtarget.com/searchsoftwarequality/definition/structured-programming-modular-programming">structured programming</a> approach for breaking down problems into smaller modules or functions that are easy to understand and modify.</li> <li><strong>Portable. </strong>C is machine-independent and C programs can be executed on different machines.</li> <li><strong>Mid-level programming language. </strong>It's a mid-level language that supports the features of both a low-level and a high-level language.</li> <li><strong>Rich library. </strong>It offers numerous built-in library functions that expedite the development process.</li> <li><strong>Dynamic memory allocation. </strong>C supports the dynamic memory allocation feature, which can be used to <a href="https://www.techtarget.com/searchitoperations/feature/Memory-management-techniques-improve-system-performance">free the allocated memory</a> at any time by calling the <strong>free()</strong> function.</li> <li><strong>Speed. </strong>It's a compiler-based language, which makes the compilation and execution of code faster. Since only essential and required features are included in C, it saves processing power and improves speed.</li> <li><strong>Pointers. </strong>C uses pointers, which improve performance by enabling direct interaction with the system memory.</li> <li><strong>Recursion. </strong>C enables developers to backtrack by providing code reusability for every function.</li> <li><strong>Extensible. </strong>A C program can be easily extended. If code is already written, new features and functionalities can be added to it with minor alterations.</li> </ul> <p>C also comes with a few shortfalls, even though it's an ideal language for programming beginners due to its simple syntax, algorithms and modular structure. The following are a few disadvantages of using C:</p> <ul class="default-list"> <li><strong>OOP features.</strong> C doesn't extend its support for object-oriented programming (<a href="https://www.techtarget.com/searchapparchitecture/definition/object-oriented-programming-OOP">OOP</a>) features, which enables the creation of subclasses from parent classes. Unlike <a href="https://www.theserverside.com/definition/Java">Java</a>, <a href="https://www.techtarget.com/whatis/definition/Python">Python</a> or C++, multiple inheritances can't be created in C, which makes it difficult to reuse existing code.</li> <li><strong>Namespace feature.</strong> C lacks namespace features, which means the same variable name can't be reused in one scope. Without namespaces, it's impossible to declare two variables with the same name.</li> <li><strong>Run-time checking.</strong> C doesn't display code errors after each line of code; instead, all the errors are presented by the compiler after the program has been written. This can make code checking a challenge, especially for larger programs.</li> <li><strong>Exception handling.</strong> C lacks exception handling, which is the ability to handle exceptions, such as bugs and anomalies that can happen during <a href="https://www.techtarget.com/searchapparchitecture/definition/source-code">source code</a></li> <li><strong>Constructor and destructor.</strong> Since C isn't object oriented, it doesn't offer constructor and destructor features. Constructing or destructing a variable in C must be done manually through a function or by other means.</li> <li><strong>Garbage collection.</strong> C isn't equipped with garbage collection. This important feature automatically reclaims memory from objects that are no longer required by the library or an app.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Where is C used?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Where is C used?</h2> <p>C has a wide range of real-world applications that aren't limited to the development of OSes and applications. C is also used in areas such as graphical user interface development and <a href="https://www.techtarget.com/searchsoftwarequality/definition/integrated-development-environment">integrated development environments</a><span>.</span></p> <p>The following are some use cases for the C language:</p> <ul class="default-list"> <li>OSes, such as Unix and all Unix applications;</li> <li>databases, including Oracle Database, <a href="https://www.techtarget.com/searchoracle/definition/MySQL">MySQL</a>, Microsoft SQL Server and PostgreSQL, which are partially written in C;</li> <li>language compilers, including the C compiler;</li> <li>text editors;</li> <li>print spoolers;</li> <li>assemblers;</li> <li>network drivers;</li> <li>modern programs, such as <a href="https://www.techtarget.com/searchitoperations/definition/Git">Git</a> and FreeBSD;</li> <li>language interpreters; and</li> <li>utilities, such as network drivers, mouse drivers and keyboard drivers.</li> </ul> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/popular_cloud_programming_languages_and_frameworks-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/popular_cloud_programming_languages_and_frameworks-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/popular_cloud_programming_languages_and_frameworks-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/popular_cloud_programming_languages_and_frameworks-f.png 1280w" alt="programming languages and frameworks" height="427" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>There are a variety of programming languages and frameworks, including C. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="What's the difference between C and C++?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What's the difference between C and C++?</h2> <p>While C and <a href="https://www.techtarget.com/searchdatamanagement/definition/C">C++</a> sound familiar, the usage and features of both languages differ to a certain extent. C++ is a superset and successor to the C language that uses an entirely different set of programming concepts. C is a procedural programming language, whereas C++ provides OOP support.</p> <p>The following highlights the differences between the two languages:</p> <ul class="default-list"> <li>C is a procedural language that provides no support for objects and classes. C++ is a combination of OOP and procedural programming languages.</li> <li>C has 32 keywords and C++ has 63 keywords.</li> <li>C supports built-in <a href="https://www.techtarget.com/searchapparchitecture/definition/data-type">data types</a>, while C++ supports both built-in and user-defined data types.</li> <li>C doesn't have access modifiers, whereas C++ does.</li> <li>C uses the <strong><stdio.h></strong> header file for input and output operations and C++ uses the <strong><iostream.h></strong> header file for input and output operations.</li> <li>C can't hide data, while C++ is secure and provides <a href="https://www.techtarget.com/searchsecurity/definition/encryption">encryption</a>.</li> <li>There's no direct <a href="https://www.techtarget.com/searchsoftwarequality/definition/error-handling">exception handling</a> support in C, but C++ supports it.</li> <li>C doesn't support function and operator overloading, but C++ does.</li> <li>In C, the <strong>main()</strong> function calls are made through other functions used in the code, but C++ doesn't provide that functionality.</li> <li>Reference <a href="https://www.techtarget.com/whatis/definition/variable">variables</a> aren't supported by C, but C++ supports them.</li> </ul> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/6Ff5ls0TXHU?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="History of C"> <h2 class="section-title"><i class="icon" data-icon="1"></i>History of C</h2> <p>The C programming language was developed at the former AT&T Bell Laboratories in the early 1970s by computer scientist <a href="https://www.bell-labs.com/usr/dmr/www/chist.html" target="_blank" rel="noopener">Dennis Ritchie</a>. The successor to the B language, C was initially developed for writing code for the Unix operating system, which at the time used <a href="https://www.techtarget.com/searchdatacenter/definition/assembler">assembly programs</a> that communicated directly with the computer hardware. Assembly programs can be complex and lengthy, and programmers needed a language that promoted a user-friendly set of instructions. C fulfilled these objectives and also helped overcome the challenges that programmers experienced with <a href="https://www.techtarget.com/whatis/definition/BASIC-Beginners-All-purpose-Symbolic-Instruction-Code">BASIC</a>, B and Basic Combined Programming Language. </p> <p>Due to its popularity and flexible features, it was soon released for cross-platform usage and quickly became commercialized. C is still commonly used in web development projects and many popular languages, such as Java, PHP and <a href="https://www.theserverside.com/definition/JavaScript">JavaScript</a> have directly or indirectly borrowed features and syntax from C.</p> <p>While C has transformed over the years, it's still used commonly in lower-level programs, such as <a href="https://www.techtarget.com/searchdatacenter/definition/kernel">kernels</a>.</p> <p><em>C has rapidly evolved since its inception. Examine the <a href="https://www.techtarget.com/searchapparchitecture/tip/A-quick-glance-at-the-history-of-C-programming-languages">history of C</a>, how it has evolved and why it's still relevant today. </em></p> </section> The C programming language is a procedural and general-purpose language that provides low-level access to system memory. https://cdn.ttgtmedia.com/visuals/digdeeper/5.jpg https://www.techtarget.com/searchwindowsserver/definition/C Tue, 22 Oct 2024 09:34:00 GMT What is C (programming language)? <p>Enterprise content management is a set of defined processes, strategies and tools that enables a business to obtain, organize, store and deliver critical information to its employees, business stakeholders and customers.</p> <p>ECM has evolved rapidly as different forms of content have been introduced to the work ecosystem. However, ECM tools continue to focus on digitally managing a company's information in a centralized repository and using the digital content to support business processes.</p> <p>Enterprise <a href="https://www.techtarget.com/searchcontentmanagement/definition/content-management">content management</a> does not refer to a single technology or process. It's an umbrella term that describes a combination of methods, tools and strategies that support capturing and managing content, as well as the storage, retention and delivery of <a href="https://www.techtarget.com/searchcontentmanagement/tip/7-key-stages-of-enterprise-content-lifecycle-management">information throughout its lifecycle</a>.</p> <p>The definition of <i>content</i> can range significantly, but it generally refers to any information that employees use to do their work. In the context of traditional ECM, content often took the form of paper documents, such as invoices, resumes and contracts. As technology has advanced, however, the definition of content has broadened to include video and audio files, social media posts, email, web content and more.</p> <p>ECM can handle both structured and unstructured content:</p> <ul class="default-list"> <li><b>Structured content.</b> Data that is contained and defined, such as databases and code repositories.</li> <li><b>Unstructured content.</b> Information that doesn't have a predefined format and can include content such as Microsoft Office documents, PDFs and emails.</li> </ul> <p>Enterprise content management software helps streamline the information lifecycle with a <a href="https://www.techtarget.com/searchcontentmanagement/tip/Document-management-vs-content-management-How-they-differ">document management system</a> and the automation of process workflows. It's critical for any organization with large volumes of content to define an ECM plan to eliminate operational inefficiencies, reduce costs and adhere to regulatory compliance mandates.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/content_management-content_lifecycle_stages-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/content_management-content_lifecycle_stages-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/content_management-content_lifecycle_stages-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/content_management-content_lifecycle_stages-f.png 1280w" alt="Circular flowchart of the 7 content lifecycle management stages: capture, preserve, categorize, process, publish, archive, remove." height="468" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Content lifecycle management includes these seven comprehensive stages. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Some specific areas of business that benefit from ECM software include the following:</p> <ul class="default-list"> <li><b>Contracts management.</b> ECM software enables users to digitally collaborate and ensure contracts are reviewed, edited and approved on time by automatically routing the documents and notifying the appropriate people when contracts need attention.</li> <li><b>HR automation.</b> ECM software can remove the need for paper-based employee files while also improving new hire processes, streamlining the organization of HR-related information and guaranteeing compliance with HR onboarding mandates.</li> <li><b>Accounts payable automation.</b> ECM software enables users to accurately match, distribute and approve purchase orders, delivery tickets and invoices, resulting in reduced late fees and enhanced efficiency.</li> <li><b>Accounts receivable automation.</b> ECM software provides users with immediate access to purchase orders, invoices and signed receipts, thus reducing the time for <a href="https://www.techtarget.com/searchbusinessanalytics/definition/days-sales-outstanding-DSO">days sales outstanding</a> by accelerating the speed of customer payments.</li> </ul> <section class="section main-article-chapter" data-menu-title="How does ECM work?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How does ECM work?</h2> <p>Enterprise content management refers to a collection of strategies, methods and tools used to capture, manage and store key business process management information throughout its lifecycle.</p> <p>Organizations can use ECM software to identify duplicate and near-duplicate content, enabling the organization to keep a few copies of a particular piece of content instead of hundreds. This variety of information is organized in a central location with document <a href="https://www.techtarget.com/whatis/definition/metadata">metadata</a> stored in folders, ensuring the content is available to the right people at the right time.</p> <p>Users with the proper approvals can find specific documents using full-text searches. The ECM platform retrieves the document and presents it to users, allowing them to read, edit or print a copy of the information regardless of their location or the device they're using. With ECM software, users can also look for specific words or phrases within the stored documents, decreasing the time spent scanning content and increasing productivity.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/liwOFr6gLcI?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Why is ECM important?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why is ECM important?</h2> <p>In recent years, ECM has become increasingly important and complex for various reasons. Financial fraud and data breaches -- and the regulations designed to prevent them -- have made <a href="https://www.techtarget.com/searchcio/definition/information-governance">information governance</a> essential for compliance reasons and to help protect an organization's reputation. Organizations also need to manage content effectively for integration with business intelligence/business analytics applications that help them to use the information to guide business decisions.</p> <p>Furthermore, productivity and efficiency within companies increase when they reduce their dependence on paper documents and create an organized, secure repository of unstructured information that considers business needs. Companies that don't implement ECM risk losing time and productivity as well as potential noncompliance with corporate policies and regulations. If disaster strikes, companies that don't securely store content can lose that information, leading to significant business interruptions.</p> <p>Technological advancements are also making a <a href="https://www.techtarget.com/searchcontentmanagement/definition/content-management-system-CMS">content management system</a> more important than ever. The proliferation of remote work has necessitated the business continuity and collaboration features that ECM provides. Advancements in <a href="https://www.techtarget.com/searchenterpriseai/definition/machine-learning-ML">machine learning</a>, mobile and cloud technology are creating new opportunities for businesses.</p> <p>New types of content are also emerging in the form of social media, video and audio. ECM software must continue to adapt with these new forms of unstructured information so it can continue to organize data and optimize business performance.</p> </section> <section class="section main-article-chapter" data-menu-title="What are the components of ECM?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the components of ECM?</h2> <p>Traditionally, the five main components of ECM are: capture, manage, store, preserve and deliver. The purpose of each component, as originally defined by the Association for Intelligent Information Management, is as follows:</p> <ul class="default-list"> <li><b>Capture.</b> The capture component creates information by converting paper documents into electronic formats, obtaining and collecting electronic files into a cohesive structure, and organizing information. With document capture, information can include content such as invoices, contracts and research reports.</li> <li><b>Manage.</b> The manage component connects, modifies and employs information through means such as document management, collaborative software, <a href="https://www.techtarget.com/searchcontentmanagement/definition/web-content-management-WCM">web content management</a> and records management.</li> <li><b>Store.</b> The store component temporarily backs up frequently changing information in the short term within flexible folder structures to let users view or edit information.</li> <li><b>Preserve.</b> The preserve component backs up infrequently changing information in the medium and long term, and it is usually accomplished through records management. It's commonly used to help organizations comply with government regulations and other directives.</li> <li><b>Deliver.</b> The deliver component provides clients and end users with requested information.</li> </ul> <p>These five elements largely make up the ECM architecture, which encompasses both front-end and back-end functionalities for end users and software support teams, respectively.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/content_management-ecm.jpg"> <img data-src="https://www.techtarget.com/rms/onlineImages/content_management-ecm_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/content_management-ecm_mobile.jpg 960w,https://www.techtarget.com/rms/onlineImages/content_management-ecm.jpg 1280w" alt="Chart of the five enterprise content management components: capture, manage, store, preserve, deliver." height="388" width="520"> <figcaption> <i class="icon pictures" data-icon="z"></i>Enterprise content management architecture comprises these five elements. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="What are the benefits of ECM?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the benefits of ECM?</h2> <p>An effective enterprise content management system provides everyone in the organization with easy access to all the information they need to make business decisions, complete projects, collaborate and perform their jobs with efficiency.</p> <p>In addition to the obvious benefits of organization and efficiency, <a href="https://www.techtarget.com/searchcontentmanagement/tip/5-benefits-of-enterprise-content-management-ECM">ECM provides a wealth of other benefits</a>, including the following:</p> <ul class="default-list"> <li><b>Minimized compliance and regulatory risk.</b> ECM provides a centralized platform where content can be held and disseminated in a way that meets regulatory compliance requirements and risk management guidelines. An ECM achieves this by eliminating ad hoc processes that can expose an enterprise to regulatory compliance risks and other potential problems.</li> <li><b>A single source of truth.</b> ECM software can provide organizations with a single source of truth by structuring information so it's only stored once -- in a secure digital content repository. This reduces the risk of duplication and ensures the entire enterprise has access to a single, approved and authoritative piece of information. An ECM system also enables effective <a href="https://www.techtarget.com/searchcontentmanagement/definition/knowledge-management-KM">knowledge management</a> due to an organization's ability to create, share and optimize the total <a href="https://www.techtarget.com/searchcontentmanagement/tip/Content-management-vs-knowledge-management-What-are-the-differences">knowledge in the content management platform</a>. </li> <li><b>Reduced cost.</b> ECM reduces costs across the organization by automating previously manual processes, reducing compliance penalties, minimizing storage needs and reducing postal requirements. It also reduces the cost of e-discovery in the event of a legal or compliance incident when lawyers or compliance officers would require access to the organization's content. </li> <li><b>Improved customer satisfaction.</b> When resolving customer issues, customer service representatives require access to the right content at the right time, which is one of the major goals of ECM. An ECM system enables employees to help customers more quickly and efficiently, thus improving customer satisfaction. </li> <li><b>Business continuity.</b> An ECM platform that is properly implemented enables a business to have high availability and uptime for its content. ECM incorporates archives, disaster recovery and account backups. </li> <li><b>Increased productivity.</b> Effective ECM can streamline access and business processes, optimize security, maintain integrity, minimize overhead and eliminate bottlenecks by reducing storage as well as paper and mailing needs. All of these can lead to increased productivity.</li> <li><b>Improved content accessibility.</b> ECM provides data search and analytics tools, thus improving <a href="https://www.techtarget.com/searchbusinessanalytics/definition/data-mining">data mining</a>. Users can set search ranges and parameters that enable them to narrow search results and find information more efficiently.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="What is an example of an ECM?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is an example of an ECM?</h2> <p>Some examples of <a href="https://www.techtarget.com/searchcontentmanagement/tip/Best-enterprise-content-management-software">ECM software products</a> include Alfresco, Box Platform, Hyland OnBase, IBM Cloud Pak for Business Automation, iManage Work, Microsoft SharePoint, Nuxeo Platform, OpenText Extended ECM, Newgen and SER Group's Doxis. Free and open source ECM services are available.</p> <p>Organizations can deploy ECM software <a href="https://www.techtarget.com/searchcontentmanagement/tip/7-steps-for-ECM-migration">on premises or in the cloud</a>. The benefits of cloud-based ECM include flexible licensing models, easier remote and mobile access, and integration with other cloud services.</p> <p>ECM software provides several capabilities. But companies that want more flexibility in choosing content management tools or don't need all the components of an ECM suite can purchase one-off apps from software providers to meet their needs. This approach to managing enterprise content -- which includes content services applications, platforms and components -- falls into the <i>content services</i> classification.</p> <p>At a high level, key elements of ECM incorporate the following:</p> <ul class="default-list"> <li>Content lifecycle management.</li> <li>Workflow management.</li> <li>Information governance.</li> <li>Content management systems.</li> <li>Collaboration tools.</li> <li><a href="https://www.techtarget.com/searchcontentmanagement/definition/enterprise-document-management-EDM">Enterprise document management</a>.</li> <li>Digital asset management.</li> </ul> <p>Reliable ECM software includes the following features:</p> <ul class="default-list"> <li><b>Automated workflows.</b> A workflow engine pushes content through a set of defined steps that support business processes and the content lifecycle.</li> <li><b>Integration with other applications.</b> It's useful for ECM to interoperate with an organization's existing platforms, such as CRM and ERP applications. Many ECM platforms use RESTful APIs to integrate with other web services. Generally, cloud-based ECM tools easily integrate with other cloud services.</li> <li><b>Disaster recovery planning.</b> ECM software incorporates disaster recovery planning, enabling organizations to digitally secure and protect their content from theft, fire or natural disaster, while also ensuring operations proceed as normal in case of a disaster.</li> <li><b>Document scanning.</b> ECM software lets users easily convert paper-based documents into digital information, store those documents in the ECM system, and share, manage and mine them with efficiency.</li> <li><b>Search capabilities.</b> One of the primary goals of ECM is to make content more accessible to users. Advanced search capabilities should be a top priority, enabling users to perform a full-text search and filter the results.</li> <li><b>Metadata support.</b> Advanced ECM platforms include support for automated metadata and <a href="https://www.techtarget.com/searchcontentmanagement/tip/AI-in-content-management-supports-tagging-search">tagging driven by an AI engine</a>. They also support multiple enterprise taxonomies.</li> <li><b>Versioning.</b> ECM can track and store multiple versions of files. These tools might also incorporate the ability to revert to a previous version of a document.</li> <li><b>User access controls.</b> For security reasons, an ECM platform often has capabilities to prevent unauthorized users from viewing or editing certain documents. Many ECM platforms incorporate role-based access controls to achieve this.</li> </ul> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/contentmanagement-ecm_software_comparison-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/contentmanagement-ecm_software_comparison-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/contentmanagement-ecm_software_comparison-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/contentmanagement-ecm_software_comparison-f.png 1280w" alt="Table comparing enterprise content management vendors and their features." height="506" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Compare some of the top enterprise content management vendors and their features. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="How to implement an ECM platform"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to implement an ECM platform</h2> <p>An ECM implementation is often a <a href="https://www.techtarget.com/searchcontentmanagement/tip/Top-8-enterprise-content-management-challenges-to-avoid">complex and challenging process</a> that involves a variety of stakeholders and departments. Before implementing ECM, it's important for organizations to <a href="https://www.techtarget.com/searchcontentmanagement/tip/How-to-develop-an-ECM-strategy-and-roadmap">develop an ECM roadmap or strategy</a> to identify the priorities of the ECM implementation and get clarity on the necessary procedures and technologies it entails.</p> <p>The first step of creating an ECM strategy is to perform a content audit by documenting all the types of content the organization deals with, the business processes it's part of and who handles the content.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/contentmanagement-key_steps_for_creating_an_emc_roadmap-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/contentmanagement-key_steps_for_creating_an_emc_roadmap-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/contentmanagement-key_steps_for_creating_an_emc_roadmap-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/contentmanagement-key_steps_for_creating_an_emc_roadmap-f.png 1280w" alt="Outline of the three key steps in an enterprise content management roadmap." height="319" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Follow these key steps to create an enterprise content management roadmap. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Once an organization clearly understands the ECM strategy, the next step is implementation. The following are essential steps to <a href="https://www.techtarget.com/searchcontentmanagement/tip/5-steps-to-a-successful-ECM-implementation">successfully implement an ECM system</a>:</p> <ul class="default-list"> <li><b>Involve key stakeholders.</b> A single employee -- or even a single department -- should not try to implement an ECM system alone. Multiple departments must be involved due to the collaborative nature of ECM. Businesses should create a team centered around multiple groups, including implementation, governance and executive teams.</li> </ul> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/content_management-5_steps_ecm_implementation-h.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/content_management-5_steps_ecm_implementation-h_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/content_management-5_steps_ecm_implementation-h_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/content_management-5_steps_ecm_implementation-h.png 1280w" alt="Graphic of a numbered list showing the five steps of an enterprise content management implementation." height="275" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Follow these five steps for an ECM rollout. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <ul class="default-list"> <li><b>Define goals.</b> Organizations should have a clear understanding of what an ECM implementation will achieve. Regardless of the industry or department implementing ECM, users likely have common goals: <ul class="default-list"> <li>Eliminate the dependency on paper.</li> <li>Streamline all business processes.</li> <li>Reduce organizational risk.</li> <li>Optimize productivity.</li> <li>Improve customer service.</li> </ul> </li> <li><b>Plan how to reach those goals. </b>Next, businesses should determine how to reach the goals they've set. They should consider whether they need to migrate content, train users or build a new ECM system. During this step, businesses should evaluate which processes are high priority.</li> <li><b>Build, test and deploy. </b>Ideally, businesses should drive an ECM implementation using <a href="https://www.techtarget.com/searchsoftwarequality/video/Agile-vs-Scrum-How-to-choose-between-them">Agile or Scrum methodology</a>. This enables stakeholders to be fully engaged as they evaluate biweekly or monthly releases.</li> <li><b>Iterate. </b>An ECM implementation never truly ends. Businesses should build in the capability to refine an ECM system over time to maximize business value.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="The future of ECM"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The future of ECM</h2> <p>In 2016, Gartner declared enterprise content management had been replaced by content services -- the strategic concept that involves content services applications, platforms and components but is less concerned with centralizing all information into one enterprise-wide platform. As part of that initiative, Gartner replaced the ECM Magic Quadrant with a content services Magic Quadrant in 2017.</p> <p>However, organizations still frequently use ECM to organize their information and achieve goals faster.</p> <p>Content services platforms (CSPs) and ECM <a href="https://www.techtarget.com/searchcontentmanagement/answer/Whats-the-difference-between-ECM-vs-content-services">are not equivalent terms</a>, and one will not likely replace the other. A CSP focuses on managing transactional content in the context of solving a particular problem. ECM is broader in scope; it seeks to manage all forms of content within the enterprise, regardless of its type or where it resides.</p> <p>ECM has also evolved to become an approach rather than a single technology. In the future, enterprise content management strategies and tools will continue to change to adapt to the demands of organizations looking for more agility and integration. As technology evolves, ECM vendors add more features.</p> <p>More organizations are <a target="_blank" href="https://www.teknita.com/the-impact-of-ecm-on-collaboration-and-team-productivity/" rel="noopener">incorporating team collaboration</a> tools into their ECM approach. Plus, constant advancements in cloud, mobile and analytics technology continue to increase users' expectations of ECM capabilities. Automation and machine learning are becoming key complements to ECM, and it is becoming more and more likely that cloud deployment will be the key to maximizing an ECM system's effectiveness.</p> <p><b>Editor's note:</b> <i>This article was republished to improve the reader experience.</i></p> </section> Enterprise content management is a set of defined processes, strategies and tools that enables a business to obtain, organize, store and deliver critical information to its employees, business stakeholders and customers. https://cdn.ttgtmedia.com/visuals/digdeeper/5.jpg https://www.techtarget.com/searchcontentmanagement/definition/enterprise-content-management-ECM Wed, 11 Sep 2024 00:00:00 GMT What is enterprise content management? Guide to ECM <p>Microsoft Azure Files -- sometimes known as Microsoft Azure File Service -- is a simple, secure, serverless, fully managed and cloud-based file sharing service for enterprise users. Through Azure files, users can access the file shares via the industry-standard Server Message Block (<a href="https://www.techtarget.com/searchnetworking/definition/Server-Message-Block-Protocol">SMB</a>) and Network File System (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/Network-File-System">NFS</a>) protocols, as well as the <a href="https://www.techtarget.com/searchwindowsserver/tutorial/How-to-use-PowerShell-with-the-Azure-REST-API">Azure Files REST API</a>.</p> <section class="section main-article-chapter" data-menu-title="Azure cloud storage services and Azure Files"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Azure cloud storage services and Azure Files</h2> <p>Enterprise users can choose from several cloud storage services available with the <a href="https://www.techtarget.com/searchcloudcomputing/definition/Windows-Azure">Azure cloud</a>. These storage solutions for <a href="https://www.techtarget.com/searchstorage/tip/Compare-block-vs-file-vs-object-storage-differences-uses">object, block, and file storage</a> provide high availability and enterprise-grade security and allow users to scale cloud performance and unify data management.</p> <p>Azure Files is a managed file share and storage service that offers a highly available and durable <a href="https://www.techtarget.com/searchstorage/definition/distributed-file-system-DFS">distributed file system</a>. By replacing or augmenting on-prem file shares with Azure Files, organizations can worry less about local power outages or network issues affecting business continuity and focus more on their core business.</p> <p>With Azure Files, organizations get the following:</p> <ul class="default-list"> <li>100 GB of local redundant storage, or LRS, transaction optimized, hot and cool files.</li> <li>2 million read, list and other file operations.</li> </ul> <p>These files and operations are available free every month for 12 months.</p> <p>Since Azure Files is a fully managed service, users are relieved of the management or administration burden. To access the stored data, they simply navigate to the path where the file share is mounted and open the file.</p> <p>Users can also store and access data from multiple sources since Azure Files supports multiple protocols, including SMB, NFS and File Transfer Protocols (<a href="https://www.techtarget.com/searchsecurity/tip/8-secure-file-transfer-services-for-the-enterprise">FTPs</a>). Support for various protocols allows users to seamlessly replace on-prem file shares with Azure file shares and even share file systems across multiple machines, applications and application <a href="https://www.techtarget.com/whatis/definition/instance">instances</a> - without worrying about application compatibility or file system shareability.</p> <p>Additionally, the service is ideal for <a href="https://www.techtarget.com/searchcloudcomputing/feature/Multi-cloud-vs-hybrid-cloud-and-how-to-know-the-difference">hybrid cloud</a> deployments. This allows Azure users to transform Windows Servers into caches of cloud shares and mount the file shares from anywhere, while simultaneously enjoying on-prem performance.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/l9JkLhvaKA8?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Accessing Azure Files"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Accessing Azure Files</h2> <p>Accessing and using Azure Files shares is easy. Users can directly mount file shares concurrently by cloud or on-premises deployments of many different systems, including Windows, <a href="https://www.techtarget.com/searchdatacenter/definition/Linux-operating-system">Linux</a> and <a href="https://www.techtarget.com/whatis/definition/Mac-OS">macOS</a>. It is also possible to <a href="https://www.techtarget.com/searchstorage/definition/cache">cache</a> SMB Azure Files shares on Windows Servers using the Azure File Sync feature. Caching enables fast access near where the data is being used. Along with Azure Files AD Authentication, SMB Azure Files shares can work with on-prem Active Directory Domain Services (<a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Active-Directory-Domain-Services-AD-DS">AD DS</a>) for strong access control.</p> <p>As a distributed file system, Azure Files is highly available and durable for enterprise use. There are no hidden infrastructure-as-a-service (<a href="https://www.techtarget.com/searchcloudcomputing/definition/Infrastructure-as-a-Service-IaaS">IaaS</a>) virtual machines (<a href="https://www.techtarget.com/searchitoperations/definition/virtual-machine-VM">VMs</a>) or network-attached storage (<a href="https://www.techtarget.com/searchstorage/definition/network-attached-storage">NAS</a>) filers, increasing transparency and simplifying usage. Moreover, Azure Files can supplement or extend traditional on-prem file servers or NAS devices into the Azure cloud. The service can also be used to replace the devices entirely and provide simple, fast, secure, and hassle-free <a href="https://www.techtarget.com/searchdatabackup/tip/Cloud-backup-versus-cloud-storage-comparison">file storage in the cloud</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="Azure File Sync"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Azure File Sync</h2> <p>Azure Files includes a File Sync feature that allows users to replicate SMB Azure file shares to Windows servers, both on-prem and in the cloud. Doing so improves performance and enables distributed data caching. Azure File Sync also helps to optimize file storage and access by centralizing file shares and providing the flexibility and compatibility of a Windows <a href="https://www.techtarget.com/searchnetworking/definition/file-server">file server</a>.</p> <p>Using Azure File Sync, users can maintain as many caches as needed. And by enabling cloud tiering, users can cache frequently accessed files on a local server while tiering the least frequently accessed files to the cloud. Cloud tiering improves the user experience since tiered files can be quickly recalled as needed. It also helps reduce storage costs since there's less data to store on premises. The local data can be easily accessed using any protocol that's available on Windows Server, including SMB, NFS, and FTPs.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/3_cloud_storage_services_explained-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/3_cloud_storage_services_explained-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/3_cloud_storage_services_explained-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/3_cloud_storage_services_explained-f.png 1280w" alt="cloud storage vs. cloud backup vs. cloud file sync table" height="385" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Learn the use cases for cloud storage, cloud backup, and cloud file sync and share. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Benefits of Azure Files"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Benefits of Azure Files</h2> <p>Azure Files provides a simple and secure cloud file sharing service for modern enterprise <a href="https://www.techtarget.com/searchdatacenter/definition/workload">workloads</a>. The file shares are fully managed and <a href="https://www.techtarget.com/searchcloudcomputing/tip/Top-benefits-and-disadvantages-of-serverless-computing">serverless</a>, meaning Microsoft manages all underlying infrastructure and management tasks. This allows users to focus on their core tasks rather than on busywork related to hardware management, operating system (OS) patching and security upgrades.</p> <p>The service is OS-agnostic, so users can directly mount and access their Azure file shares from any <a href="https://www.techtarget.com/searchenterprisedesktop/definition/client">client</a>, including Windows, Linux and macOS. They can also access NFS Azure file shares from Linux clients.</p> <p>Azure Files also allows the replication of SMB Azure file shares to Windows servers, both on-prem and in the cloud. This flexibility of choice supplements on-prem servers and supports distributed data caching to improve overall performance. Furthermore, administrators can easily create and manage Azure file shares using <a href="https://www.techtarget.com/searchwindowsserver/tip/Top-PowerShell-commands-you-must-know-with-cheat-sheet">PowerShell cmdlets</a>, <a href="https://www.techtarget.com/searchcloudcomputing/tip/Evaluate-Azure-CLI-vs-PowerShell-for-resource-management">Azure CLI</a>, Azure portal or <a href="https://www.techtarget.com/searchcloudcomputing/tip/What-are-the-main-features-of-Azure-Storage-Explorer">Azure Storage Explorer</a>.</p> <p>It is also easy to migrate the Windows file server to the cloud using Azure Files. There's no downtime and no need to break existing links when <a href="https://www.techtarget.com/whatis/definition/lift-and-shift">lifting-and-shifting</a> applications that expect a file share to store file application or user data. Migration is further simplified using <a href="https://www.techtarget.com/searchwindowsserver/tutorial/Migrating-file-servers-using-Storage-Migration-Service">Microsoft's Storage Migration Service</a> and Azure File Sync.</p> <p>Azure Files supports both classic lift-and-shift and hybrid lift-and-shift cloud migration. With the classic approach, users can move the application and its data to Azure while with the hybrid approach, they can move only application to Azure Files while running the application on-prem.</p> </section> <section class="section main-article-chapter" data-menu-title="Azure Files use cases"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Azure Files use cases</h2> <p>Azure Files is a good choice for cloud file shares, regardless of whether users mount the service directly or use Azure File Sync to cache on-prem. The service is useful for a wide range of cloud development projects, particularly those that require shared application settings. With Azure Files, <a href="https://www.techtarget.com/searchitoperations/definition/configuration-file">configuration files</a> for a project can be stored in a centralized location and accessed from many application instances. These instances will load the files through the Azure Files REST API. Users can access the files by mounting the share locally.</p> <p>Azure Files is also useful for storing logs, <a href="https://www.techtarget.com/searchcustomerexperience/definition/business-metric">metrics</a> and crash dumps from cloud applications. Developers can access these files by mounting the file share on a local machine. Moreover, when working on VMs in the cloud, they don't need to copy any utilities or tools to the cloud. Rather, they can mount Azure file shares locally on the VM (or VMs). Essentially, Azure Files allows users to benefit from the cloud's flexibility while enjoying the freedom to work the way they want and with the familiar tools they are most comfortable with.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-1" src="https://www.youtube.com/embed/a1LW8rDB874?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p>Finally, Azure Files is ideal for <a href="https://www.techtarget.com/searchitoperations/definition/container-containerization-or-container-based-virtualization">container</a>-based applications. Using containers allows developers to build once and run anywhere, thus accelerating application development and time to market. Azure file shares can be used as persistent volumes for <a href="https://www.techtarget.com/searchitoperations/tip/How-to-manage-stateful-containers-with-Kubernetes">stateful containers</a> and the data between containers can be shared using NFS or SMB file shares. SMB file shares can be used to share data between containers since Azure Files is tightly integrated with Azure Kubernetes Service (<a href="https://www.techtarget.com/searchcloudcomputing/definition/Azure-Kubernetes-Service-AKS">AKS</a>) for easy cloud file storage and data management.</p> <p><i>With file storage in the public cloud, there are many options available across some of the largest vendors, with performance a major consideration. Compare </i><a href="https://www.techtarget.com/searchstorage/tip/Compare-file-storage-options-in-the-cloud"><i>file storage options in the cloud</i></a><i>.</i></p> </section> Microsoft Azure Files -- sometimes known as Microsoft Azure File Service -- is a simple, secure, serverless, fully managed and cloud-based file sharing service for enterprise users. https://cdn.ttgtmedia.com/visuals/digdeeper/4.jpg https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Azure-File-Service Thu, 15 Aug 2024 17:39:00 GMT What is Microsoft Azure File Service? <p>For basic disk operations on Windows systems, administrators can use <a href="https://www.techtarget.com/searchwindowsserver/definition/Diskpart-Disk-Partition-Utility">diskpart</a>, a command-line utility that remains useful for many different drive-related jobs more than 20 years after it was released.</p> <p>Microsoft introduced the diskpart management tool in the Windows 2000 OS in 1999 and has included it all versions of Windows since. Diskpart scans for newly added disks, but it can also create, delete and resize drive <a href="https://www.techtarget.com/searchstorage/definition/partition">partitions</a>, as well as assign or reassign drive letters. Diskpart also works with drive volumes, virtual hard disks (VHDs) and removable media, such as USB flash drives. In addition to its management capabilities, diskpart can troubleshoot disk problems, fix corrupted partitions and recover data. The Disk Management utility is also included with Windows OSes and is a similar GUI-based tool, but it lacks the granular control and automation capabilities in diskpart.</p> <p>Microsoft continues to develop diskpart, and the latest version features 38 commands. To use diskpart, list the objects, such as disks or partitions, and then select an object to change it.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/071621_diskpart_command_list.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/071621_diskpart_command_list_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/071621_diskpart_command_list_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/071621_diskpart_command_list.jpg 1280w" alt="diskpart commands list" height="291" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Diskpart is a disk management utility in Windows with an extensive commands list. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <section class="section main-article-chapter" data-menu-title="Using diskpart requires understanding data storage terminology"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Using diskpart requires understanding data storage terminology</h2> <p>Using diskpart effectively requires a basic understanding of <a href="https://www.techtarget.com/searchenterprisedesktop/answer/What-are-Windows-10-disk-management-terms-IT-should-know">Windows disk terminology</a>. A basic disk is a storage device, such as a hard drive, solid-state drive or USB flash drive, which you format with a <a href="https://www.techtarget.com/searchwindowsserver/answer/Whats-the-difference-between-FAT32-FAT16-and-NTFS">Windows file system</a>.</p> <p>A basic disk can hold one or several partitions in Windows. A partition is a logical structure confined to a single disk.</p> <p>A volume is a construct of the OS that consists of one or more partitions that can span one or more disks.</p> </section> <section class="section main-article-chapter" data-menu-title="Use caution when running diskpart commands"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Use caution when running diskpart commands</h2> <p>You should be careful when using diskpart because there is no undo function if you select the wrong object. For example, if you format a disk, then you lose any data on the disk.</p> <p>Also, once a command is entered -- even a destructive one -- diskpart does not ask for confirmation before it runs. For example, if you perform an errant diskpart delete partition operation, you must use another utility, such as a third-party disk management program, to recover the data or <a href="https://www.techtarget.com/searchdatabackup/feature/Full-incremental-or-differential-How-to-choose-the-correct-backup-type">use a backup image</a> to restore the files from the drive.</p> <p>There is no override function. You can use the Ctrl+C hotkey or close the command window to stop the ongoing diskpart operation, but this could lead to data corruption or introduce problems with disk functionality.</p> <p>Follow these tips to avoid issues when using diskpart:</p> <ul class="default-list"> <li>Do not use diskpart until you back up the disk you plan to modify.</li> <li>Exercise caution when using diskpart on systems that use dynamic disks, which Microsoft still supports but considers a legacy feature.</li> <li>Check with your hardware vendor before using diskpart.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="How to create a partition with diskpart"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to create a partition with diskpart</h2> <p>A disk partition sections off a portion of a physical hard drive. Partitioning a hard drive can be done for several reasons, such as organizing data in a more logical fashion or installing a different OS on each partition.</p> <p>Diskpart performs the tasks of a disk partition manager. Partitioning your disk can help increase the I/O performance of hard disks newly added to <a href="https://www.techtarget.com/searchstorage/definition/RAID">RAID</a>. The documentation for many server applications, such as Exchange Server, recommends using diskpart to create the primary or extended partitions. You can use a primary partition as the system partition; you can only use an extended partition for additional logical drive assignments.</p> <p>The diskpart <span style="font-family: courier new, courier, monospace;">create</span><b> </b>command makes disk partitions, volumes on a single disk or multiple disks, and VHDs.</p> <p>To run diskpart, open a <a href="https://www.techtarget.com/whatis/definition/command-prompt">command prompt</a>, and run it as the administrator.</p> <p>Take the following steps to create a partition with diskpart:</p> <ol type="1" start="1" class="default-list"> <li>Type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">list disk</span>. Note the drive number you wish to modify.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Replace [number] with the disk number to edit using the information from step two.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">create partition primary size=102400</span>. The <span style="font-family: courier new, courier, monospace;">size</span> parameter refers to the size in megabytes. In this case, 102400 equals 100 GB. Change the word <span style="font-family: courier new, courier, monospace;">primary</span><b> </b>to <span style="font-family: courier new, courier, monospace;">extended</span><b> </b>to create an extended partition. If you do not set a size, then all available space on the disk is used for the partition.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">assign letter=D</span>. Choose an unused drive letter.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">exit</span>.</li> <li>From the command prompt, use the <span style="font-family: courier new, courier, monospace;">format</span> command, the Disk Management utility in Windows or any disk format tool to format the drive. It is typical to use New Technology File Sysem (<a href="https://www.techtarget.com/searchwindowsserver/definition/NTFS">NTFS</a>) during the initialization process.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="How to extend a partition with diskpart"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to extend a partition with diskpart</h2> <p>When it comes to adjusting the space for a partition or volume, the following method is superior to configuring two disks. Dynamic disk extensions only concatenate the newly added space, meaning they just add the disk space to the end of the original partition without restriping the data.</p> <p>Concatenation isolates performance within each partition and does not offer fault tolerance when the partition is configured in RAID. Diskpart restripes your existing data. This is beneficial when the partition is set up in RAID because the existing partition data spreads across all the drives in the array rather than just adding new space to the end, like the Disk Management utility.</p> <p>Take the following steps to extend a partition with diskpart:</p> <ol type="1" start="1" class="default-list"> <li>Verify that contiguous free space is available on the same drive and this free space is next to the partition you intend to extend with no partitions in between. Be sure you have a full backup before executing this command.</li> <li>At a command prompt, type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Enter the proper disk number to modify.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select volume [number]</span>. Choose the volume.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">extend</span>. If you do not set a size, then diskpart uses all available space on the disk.</li> <li>At the DISKPART prompt, type<b><i> </i></b><span style="font-family: courier new, courier, monospace;">exit</span>.</li> </ol> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/071621_diskpart_extend_partition.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/071621_diskpart_extend_partition_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/071621_diskpart_extend_partition_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/071621_diskpart_extend_partition.jpg 1280w" alt="extend disk volume" height="162" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Use diskpart to select a volume to extend with diskpart. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="How to delete a partition with diskpart"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to delete a partition with diskpart</h2> <p>The <span style="font-family: courier new, courier, monospace;">delete</span><b> </b>command in diskpart removes dynamic disks, partitions, volumes and shadow copies. When you have multiple volumes on the disk or an unwanted partition, such as a recovery partition, this command removes them and returns them to unallocated space.</p> <p>Take the following steps to delete a partition:</p> <ol type="1" start="1" class="default-list"> <li>At a command prompt, type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Choose the disk to modify.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">list partition</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select partition [number]</span>. Enter the partition number to modify.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">delete partition</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">exit</span>.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="How to create a volume using diskpart"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to create a volume using diskpart</h2> <p>A volume is a logical construction the OS builds from one or several partitions. In Windows, you can create several volume types with diskpart: simple volume, spanned volume, striped volume, mirrored volume and <a href="https://www.techtarget.com/searchstorage/definition/RAID-5-redundant-array-of-independent-disks">RAID 5 volume</a>.</p> <p>A simple volume spans just one partition on a disk.</p> <p>A spanned volume gathers space from several disks into one logical volume. This operation requires erasing the disks, building the partitions, extending one volume from one disk to the other disk to make the span and then formatting the new volume.</p> <p>A striped volume, also called a <i><a href="https://www.techtarget.com/searchstorage/definition/RAID-0-disk-striping">RAID 0</a> volume</i>, requires two or more disks. This arrangement is often used to boost performance with read/write speeds by spreading data across the drives.</p> <p>A mirrored volume creates a copy of a volume on another disk, which is helpful to avoid data loss if a disk fails. A mirrored volume requires at least two disks that have the same size.</p> <p>A RAID 5 volume is similar to a mirrored volume but uses parity information to distribute the data across disks. A RAID 5 volume requires at least three disks. This method is more scalable but has a slower recovery time compared to a mirrored volume.</p> <p>Take the following steps to create a simple volume of 500 GB with diskpart:</p> <ol type="1" start="1" class="default-list"> <li>At a command prompt, type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">list disk</span>. Output shows available disks.</li> <li>At the DISKPART prompt, <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Choose the disk for the volume.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">create volume simple size=512000</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">exit</span>.</li> </ol> <p>Take the following steps to create a spanned volume of 1 TB using two available disks:</p> <ol class="default-list"> <li>At a command prompt, type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">list disk</span><b> </b>. See the available disks on the system.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Select the first disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">clean</span>. This removes data and any existing partitions or volumes on the selected disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">create partition primary</span>. This creates a partition on the disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Select the second disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">clean</span>. This removes data and any partitions and volumes from the second disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">create partition primary</span>. This creates a partition on the second disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Enter<b> </b>the first disk number.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">create volume spanned size=1048576</span>. This creates a spanned volume of 1 TB from the two disks.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">exit</span>.</li> </ol> <p>Take the following steps to create a RAID 0 or striped volume using two disks:</p> <ol class="default-list"> <li>At a command prompt, type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">list disk</span>. See the available disks on the system.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Select the first disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">clean</span><b>.</b> This erases data and any partition and volumes on the selected disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">convert dynamic</span>. This converts the basic disk to a dynamic disk.</li> <li>Repeat steps 3-5 for the second disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">create volume stripe disk=[disk number 1],[disk number 2]</span>. Enter the proper disk numbers separated by a comma.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">format fs=ntfs quick label="[label name]"</span>. This formats the volume with NTFS and adds the label of your choosing.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">exit</span>.</li> </ol> <p>Take the following steps to create a mirrored volume using two disks:</p> <ol class="default-list"> <li>At a command prompt, type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">list disk</span>. See the available disks on the system.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Select the first disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">clean</span>. This erases data and any partition and volumes on the selected disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">convert dynamic</span>. This converts the basic disk to a dynamic disk.</li> <li>Repeat steps 3-5 for the second disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">create volume mirror disk=[disk number 1],[disk number 2]</span>. Enter the proper disk numbers separated by a comma.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">assign letter=[drive letter]</span>. Enter an unused drive letter.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">format fs=ntfs quick label="[volume name]"</span>. Format the volume, and enter a name for the mirrored volume.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">exit</span>.</li> </ol> <p>Take the following steps to create a RAID 5 volume:</p> <ol class="default-list"> <li>At a command prompt, type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">list disk</span>. Output shows available disks.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Choose the first disk for the volume.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">clean</span>. This erases data and any partition and volumes on the selected disk.</li> <li>Repeat steps 3-4 for the second disk and third disk.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">create volume raid disk=[disk number 1],[disk number 2],[disk number 3]</span>. Enter the three disk numbers separated by commas.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">format fs=ntfs quick label="[volume name]"</span>. Format the volume with NTFS, and give the RAID 5 volume a name.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">assign letter=[drive letter]</span>. Enter an unused drive letter.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">exit</span>.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="How to delete a volume using diskpart"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to delete a volume using diskpart</h2> <p>There are several reasons to remove an existing volume on a disk, such as restructuring disk space or switching file systems. Deleting a volume with diskpart permanently deletes any data on the volume and makes the space available for use.</p> <p>Take the following steps to delete a volume:</p> <ol class="default-list"> <li>At a command prompt, type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">list volume</span>. Output shows available volumes.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select volume [number]</span>. Choose the volume to remove.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">delete volume</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">exit</span>.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="How to erase disk configuration and data using diskpart"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to erase disk configuration and data using diskpart</h2> <p>When you have an entire disk to wipe clean, you can use the <span style="font-family: courier new, courier, monospace;">diskpart clean all</span> command to convert all the stored data into unallocated space. This operation deletes all data on the disk by writing zeros on each disk sector. Diskpart also removes all partition and volume information from the selected drive. If security is not a concern, you can use the <span style="font-family: courier new, courier, monospace;">diskpart clean</span><b> </b>command, which removes all partitions or volume formatting from the disk.</p> <p>Take the following steps to clean a disk:</p> <ol type="1" start="1" class="default-list"> <li>At a command prompt, type <span style="font-family: courier new, courier, monospace;">diskpart</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">select disk [number]</span>. Enter the disk number to wipe.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">clean all</span>.</li> <li>At the DISKPART prompt, type <span style="font-family: courier new, courier, monospace;">exit</span>.</li> </ol> <ol class="default-list"></ol> </section> <section class="section main-article-chapter" data-menu-title="How to troubleshoot problems with diskpart"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to troubleshoot problems with diskpart</h2> <p>Most operations that change disk structure using diskpart require administrator privileges, so be sure to run diskpart with the right permissions and start from an elevated command prompt to avoid unexpected issues.</p> <p>It's helpful to check the status of the disk using the <span style="font-family: courier new, courier, monospace;">list</span><b> </b>parameter in diskpart before performing any action on a disk, volume or partition.</p> <p>The <span style="font-family: courier new, courier, monospace;">attributes disk</span><b> </b>command shows the properties of the disk and can check if a disk is set to read-only, which prevents any changes. To allow writes to the disk, run diskpart, select the disk and run the <span style="font-family: courier new, courier, monospace;">attributes disk clear readonly</span><b> </b>command.</p> <p>If you encounter a virtual disk service error when trying to perform a diskpart command, then this could mean the disk is being used. To correct this, try closing any running applications, or reboot the device.</p> <p>An I/O error when running diskpart could mean several things, including a possible hardware failure, but one of the first troubleshooting steps is to run the <span style="font-family: courier new, courier, monospace;">chkdsk /f /r</span><b> </b>command, which checks a disk for any errors and recovers information from bad sectors.</p> </section> <section class="section main-article-chapter" data-menu-title="Other ways to use diskpart"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Other ways to use diskpart</h2> <p>For maintenance work that requires a bootable USB flash drive, you can use diskpart to format the partition and set up the file system on the removable drive. Administrators can also use diskpart in both Windows Preinstallation Environment and Windows Recovery Environment to correct disk problems or to configure the machine for deployment.</p> <p>With the <span style="font-family: courier new, courier, monospace;">diskpart /s</span><b> </b>switch, administrators can run scripts to automate tasks associated with setting up Windows computers, such as configuring the disks for multiple systems, adding a recovery partition or wiping all data from a disk to return it to a factory state.</p> <p>Sample code from the Microsoft site gives <a target="_blank" href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/oem-deployment-of-windows-desktop-editions-sample-scripts?view=windows-10&preserve-view=true" rel="noopener">examples</a> of how to develop a text-based script file administrators can call from diskpart and run automatically. IT workers can run several diskpart scripts, but Microsoft recommends building in a delay of 15 seconds after a script runs to prevent issues.</p> <p><b>Editor's note:</b> <i>This article was updated in August 2024 to improve the reader experience.</i></p> </section> Diskpart is one of the oldest disk management tools in Windows, but it remains useful for its advanced capabilities in automation and granular control compared to other utilities. https://cdn.ttgtmedia.com/rms/onlineimages/pharma_g1878483820.jpg https://www.techtarget.com/searchwindowsserver/tip/Using-Diskpart-to-create-extend-or-delete-a-disk-partition Wed, 14 Aug 2024 09:00:00 GMT Use diskpart to create, delete and modify disk partitions <p>There are a multitude of hidden settings in the Windows OS that you can unlock with help from several tools designed for Windows registry editing.</p> <p>There are times when a simple addition to the Windows registry can fix a stubborn problem to save you from having to reinstall an application or modifying an existing Windows registry key mitigates an emerging threat until Microsoft patches the vulnerability. There are several utilities and techniques to make registry changes. Windows Registry Editor (regedit) is one of the oldest tools, but Microsoft provides several more options, including the command-line utilities named reg and regini, <a href="https://www.techtarget.com/searchwindowsserver/tip/Top-PowerShell-commands-you-must-know-with-cheat-sheet">PowerShell cmdlets</a> and the Group Policy administrative tool.</p> <section class="section main-article-chapter" data-menu-title="What is the Windows registry?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is the Windows registry?</h2> <p>The registry is a database feature in the Windows desktop and server OSes used to configure and organize settings on the Windows device for the users, installed software and hardware devices. The registry replaced the need to use configuration files in application folders. One benefit to the registry is to reduce issues from faulty program updates that corrupted configuration files.</p> <p>The registry in the latest versions of Windows has a default of five predefined keys:</p> <ol class="default-list"> <li><b>HKEY_CLASSES_ROOT (HKCR).</b> This root key tells Windows what application to use when you want to open a certain file type.</li> <li><b>HKEY_CURRENT_USER (HKCU).</b> This root key holds data related to the user currently using the machine, including the user's folders and screen colors.</li> <li><b>HKEY_LOCAL_MACHINE (HKLM).</b> Data in this root key relates to configuration information for the computer or any user.</li> <li><b>HKEY_USERS (HKU).</b> This root key holds all the actively loaded profiles for users on the machine.</li> <li><b>HKEY_CURRENT_CONFIG (HKCC).</b> This root key holds hardware profile information the machine calls during system startup.</li> </ol> <p>Below each key can be multiple subkeys and values. Not every application requires a subkey.</p> <p>Often, Microsoft directs administrators to mitigate a pressing security issue in Windows by modifying subkeys in the registry by adding new registry values -- also called <i>data entries</i> -- or modifying existing ones.</p> <p>One common Windows registry edit is changing the file association for a certain file type so it opens with a specific application. For example, if you want .html files to open with Google Chrome rather than Microsoft Edge, you can adjust those settings in the file extension area of the Windows registry.</p> </section> <section class="section main-article-chapter" data-menu-title="Regedit.exe uses"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Regedit.exe uses</h2> <p>Regedit is the GUI-based tool built into Windows for editing the Windows registry. To start, type <b>regedit </b>in the Windows search box on the taskbar.</p> <p>Regedit gives a visual representation of the Windows registry, using a dual-pane layout with the root keys and subkeys in the left pane and the values for the selected key or subkey in the right pane. You can import or export registry subkeys and values from the <b>File</b> menu. From the <b>Edit</b> menu, you can create a new entry in the registry, check the permissions for the selection, delete or rename the selection, or copy the key name. You can also run a search from this menu.</p> <p>Right-clicking in the different sections lets you add a new key, modify an existing one or delete a key.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/072021_regedit_1.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/072021_regedit_1_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/072021_regedit_1_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/072021_regedit_1.jpg 1280w" alt="regedit layout" height="314" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>The regedit registry editor is a GUI-based tool that displays the hierarchical layout of the Windows registry. It also includes several command-line options. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Due to its importance to the Windows OS, you should export a <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-and-when-to-perform-a-Windows-Registry-cleanup">backup of the registry</a> in case you need to recover from a problem. Use the export function in the regedit <b>File</b> menu to make a backup of the entire registry or just the section you plan to edit. This creates a .reg file. If a problem occurs, you can double-click on that .reg file to restore the original settings.</p> <p>Microsoft released its first 64-bit Windows Server version with <a href="https://www.techtarget.com/searchwindowsserver/feature/Server-2008-R2-end-of-life-hitting-home-for-many-in-IT">Server 2008</a> and its first Windows client 64-bit version with Windows 8. The default version of regedit in the latest versions of Windows can open both 64-bit and 32-bit registry keys for backward compatibility.</p> </section> <section class="section main-article-chapter" data-menu-title="Regedit command-line parameters and syntax"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Regedit command-line parameters and syntax</h2> <p>You can use regedit with either hotkeys or a mouse, but the utility has several command-line switches for basic registry work.</p> <table class="main-article-table"> <tbody> <tr> <td>regedit</td> <td><span style="font-family: courier new, courier, monospace;">filename.reg</span></td> <td>Imports a registry file into the Windows registry.</td> </tr> <tr> <td>regedit</td> <td><span style="font-family: courier new, courier, monospace;">/c filename.reg</span></td> <td>Creates a new registry file and replaces existing entries in the Windows registry.</td> </tr> <tr> <td>regedit</td> <td><span style="font-family: courier new, courier, monospace;">/d registry-subkey</span></td> <td>Removes a subkey from the registry, such as <span style="font-family: courier new, courier, monospace;">regedit /d HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default</span>.</td> </tr> <tr> <td>regedit</td> <td><span style="font-family: courier new, courier, monospace;">/e</span></td> <td>Exports the entire registry to a file. You can modify this command to add a file name and specific location on the drive, such as <span style="font-family: courier new, courier, monospace;">regedit /e c:\AllRegistryEntries.reg</span>. You can export a specific key with the following example command: <span style="font-family: courier new, courier, monospace;">regedit /e keybackup.reg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge</span>.</td> </tr> <tr> <td>regedit</td> <td><span style="font-family: courier new, courier, monospace;">/l: system </span></td> <td>Specify the location of the <b>SYSTEM.DAT</b> file used in legacy Windows OSes and typically stored in the <b>C:\Windows</b> folder. This file stores the data kept in the <b>HKEY_LOCAL_MACHINE</b> key in the registry.</td> </tr> <tr> <td>regedit</td> <td><span style="font-family: courier new, courier, monospace;">/r:user</span></td> <td>Specify the location of the <b>NTUSER.DAT </b>file to use. This is the backup of the <b>HKEY_USERS </b>key in the registry. The file is typically found in the <b>C:\Users\username</b> folder.</td> </tr> <tr> <td>regedit</td> <td><span style="font-family: courier new, courier, monospace;">/m</span></td> <td>Opens an additional regedit instance, which can be helpful when troubleshooting to compare registry entries.</td> </tr> <tr> <td>regedit</td> <td><span style="font-family: courier new, courier, monospace;">/s</span></td> <td>Uses silent mode. It performs an action without stopping for confirmation with dialog box.</td> </tr> </tbody> </table> </section> <section class="section main-article-chapter" data-menu-title="How to edit the Windows registry using the command line"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to edit the Windows registry using the command line</h2> <p>While regedit can be used on the command line, it is not optimal for granular administrative work. To make repeatable changes to the registry in multiple machines with <a href="https://www.techtarget.com/searchitoperations/tip/These-IT-automation-scripts-take-little-effort-and-save-a-lot-of-work">automation</a>, it's worth looking into switching from regedit to reg, a <a href="https://www.techtarget.com/searchwindowsserver/tip/What-admins-should-know-about-Microsoft-Windows-Terminal">command line-based tool</a> included with Windows.</p> <p>The reg utility offers more expansive functionality to edit subkeys and their values from the command line. Reg is more flexible and works well for a range of administrative scenarios, such as using <a href="https://www.techtarget.com/searchwindowsserver/definition/batch-file">batch files</a> to correct common issues in client machines and managing the registry on a remote machine.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/072021_regedit_2.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/072021_regedit_2_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/072021_regedit_2_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/072021_regedit_2.jpg 1280w" alt="reg add parameter" height="312" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>The reg command has 11 parameters, each with its own set of flags that provide additional functionality. The screenshot shows the Help menu for the reg add parameter, which includes its flags and examples of how to use the parameter. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>To use reg, type <b>cmd</b> from the Windows run or search box to open the command prompt.</p> <p>To show all the parameters for the reg command, enter <span style="font-family: courier new, courier, monospace;">reg /?</span> from the command prompt. Typing <span style="font-family: courier new, courier, monospace;">reg <parameter> /?</span> shows the switches available for the parameter and examples of how to use them.</p> <table class="main-article-table"> <thead> <tr> <td>Parameter</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><span style="font-family: courier new, courier, monospace;">reg add</span></td> <td>Inserts a new subkey or entry to the registry. The following example shows how to add a key to remote Windows system named <b>RemotePC</b>: <span style="font-family: courier new, courier, monospace;">reg add \\RemotePC \HKLM\Software\Test</span>.</td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg compare</span></td> <td> <p>Runs a comparison of specified registry subkeys or entries. The following example compares all values under the named keys: <span style="font-family: courier new, courier, monospace;">reg compare HKLM\Software\Test\MyApp HKLM\Software\Test\SaveMyApp</span>. If the results are identical, reg returns a 0 code. If the results are different, reg returns a code of 2. If the operation failed, reg displays a code of 1.</p> </td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg copy</span></td> <td> <p>Copies a registry entry to a specified location on the local or remote computer. Here is an example of its use: <span style="font-family: courier new, courier, monospace;">reg copy \\RemotePC\HKLM\Software\TestKey HKLM\Software\TestKey</span>. The command copies the <b>TestKey</b> values in the registry from the remote machine named <b>RemotePC</b> to the current machine.</p> </td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg delete</span></td> <td>Removes a subkey or entries from the registry. Here is an example of its use: <span style="font-family: courier new, courier, monospace;">reg delete HKLM\Software\FakeName\TestApp\Settings</span>. This command deletes the <b>Settings</b> registry key, as well as any subkeys and settings.</td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg export</span></td> <td>Exports named subkeys, entries and values of the local computer into a file. Here is an example of its use: <span style="font-family: courier new, courier, monospace;">reg export HKLM\Software\FakeName\TestApp BackupFile.reg</span>. The command makes a copy of the <b>TestApp</b> key and its subkeys and values in a file name <b>BackupFile.reg</b>.</td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg import</span></td> <td>Copies the contents of a file that contains exported registry subkeys, entries and values into the registry of the local computer. Here is an example of its use: <span style="font-family: courier new, courier, monospace;">reg import BackupFile.reg</span>. The command adds <b>BackupFile.reg</b> registry entries to the machine.</td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg load</span></td> <td>Writes saved subkeys and entries into a different subkey in the registry. Here is an example of its use: <span style="font-family: courier new, courier, monospace;">reg load HKLM\Test TestHive.hiv</span>. This command loads the <b>TestHive.hiv</b> file into the <b>HKLM\Test</b> key.</td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg query</span></td> <td>Returns a list of the next tier of subkeys and entries that are located under a specified subkey in the registry. Here is an example of its use: <span style="font-family: courier new, courier, monospace;">reg query HKLM\Software > C:\regoutput.txt</span>. This command outputs the subkeys of <b>HKLM\Software</b> into a file named <b>regoutput.txt</b> in the <strong>C:\</strong> folder.</td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg restore</span></td> <td>Imports subkeys and entries from a file into the registry. Here is an example of its use: <span style="font-family: courier new, courier, monospace;">reg restore HKLM\Software\Microsoft\Test RegBackup.hiv</span>. This command <a target="_blank" href="https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users" rel="noopener">restores the contents</a> of the <b>RegBackup.hiv</b> file into the <b>Test </b>key.</td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg save</span></td> <td>Exports specified registry subkeys, entries and values into a named file. Here is an example of its use: <span style="font-family: courier new, courier, monospace;">reg save HKLM\Software\Test\AppTest BackupFile.hiv</span>. The command saves the <b>AppTest</b> hive to the <b>BackupFile.hiv</b> file.</td> </tr> <tr> <td><span style="font-family: courier new, courier, monospace;">reg unload</span></td> <td>Removes the registry section loaded by the <span style="font-family: courier new, courier, monospace;">reg load</span> operation. Here is an example of its use: <span style="font-family: courier new, courier, monospace;">reg unload HKLM\TestHive</span>. The command unloads <b>HKLM\TestHive</b> from the registry.</td> </tr> </tbody> </table> <p><b>Editor's note:</b> <i>This article was revised in 2024 by TechTarget editors to improve the reader experience.</i></p> </section> This tutorial explains how to use the regedit tool on the command line and make changes to the Windows registry for advanced administrative jobs. https://cdn.ttgtmedia.com/rms/onlineimages/container_g1074391400.jpg https://www.techtarget.com/searchwindowsserver/tip/Command-line-options-for-Regeditexe Mon, 05 Aug 2024 09:00:00 GMT Learn to use Windows registry editor command-line options <p>Microsoft addressed 142 flaws in a busy July Patch Tuesday, including two zero-day vulnerabilities that are under active exploitation.</p> <p>The <a href="https://www.techtarget.com/searchsecurity/definition/zero-day-vulnerability">zero-day vulnerabilities</a> include CVE-2024-38080, a privilege escalation flaw in Microsoft's Hyper-V virtualization software that affects Windows 11 and Windows Server 2022. The vulnerability received a 7.8 <a href="https://www.techtarget.com/searchsecurity/definition/CVSS-Common-Vulnerability-Scoring-System">CVSS</a> score and was rated as important. Microsoft's advisory for CVE-2024-38080 said exploitation has been detected, though the scope of activity is unclear. The advisory also said the flaw was reported to Microsoft by an anonymous individual.</p> <p>The second zero-day bug patched was CVE-2024-38112, a spoofing vulnerability in the Windows MSHTML platform. The flaw received a 7.5 CVSS score and was also rated important. Exploitation of the flaw enables an attacker to send malicious files through the network, though Microsoft noted in <a target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38112" rel="noopener">the advisory</a> that it requires "additional actions prior to exploitation to prepare the target environment."</p> <p>"Attackers can remotely exploit this flaw if they're somewhere on your network already, which is not a hard thing to do," Chris Goettl, vice president of security product management at Ivanti, told TechTarget Editorial. "This affects all Windows OS versions, even as far back as Windows Server 2008."</p> <p>Microsoft credited Haifei Li of Check Point Software Technologies with discovering and reporting CVE-2024-38112. In a post on X, formerly Twitter, Li <a target="_blank" href="https://x.com/HaifeiLi/status/1810743597127582135" rel="noopener">expressed frustration</a> with Microsoft, saying the software giant disclosed and patched the flaw earlier than expected and without notifying Check Point of the schedule change.</p> <section class="section main-article-chapter" data-menu-title="Additional vulnerabilities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Additional vulnerabilities</h2> <p>Microsoft also patched two other vulnerabilities it categorized as zero-days because the flaws were made public -- though not exploited in the wild -- before their official disclosure in this month's Patch Tuesday.</p> <p>The first was CVE-2024-35264, a <a href="https://www.techtarget.com/searchwindowsserver/definition/remote-code-execution-RCE">remote code execution</a> vulnerability affecting .NET version 8.0 and Visual Studio 2022. The RCE flaw received an 8.1 CVSS score and was rated as important. Microsoft's advisory said successful exploitation of the flaw requires the attacker to win a race condition. The company did not say who first publicized CVE-2024-35264 or where it was made public. However, Microsoft employee Radek Zikmund was credited with discovering the flaw.</p> <p>The second disclosed zero-day vulnerability was CVE-2024-37985, an information disclosure flaw in Windows 11 versions for Arm64-based systems; it was given a 5.9 CVSS score and also rated as important. According to Microsoft, an attacker could exploit the vulnerability to view heap memory from privileged processes on a targeted server.</p> <p>The attack complexity for CVE-2024-37985 is considered high, and exploitation is "less likely," according to <a target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-37985" rel="noopener">Microsoft's advisory</a>. However, Goettl said organizations should prioritize the vulnerability.</p> <p>"A privileged process is one that's going to have a lot more sensitive information," Goettl said. "Chances of exploitation are lower, but because it's been disclosed, it gives threat actors a bit more of an idea of where to look for this [flaw]. The risk is higher than, say, even some critical flaws that don't have a disclosure related to them."</p> <p>In addition to the two disclosure-related zero-days, Microsoft patched CVE-2024-38060, an RCE flaw affecting the Windows Imaging Component, which is a framework for processing images. The vulnerability received an 8.8 CVSS score and was rated critical. An attacker could exploit the flaw by uploading a malicious TIFF file to a targeted server.</p> <p>The massive Patch Tuesday included 38 RCE vulnerabilities in SQL Server alone. Goettl said 142 vulnerabilities is definitely "on the high side," but users shouldn't be alarmed.</p> <p>"When this much volume comes out, you typically want to hit the big ones quickly," he said. "With the OS and SQL Server updates this month, you take two huge chunks out of that 142."</p> <p><em>Rob Wright is a longtime reporter and senior news director for TechTarget Editorial's security team. He drives breaking infosec news and trends coverage. Have a tip? <a target="_blank" href="mailto:rwright@techtarget.com?subject=News%20tip" rel="noopener">Email him</a>.</em></p> </section> Microsoft disclosed and patched a whopping 142 vulnerabilities in a busy Patch Tuesday that included two zero-day flaws under active exploitation in the wild. https://cdn.ttgtmedia.com/rms/onlineimages/ransom_g1264284948_01.jpg https://www.techtarget.com/searchsecurity/news/366593052/Microsoft-fixes-2-zero-days-in-massive-July-Patch-Tuesday Tue, 09 Jul 2024 18:22:00 GMT Microsoft fixes 2 zero-days in massive July Patch Tuesday <section class="section main-article-chapter" data-menu-title="What is Windows Server Update Services (WSUS)?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is Windows Server Update Services (WSUS)?</h2> <p>Windows Server Update Services (WSUS) is a Windows server role that can plan, manage and deploy updates, service packs, <a href="https://www.techtarget.com/searchenterprisedesktop/definition/patch">patches</a> and hotfixes for Windows servers, client operating systems (<a href="https://www.techtarget.com/whatis/definition/operating-system-OS">OSes</a>) and other Microsoft software. It lets system administrators control when and how systems install updates and provides a central point for clients to get updates. It's designed for <a href="https://www.techtarget.com/whatis/definition/SMB-small-and-medium-sized-business-or-small-and-midsized-business">small and medium-sized business</a> use. There's typically no additional cost to add WSUS to a Windows network.</p> <p>Installed on <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-OS-operating-system">Microsoft Windows Server</a>, WSUS is a simple tool system administrators use to manage Microsoft Windows updates. It's available for various versions of Windows Server and client OSes, such as Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, 2016, 2019 and Windows Server 2022. All supported Microsoft client OSes can use WSUS, including Windows 8.1, 10 and 11.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/vIDG-O_17qA?si=A_OxshsHqTsvCIss?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Practical applications and benefits of WSUS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Practical applications and benefits of WSUS</h2> <p>WSUS lets an organization control when and how its Windows devices receive OS updates and patches. Practical applications and benefits of WSUS include the following:</p> <ul class="default-list"> <li><b>Automated updates.</b> WSUS enables automatic updates within specific parameters. Without WSUS, clients install updates as soon as they're available from Microsoft. This can cause clients to be at different patch levels, or to install patches that break <a href="https://www.techtarget.com/searchapparchitecture/definition/software">software</a> or install during the middle of the workday, causing employee downtime.</li> <li><b>Testing and approval.</b> Using WSUS gives system administrators time to test that the updates work with their <a href="https://www.techtarget.com/searchnetworking/definition/network">network</a> and don't introduce compatibility issues. It also lets them install the updates during a maintenance timeframe so that production work isn't affected. For example, an organization would want to avoid installing updates to the accounting department during tax preparation.</li> <li><b>Reporting and monitoring.</b> WSUS provides reporting about Windows updates in an organization. System administrators can use this information to verify that all clients are installing security updates correctly and have the same updates applied. This ensures that the systems <a href="https://www.techtarget.com/searchsecurity/tip/5-enterprise-patch-management-best-practices">have the correct security patches</a>, reducing overall network vulnerability.</li> <li><b>Centralized update management.</b> Without WSUS, all clients go directly to Microsoft servers to download updates. In networks with many clients or with poor <a href="https://www.techtarget.com/searchnetworking/definition/bandwidth">bandwidth</a>, this could cause excessive internet use and affect productivity. With WSUS acting as a central point, the <a href="https://www.techtarget.com/searchnetworking/definition/client-server">server</a> downloads only one copy of the update from Microsoft and all clients can get the update from there. This approach makes better use of high-speed LAN connections and reduces overall internet usage. WSUS supports multiple languages and can selectively make the information for these languages available.</li> <li><b>Custom updates.</b> WSUS enables administrators to organize updates into custom categories based on criteria such as importance, type or product.</li> <li><b>Bandwidth conservation.</b> By downloading updates once to the WSUS server and then distributing them internally, for example, through a downstream server, organizations can <a href="https://www.techtarget.com/searchnetworking/feature/Top-ten-ways-to-optimize-network-performance">conserve internet bandwidth</a>. This is particularly useful for large organizations with many computers, where downloading updates individually could strain network resources.</li> <li><b>Compliance and security.</b> WSUS helps organizations maintain compliance with security standards and regulations by ensuring that all systems are up to date with the latest security patches and fixes. This is crucial for protecting sensitive data and mitigating security risks.</li> </ul> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/security-patch_management_software.jpg"> <img data-src="https://www.techtarget.com/rms/onlineImages/security-patch_management_software_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/security-patch_management_software_mobile.jpg 960w,https://www.techtarget.com/rms/onlineImages/security-patch_management_software.jpg 1280w" alt="Chart showing patch management software cost-benefit analysis." height="336" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>WSUS lets system administrators control and manage every facet of updating, patching and hotfixing Microsoft OS and software products. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="WSUS database requirements"> <h2 class="section-title"><i class="icon" data-icon="1"></i>WSUS database requirements</h2> <p>When planning to deploy WSUS, organizations should consider their hardware and database requirements, which are driven by the number of client computers being updated within the organization.</p> <p>The various database requirements for a WSUS deployment include the following:</p> <ul class="default-list"> <li><b>Database software requirements.</b> <a href="https://www.techtarget.com/searchdatamanagement/definition/SQL-Server">Microsoft SQL Server</a> Express 2008 R2 has a database size constraint of 10 GB, which should typically meet the needs of WSUS. However, opting for this database instead of Windows Internal Database (WID) doesn't offer any significant benefits. A WID database has a minimum <a href="https://www.techtarget.com/searchstorage/definition/RAM-random-access-memory">RAM</a> requirement of 2 GB beyond the standard Windows Server system requirements.</li> <li><b>Database size and content.</b> Updates consist of metadata that details the update's description and the files required to install the update. Update metadata is typically much smaller than the actual update and is stored in the WSUS database. However, the update files are stored on a local WSUS server or a Microsoft Update Web server.</li> <li><b>Minimum hardware requirements.</b> Microsoft recommends a minimum of 2 GB of RAM and 40 GB of storage space for the WSUS server. However, enterprises commonly use a minimum of 64 GB of RAM and more than 1 TB of WSUS content.</li> <li><b>Additional hardware requirements.</b> For WSUS, an extra 2 GB of RAM beyond the server's standard requirements and those of all other services or software is necessary. It's recommended to use a separate server, or a <a href="https://www.techtarget.com/searchitoperations/definition/virtual-machine-VM">virtual machine</a> dedicated to WSUS, along with an SQL or SQL Express instance for the database.<span style="display: none;">Top of Form</span></li> </ul> </section> <section class="section main-article-chapter" data-menu-title="WSUS license and OS requirements"> <h2 class="section-title"><i class="icon" data-icon="1"></i>WSUS license and OS requirements</h2> <p>WSUS doesn't require an additional license for the server. Clients connecting to WSUS only require a Windows Server Client Access License (<a href="https://www.techtarget.com/searchwindowsserver/definition/Windows-Server-Client-Access-License-CAL">CAL</a>). Because most organizations already purchase Windows Server and CALs, WSUS is typically no additional cost to them.</p> <p>WSUS only supports Microsoft products, such as Windows and Microsoft Office updates. It doesn't allow admins to install new software or update other products, such as Google Chrome. It also doesn't support other OSes, such as <a href="https://www.techtarget.com/whatis/definition/Mac-OS">macOS</a> or <a href="https://www.techtarget.com/searchdatacenter/definition/Linux-operating-system">Linux</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="How to use WSUS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to use WSUS</h2> <p>The following outlines the step-by-step process of how to use and configure WSUS:</p> <h3>Step 1: Installing WSUS</h3> <p>WSUS is installed on an upstream server as a server role using Microsoft Windows Server Manager. This server provides features to manage and distribute updates through a management console.</p> <p>Once the role is activated, it's available for use. It has a few prerequisites, including .NET, Microsoft Report Viewer, <a href="https://www.techtarget.com/searchwindowsserver/definition/IIS">Internet Information Services</a>, and a database such as Windows Internal Database or SQL. All these prerequisites are freely available on Windows Server.</p> <p>Depending on the size of the network, WSUS can be a single server or many servers working together. WSUS servers can get updated content and configurations from each other. This permits extremely large networks and different office locations to each have their own server. Organizations can also use WSUS disconnected from the internet. This way, high-security networks can receive regular patches without exposing the network to the internet.</p> <h3>Step 2: Client configuration</h3> <p>Just deploying a WSUS server to a network isn't enough; clients must be configured to connect to it instead of to Microsoft update. System admins often configure the client using <a href="https://www.techtarget.com/searchwindowsserver/definition/Group-Policy">Group Policy</a>, but could also set it up through Microsoft System Center Configuration Manager (<a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-System-Center-Configuration-Manager-2012">SCCM</a>), mobile device management or manually with registry keys. The settings can be configured via <a href="https://www.techtarget.com/searchwindowsserver/definition/Group-Policy-Object">Group Policy Objects</a> if <a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory">Active Directory</a> is being used.</p> <p>Admins can set how clients install updates, if they reboot after installation and notify users of the updates.</p> <h3>Step 3: Managing updates</h3> <p>The Windows Update Agent performs the actions on the client to install updates. It connects to the WSUS server and scans for needed updates and then downloads and installs them. The download uses <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Background-Intelligent-Transfer-Service-BITS">Microsoft Windows Background Intelligent Transfer Service</a> to optimize bandwidth use.</p> <p>WSUS requires a few network <a href="https://www.techtarget.com/searchnetworking/definition/port">ports</a> to be open for operation. The server must be able to communicate out to the internet Windows update servers on ports 80 and 443 to receive the update packages. Clients connect to the WSUS server on ports 8530 and 8531 by default, though these can be changed.</p> <h3>Step 4: Testing and approving updates</h3> <p>After synchronization, admins should review the available updates in the WSUS console. They can approve updates for deployment to specific computer groups or all computers within the organization. It's recommended to test updates on a subset of machines before approving them for widespread deployment.</p> <h3>Step 5: Automating tasks</h3> <p>The WSUS Administration Console helps automate approvals using rules and admins can specify rules based on when a particular update becomes available, which products have updates available or when an update should be approved.</p> <p>Windows <a href="https://www.techtarget.com/searchwindowsserver/definition/PowerShell">PowerShell</a> scripting can also be used to automate tasks such as approvals, cleanups, synchronization and update installation scheduling.</p> <h3>Step 6: Monitoring and reporting</h3> <p>Admins should use the WSUS console to monitor the update status of client machines, track failed installations and generate reports on updated compliance and deployment progress.</p> <h3>Step 7: Regular maintenance</h3> <p>Admins should regularly review and install the updates as they become available. Additionally, they should monitor the WSUS server performance and disk space usage. Regular database maintenance tasks should also be conducted to maintain optimal performance.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/editorial/sSQL_tip_WSUS_server_figA.png"> <img data-src="https://www.techtarget.com/rms/editorial/sSQL_tip_WSUS_server_figA_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/editorial/sSQL_tip_WSUS_server_figA_half_column_mobile.png 960w,https://www.techtarget.com/rms/editorial/sSQL_tip_WSUS_server_figA.png 1280w" alt="PowerShell screenshot."> <figcaption> <i class="icon pictures" data-icon="z"></i>System administrators can install the WSUS management console using PowerShell. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Can WSUS update third-party software?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Can WSUS update third-party software?</h2> <p>WSUS can update third-party software. Through a procedure called local publishing, system admins can increase the usage of WSUS patching mechanisms to deliver fixes for third-party programs such as <a href="https://www.theserverside.com/definition/Java">Java</a> and Adobe Reader. This process involves using auxiliary management tools to publish update packages containing the binaries and their respective certificates to the WSUS server. Administrators can also use these technologies to push locally generated and tested software and custom upgrades to client computers.</p> <p>Additionally, third-party software updates can be enabled using the Configuration Manager console and third-party update signing certificates can be automatically managed via WSUS.</p> <p>It's important to understand that WSUS doesn't natively support third-party patch management, since Microsoft created it to distribute patches for Microsoft products. However, there are numerous benefits to using WSUS instead of <a href="https://www.techtarget.com/searchwindowsserver/feature/5-WSUS-alternatives-for-patch-management">alternative WSUS techniques for patch management</a> when deploying third-party software and updates. For example, WSUS can distribute drivers and command-line executables natively without requiring users to have administrator capabilities.</p> </section> <section class="section main-article-chapter" data-menu-title="WSUS and System Center Configuration Manager"> <h2 class="section-title"><i class="icon" data-icon="1"></i>WSUS and System Center Configuration Manager</h2> <p>WSUS and SCCM are both Microsoft tools used for managing updates within an organization, but they serve different purposes and have the following distinguishing features:</p> <h3>WSUS</h3> <ul class="default-list"> <li>WSUS only manages updates and patches. It's specifically focused on managing and distributing updates for Microsoft products, primarily Windows OSes and Microsoft software.</li> <li>It provides a centralized platform for downloading, approving and deploying updates to Windows machines within an organization.</li> <li>WSUS is simpler to deploy and manage compared to SCCM. It's primarily focused on update management and is often used in conjunction with Group Policy for client configuration.</li> <li>WSUS is suitable for organizations mainly concerned with managing Windows updates without the need for advanced systems management capabilities.</li> <li>WSUS lacks the advanced features of SCCM. It provides basic reporting and monitoring capabilities but doesn't offer the same level of automation, customization and integration with other systems management functions.</li> <li>WSUS is available free of charge and is included as a feature in Windows Server OSes. There are no additional licensing costs associated with using WSUS.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="SCCM"> <h2 class="section-title"><i class="icon" data-icon="1"></i>SCCM</h2> <ul class="default-list"> <li>SCCM can perform any role that WSUS does and much more. For example, it enables updates, patches, software installation, administration, configuration, endpoint protection and inventory management across a wide range of devices including laptops, desktops, servers and mobile devices.</li> <li>SCCM gives users enhanced control over patch deployment, report generation and management of Windows machines on their network.</li> <li>SCCM is a more complex and feature-rich tool compared to WSUS. It requires more planning, configuration and ongoing maintenance to deploy effectively. However, SCCM offers greater flexibility and scalability for managing diverse environments and complex deployments.</li> <li>SCCM offers a wide range of features beyond update management, including software distribution, patch management, compliance monitoring, endpoint protection, remote control and reporting.</li> <li>SCCM is part of the Microsoft System Center suite and is a paid product. It's available through various licensing options, including standalone licensing or as part of Microsoft 365 subscriptions. The cost of SCCM depends on the licensing model and the number of managed devices.</li> <li>SCCM relies on WSUS to check for and apply patches and it can be used to manage the WSUS server through the SCCM console.</li> </ul> <div class="youtube-iframe-container"> <iframe id="ytplayer-1" src="https://www.youtube.com/embed/1iWD31hOrHQ?si=RmD7Tn-hHb6WoucC?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Windows Server Update Services and Windows Update for Business"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Windows Server Update Services and Windows Update for Business</h2> <p>Windows Update for Business (<a target="_blank" href="https://learn.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb" rel="noopener">WUfB</a>) is a free and modern update system from Microsoft. In WUfB, the organization sets when and how clients apply updates, but the clients connect to Microsoft servers or use peer distribution to download updated content. This is different than in WSUS where clients connect to servers that the organization manages.</p> <p><a href="https://www.techtarget.com/searchwindowsserver/tip/WUfB-vs-WSUS-Which-handles-Windows-updates-better">WUfB is easier to set up and manage than WSUS</a> and provides benefits to remote workers, but it doesn't offer as much control of updates nor as much bandwidth savings as WSUS.</p> <p>According to Microsoft, WUfB is available for the following versions of Windows 10 and Windows 11:</p> <ul class="default-list"> <li>Windows Pro, including Windows Pro for Workstations.</li> <li>Windows 10 Pro Education.</li> <li>Windows Enterprise, including Enterprise <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-LTSC-Long-Term-Servicing-Channel">LTSC</a> (Long-Term Servicing Channel), IoT Enterprise and IoT Enterprise LTSC.</li> </ul> <p><i>Numerous options exist for organizations looking for comprehensive patch options. Explore </i><a href="https://www.techtarget.com/searchenterprisedesktop/tip/12-best-patch-management-software-and-tools"><i>top </i><i>patch management </i><i>software tools</i></a><i> and find the right fit for your organizational needs.</i></p> </section> Windows Server Update Services (WSUS) is a Windows server role that can plan, manage and deploy updates, service packs, patches and hotfixes for Windows servers, client operating systems (OSes) and other Microsoft software. https://cdn.ttgtmedia.com/visuals/digdeeper/1.jpg https://www.techtarget.com/searchwindowsserver/definition/Windows-Server-Update-Services-WSUS Tue, 25 Jun 2024 12:30:00 GMT Windows Server Update Services (WSUS) <section class="section main-article-chapter" data-menu-title="What is Group Policy?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is Group Policy?</h2> <p>Group Policy is a management feature in Microsoft's Active Directory (<a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory">AD</a>) that enables network and system administrators to configure and assign user and computer settings in an AD environment. Group Policy provides a centralized, policy-based approach to <a href="https://www.techtarget.com/searchitoperations/definition/systems-management">system management</a> that can be applied at different AD container levels, such as <a href="https://www.techtarget.com/whatis/definition/domain">domains</a>, sites or organizational units (<a href="https://www.techtarget.com/searchwindowsserver/definition/organizational-unit-OU">OUs</a>).</p> <p>Group Policy is often viewed as a security tool, and certainly a large portion of the settings apply to user and computer security. However, Group Policy also offers a variety of other options. For example, administrators can configure settings related to <a href="https://www.techtarget.com/searchenterprisedesktop/definition/device-driver">driver</a> installation, folder redirection, <a href="https://www.techtarget.com/searchnetworking/tip/Common-types-of-enterprise-network-connections">network connections</a>, shared folders, logon scripts, printers and much more.</p> <p>Group Policy settings are specific to either users or computers. Computer settings are applied when a computer starts up, and user settings are applied when a user logs onto the system. Computer settings take precedence over user settings.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/mkanakos_gpo_backrestore_1.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/mkanakos_gpo_backrestore_1_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/mkanakos_gpo_backrestore_1_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/mkanakos_gpo_backrestore_1.jpg 1280w" alt="Group Policy Management Console screenshot"> <figcaption> <i class="icon pictures" data-icon="z"></i>Group Policy Management Console works in Active Directory's tree structure to add and modify Group Policy Objects. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>In Active Directory, Group Policy settings are organized into Group Policy Objects (<a href="https://www.techtarget.com/searchwindowsserver/definition/Group-Policy-Object">GPOs</a>) for administrative purposes. A GPO is a logical collection of settings that is assigned a unique name. Administrators often use the Group Policy Management Console (<a href="https://www.techtarget.com/searchwindowsserver/definition/Group-Policy-Management-Console">GPMC</a>) to manage and deploy Group Policy Objects throughout the AD environment. The GPMC is a Microsoft Management Console (MMC) snap-in that provides a graphical user interface for configuring GPOs.</p> <p>Administrators can also use <a href="https://www.techtarget.com/searchwindowsserver/definition/command-line-interface-CLI">command-line</a> tools, such as gpresult and gpupdate, when working with GPOs. In addition, many administrators now leverage Microsoft <a href="https://www.techtarget.com/searchwindowsserver/definition/PowerShell">PowerShell</a> to manage GPOs. PowerShell includes multiple Group Policy <a href="https://www.techtarget.com/whatis/definition/cmdlet">cmdlets</a> that enable administrators to create GPO-related scripts and automate management tasks, which can be especially beneficial for large-scale deployments.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/rtyXJC6RdpA?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Group Policy processing order"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Group Policy processing order</h2> <p>Group policy settings can be applied to different container levels within the AD hierarchy. For example, administrators can assign GPOs to domains, OUs, child OUs or any combination of these. The policy settings are inherited and accumulative. They affect all users and computers assigned to that container and the container's children.</p> <p>The policy settings are processed in a specific order, based on the container level on which they're applied. Active Directory processes the settings in the following order:</p> <ul class="default-list"> <li>Local policies.</li> <li>Site-specific policies.</li> <li>Domain-specific policies.</li> <li>OU-specific policies.</li> </ul> <p>This processing order is sometimes referred to as LSDOU: local, site, domain, organization unit. Local policies are always processed before domain policies. If there are any conflicts between settings, the last applied settings override the previous settings, which means that AD-based policy settings always take precedence over local policy settings. If an AD implementation includes <a href="https://www.techtarget.com/searchwindowsserver/tip/Active-Directory-nesting-groups-strategy-and-implementation">nested OUs</a>, the service first processes the parent OU, followed by the child OUs, with those closest to the root always applied first.</p> </section> <section class="section main-article-chapter" data-menu-title="Group Policy extensibility"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Group Policy extensibility</h2> <p>The native settings in Group Policy are specific to the Windows operating system. An administrator might, for instance, use them to enforce a minimum password length, hide the Windows Control Panel from users or force the installation of security <a href="https://www.techtarget.com/searchenterprisedesktop/definition/patch-management">patches</a>.</p> <p>However, Group Policy can be extended through the use of administrative templates. The templates enable administrators to configure Group Policy settings specific to certain types of applications. For example, administrative templates are available for Microsoft Office and <a href="https://www.techtarget.com/searchenterprisedesktop/definition/Microsoft-Office-365-suite">Microsoft Office 365 Suite</a> apps.</p> <p>Administrative templates consist of two file types: ADMX and ADML. An ADMX file is an Extensible Markup Language (<a href="https://www.techtarget.com/whatis/definition/XML-Extensible-Markup-Language">XML</a>) file that contains all of the Group Policy settings associated with the template. A corresponding ADML file acts as a language file that makes it possible to display the settings in a specific language.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h.png 1280w" alt="what are the services in Active Directory" height="304" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>The Group Policy management feature in Active Directory enables admins to assign user/computer settings. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Local vs. Active Directory Group Policy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Local vs. Active Directory Group Policy</h2> <p>In an Active Directory environment, much of the focus on Group Policy is often specific to how the settings are applied through Group Policy Objects. However, Group Policy settings can also be applied locally to a Windows computer and its users through the computer's operating system.</p> <p>Local Group Policy settings are machine-specific. They can be applied to either standalone computers or to computers managed by a domain controller. Administrators can configure local Group Policy settings directly on a Windows computer by using the <a href="https://www.techtarget.com/searchwindowsserver/definition/Local-Group-Policy-Editor">Local Group Policy Editor</a> MMC snap-in. They can also use the Group Policy Object Editor snap-in to manage the local settings on remote computers. In addition, administrators can take advantage of tools such as gpupdate to manage local Group Policy settings.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/wiloc_gped1-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/wiloc_gped1-f_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/wiloc_gped1-f_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/wiloc_gped1-f.jpg 1280w" alt="screen capture showing Local Group Policy Editor"> <figcaption> <i class="icon pictures" data-icon="z"></i>Screen capture showing Local Group Policy Editor Microsoft Management Console snap-in with Local Computer Group Policy Editor expanded. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>In contrast to local Group Policy settings, AD-based GPOs can be centrally configured and applied to multiple users and computers, but only if they're joined to the AD domain. Administrators often use the Group Policy Management Console when working with AD-based Group Policy settings, but they might use other tools as well.</p> <p>Many organizations use a combination of local and AD Group Policy objects when managing their computers and users. The local policy settings provide security when the user is not logged into a domain, while Active Directory GPOs are applied as soon as a connected computer starts up or the user logs into the network.</p> <p><em>Learn what techniques can be used to </em><a href="https://www.techtarget.com/searchwindowsserver/tip/Techniques-to-troubleshoot-Active-Directory-issues"><em>troubleshoot common issues</em></a><em> in Active Directory, and </em><a href="https://www.techtarget.com/searchwindowsserver/tip/Active-Directory-replication-troubleshooting-tips-and-tools"><em>tips on replication troubleshooting</em></a><em>.</em><i> See how to </i><a href="https://www.techtarget.com/searchwindowsserver/tip/Automate-Active-Directory-jobs-with-PowerShell-scripts"><i>automate Active Directory jobs with PowerShell scripts</i></a><i>. Check out </i><a href="https://www.techtarget.com/searchenterprisedesktop/tip/What-to-do-when-Group-Policy-shows-an-access-denied-message"><i>what to do when Group Policy shows an access denied message</i></a><i>.</i></p> </section> Group Policy is a management feature in Microsoft's Active Directory (AD) that enables network and system administrators to configure and assign user and computer settings in an AD environment. https://cdn.ttgtmedia.com/visuals/digdeeper/1.jpg https://www.techtarget.com/searchwindowsserver/definition/Group-Policy Tue, 18 Jun 2024 11:50:00 GMT Group Policy <section class="section main-article-chapter" data-menu-title="What is a Windows Server Client Access License (CAL)?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is a Windows Server Client Access License (CAL)?</h2> <p>A Windows Server Client Access License (CAL) is a <a href="https://www.techtarget.com/searchcio/definition/software-license">software license</a> that gives a user or device the right to access services, such as file and print sharing from a server running the <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-OS-operating-system">Windows Server</a> operating system (<a href="https://www.techtarget.com/whatis/definition/operating-system-OS">OS</a>).</p> <p>A Windows Server CAL allows client computers to legally connect to Microsoft Server. A popular misconception is that a CAL is a software product. Rather, it is a license that allows the users of an organization (that holds the license) to access the server's services.</p> <p>The CAL comes in the form of a Certificate of Authenticity (CoA) and a license key. The key may be attached to the CoA. All the different editions of Windows Server include a small number of CALs that allow a few users (or a few devices) to access the server software and services. If more connections to the server are needed, additional CALs must be purchased.</p> <p>CALs are available for all these Microsoft Server products:</p> <ul class="default-list"> <li>Windows Server (Core per CAL and Specialty Server).</li> <li>Microsoft <a href="https://www.techtarget.com/searchdatamanagement/definition/SQL-Server">SQL Server</a> (Server plus CAL and Per Core).</li> <li>Microsoft <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Exchange-Server">Exchange Server</a> (Server plus CAL).</li> <li>Microsoft <a href="https://www.techtarget.com/searchunifiedcommunications/news/252451428/Microsoft-releases-Skype-for-Business-2019-server">Skype for Business Server</a> (Server plus CAL).</li> <li>Microsoft <a href="https://www.techtarget.com/searchcontentmanagement/definition/Microsoft-SharePoint-2016">SharePoint Server</a> (Server plus CAL).</li> <li>Microsoft <a href="https://www.techtarget.com/whatis/definition/Microsoft-Project-Microsoft-Office-Project">Project Server</a> (Server plus CAL).</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Device-based and user-based CALs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Device-based and user-based CALs</h2> <p>Microsoft offers two types of CALs: device-based CALs (device CAL) and user-based CALs (user CAL).</p> <p>A user CAL must be purchased for every user who accesses the server to use its various services, regardless of how many devices they use to access those services. This is a common licensing arrangement and grants each user the right to access server services from several different devices. If company employees tend to use multiple devices, require roaming access to the corporate network or access the network from unknown devices, a user CAL is the right type of CAL to buy.</p> <p>A device CAL must be purchased for each device that accesses the server, regardless of how many users use that particular device. If devices are shared by several users, such as in a <a href="https://www.techtarget.com/searchcustomerexperience/definition/Call-Center">call center</a> where workers take shifts but use the same systems, it is advisable for companies to purchase device CALs.</p> <p>Organizations that want external users like partners, contractors or customers to access their Windows Server network, must acquire CALs for each of those users or acquire external connector licenses for each server that will be accessed by those outside users.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/windows_server-os_timeline.jpg"> <img data-src="https://www.techtarget.com/rms/onlineImages/windows_server-os_timeline_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/windows_server-os_timeline_mobile.jpg 960w,https://www.techtarget.com/rms/onlineImages/windows_server-os_timeline.jpg 1280w" alt="Timeline of Windows Server OS versions." height="258" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>A Windows Server CAL permits clients computers to legally connect to Windows Server. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Server license vs. Client Access License"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Server license vs. Client Access License</h2> <p>A server license grants the right to run the server software on a single server. A CAL is needed for any device or user wishing to access a server's services. Thus, the CAL is an additional license required on top of a server license.</p> <p>Not all Windows Server services require a CAL. Only users or devices that need to access Windows Server, Microsoft Exchange Server, SharePoint Server, SQL Server, Skype or Project Server require a CAL.</p> </section> <section class="section main-article-chapter" data-menu-title="Base CALs and Additive CALs for Windows Server"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Base CALs and Additive CALs for Windows Server</h2> <p>A Windows Server CAL may not be required at all. For example, a small business with up to 25 users and up to 50 devices can use Windows Server 2022 Essentials Edition without CALs. A server license is however required and the licensing model is called <em>specialty server</em>. Windows Server CALs are required for every user or device accessing the Datacenter and Standard editions of Windows Server 2022.</p> <p>With Windows Server, CALs are either Base CALs or Additive CALs. A Base CAL is required for each user or device that accesses licensed servers (on Windows Server). An Additive CAL is needed for each user or device that accesses advanced or additional functionality on the licensed server. For access to the advanced functionality, Additive CALs -- also known as premium or premium services CALs -- must be licensed in addition to the corresponding Base CALs.</p> <p>Thus, a Base CAL is needed for Windows Server per user and per device. An Additive CAL is needed for these products:</p> <ul class="default-list"> <li>Windows Server <a href="https://www.techtarget.com/searchvirtualdesktop/definition/Remote-Desktop-Services-RDS">Remote Desktop Services</a> -- per user or device.</li> <li>Windows Server <a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory">Active Directory</a> Rights Management Services -- per user or device.</li> </ul> <p>The above two Additive CALs are included in Windows Server and require a Windows Server CAL for their use.</p> <p>Four licensing options with Windows Server CALs, Additive CALs are also available with Exchange Server (Exchange Server Enterprise CAL), SharePoint Server (SharePoint Enterprise CAL) and Skype Server (Skype for Business Server Plus CAL).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/virt_desktop-microsoft_rds.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/virt_desktop-microsoft_rds_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/virt_desktop-microsoft_rds_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/virt_desktop-microsoft_rds.png 1280w" alt="Diagram showing how Microsoft Remote Desktop Services works." height="434" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>A Windows Server CAL is required for Microsoft Remote Desktop Services. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Core CAL Suite and Enterprise CAL Suite"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Core CAL Suite and Enterprise CAL Suite</h2> <p>A CAL Suite is a single license that provides usage rights to one user or device. It is equivalent to multiple licenses and cannot be split up among multiple users or devices. A Suite reduces the number of licenses required to access Microsoft servers and thus simplifies licensing and tracking.</p> <p>Microsoft provides two types of CAL Suites:</p> <ul class="default-list"> <li>Core CAL Suites.</li> <li>Enterprise CAL Suites.</li> </ul> <p>The Core CAL Suite is equivalent to Windows Server CAL, Exchange Server Standard CAL, SharePoint Server Standard CAL, Skype for Business Standard CAL, Microsoft Endpoint Configuration Manager Client Management License and System Center Endpoint Protection Client Management License.</p> <p>The Enterprise CAL Suite includes all of the components of the Core CAL Suite plus some additional components so organizations that purchase the Enterprise CAL Suite don't need to license the Core Suite as well. It is a distinct license that grants users specific usage rights to specific features of Microsoft SharePoint, Exchange and Skype for Business Server.</p> <p><em>Compare the </em><a href="https://www.techtarget.com/searchwindowsserver/tip/Compare-the-features-in-the-Windows-Server-2022-editions"><em>features in the Windows Server 2022 editions</em></a><em> and see how </em><a href="https://www.techtarget.com/searchwindowsserver/tip/Network-security-gets-a-boost-in-Windows-Server-2022"><em>network security gets a boost in Windows Server 2022</em></a><em>. Explore how to </em><a href="https://www.techtarget.com/searchwindowsserver/tip/How-to-use-Windows-Server-2022-secured-core-server-features"><em>use Windows Server 2022 secured-core server features</em></a><em> and check out this </em><a href="https://www.techtarget.com/searchwindowsserver/tip/Windows-Server-security-hardening-guide-for-admins"><em>Windows Server 2022 security hardening guide for admins</em></a><em>.</em></p> </section> A Windows Server Client Access License (CAL) is a license that gives a user or device the right to access services, such as printing or access to a file share, from a server running the Windows Server operating system (OS). https://cdn.ttgtmedia.com/visuals/digdeeper/2.jpg https://www.techtarget.com/searchwindowsserver/definition/Windows-Server-Client-Access-License-CAL Fri, 17 May 2024 16:25:00 GMT Windows Server Client Access License (CAL) <section class="section main-article-chapter" data-menu-title="What is Microsoft Remote Desktop Web Access (Microsoft RD Web Access)?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is Microsoft Remote Desktop Web Access (Microsoft RD Web Access)?</h2> <p>Microsoft Remote Desktop Web Access (Microsoft RD Web Access) is a <a href="https://www.techtarget.com/searchvirtualdesktop/definition/Remote-Desktop-Services-RDS">Remote Desktop Services</a> role in some versions of the <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-OS-operating-system">Windows Server</a> operating system (OS), including Windows Server 2008 R2, Windows Server 2012, <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-Server-2016">Windows Server 2016</a> and Windows Server 2019. It enables users to access RemoteApp and Desktop Connections on these OSes via a web <a href="https://www.techtarget.com/whatis/definition/browser">browser</a>.</p> <p>Microsoft RD Web Access was earlier known as Terminal Services Web Access (TS Web Access).</p> <p>To start a RemoteApp program, the user visits a website to access a list of available programs and then clicks on the required program's <a href="https://www.techtarget.com/whatis/definition/icon">icon</a>. This starts the TS session on the <a href="https://www.techtarget.com/searchvirtualdesktop/definition/terminal-server">terminal server</a> that hosts the program. The other option to access these services is through the computer's Start menu.</p> <p>RD Web Access includes RD Web Connection, which <a href="https://www.techtarget.com/whatis/feature/15-advantages-and-disadvantages-of-remote-work">enables users to connect remotely</a> to the desktop of any computer with RD Web Access. RD Web Access must be configured to specify the source that provides the virtual desktops and RemoteApp programs that are displayed to users. It can be configured using either a RemoteApp source or RD Connection Broker <a href="https://www.techtarget.com/whatis/definition/server">server</a>, which provides users access to virtual desktops hosted on RD Virtualization Host servers and RemoteApp programs hosted on <a href="https://www.techtarget.com/searchvirtualdesktop/definition/Remote-Desktop-Session-Host-RDSH">RD Session Host</a> servers.</p> </section> <section class="section main-article-chapter" data-menu-title="Deploying Microsoft RD Web Access"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Deploying Microsoft RD Web Access</h2> <p>The server where the RD Web Access role is installed acts as the <a href="https://www.techtarget.com/whatis/definition/Web-server">web server</a>. It does not have to be an RD Session Host server. The role works with minimal configuration. The default RD Web Access webpage includes a customizable frame plus a web part that can be incorporated into a customized webpage.</p> <p>The role service must be installed on the server that users connect to over the web to access RemoteApp programs. Once the role is installed, admins can specify the terminal server they want to populate the web part. All the RemoteApp programs on the specified terminal server that are configured to show in RD Web Access appear in the web part. The list can be populated from an external data source by the web server, which is why the RD Web Access server does not have to be a terminal server.</p> <p>When the RD Web Access role is installed, Microsoft Internet Information Services 7.0 is also installed. <a href="https://www.techtarget.com/searchwindowsserver/definition/IIS">IIS</a> is a Microsoft web server role that's <a href="https://www.techtarget.com/searchwindowsserver/video/How-to-install-and-test-Windows-Server-2019-IIS">included with all versions of Microsoft's OSes</a>. The web server in IIS 7.0 enables server customizations by adding or removing modules to meet the organization's or user's specific needs.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/lNldCGjqj1M?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p>Here's how the RD Web Access role service is installed on Windows Server:</p> <ul class="default-list"> <li>Open Server Manager (Start > Administrative Tools > Server Manager) on the computer where the role is to be installed.</li> <li>If the role is <i>not</i> already installed, click <b>Add Roles</b> under Roles Summary. Select the <b>Remote Desktop Services</b> checkbox on the Select Server Roles page, review the Remote Desktop Services page and select <b>Remote Desktop Web Access</b>.</li> <li>If the role <i>is</i> already installed, click <b>Remote Desktop Services</b> under Roles Summary, click <b>Add Role Services</b> under Role Services and select the <b>Remote Desktop Web Access</b> checkbox on the Select Role Services page.</li> <li>Review the information about the required role services.</li> <li>Click <b>Add Required Role Services</b>, and then click <b>Next</b>.</li> <li>Review the IIS page.</li> <li>Select the role services that are to be installed for IIS on the Select Role Services page.</li> <li>Click <b>Install</b> on the Confirm Installation Selections page.</li> <li>Confirm successful installation on the Installation Results page, and click <b>Close</b>.</li> </ul> <p>To provide users access to RemoteApp and Desktop Connections, RD Web Access must be configured to specify the source -- either <a href="https://www.techtarget.com/searchvirtualdesktop/definition/remote-desktop-connection-broker">RD Connection Broker</a> or RemoteApp source -- to provide the RemoteApp programs and virtual desktops displayed to users. To specify the source, a connection to the RD Web Access website is required using a local Administrator account on the RD Web Access server.</p> <p>The RD Connection Broker server can be configured with the <a href="https://www.techtarget.com/searchvirtualdesktop/definition/Remote-Desktop-Connection-Manager-RDCMan">Remote Desktop Connection Manager</a> tool. RemoteApp programs can be configured on a RemoteApp source -- an individual RD Session Host server -- with the RemoteApp Manager tool.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/virt_desktop-microsoft_rds.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/virt_desktop-microsoft_rds_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/virt_desktop-microsoft_rds_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/virt_desktop-microsoft_rds.png 1280w" alt="Diagram of how Microsoft Remote Desktop Services works" height="434" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>How Microsoft Remote Desktop Services works </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Microsoft RD Web Access: Role in publishing and updating the RD web client"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft RD Web Access: Role in publishing and updating the RD web client</h2> <p>Before setting up the RD web <a href="https://www.techtarget.com/searchenterprisedesktop/definition/client">client</a>, it's important to ensure that RD Web Access is running on Windows Server, e.g., Windows Server 2016 or <a href="https://www.techtarget.com/searchwindowsserver/tip/Optimize-Windows-Server-2019-with-file-server-best-practices">Windows Server 2019</a>. In addition, public trusted certificates must be configured for the RD Web Access role.</p> <p>The role is also required to publish and update the Remote Desktop web client.</p> <p>To publish the RD web client, users must obtain the certificate used for RD connections on the RD Connection Broker server, export it as a CER file and copy the file from RD Connection Broker to the server running the RD Web Access role. Next, an elevated <a href="https://www.techtarget.com/searchwindowsserver/definition/PowerShell">PowerShell</a> prompt must be opened on the RD Web Access server, followed by updating the PowerShellGet module. This is followed by installing the RD web client management <a href="https://www.techtarget.com/searchdatacenter/tip/4-PowerShell-modules-every-IT-pro-should-know">PowerShell module</a> from the PowerShell gallery, downloading the latest version of the RD web client and, finally, publishing the RD web client. The name of the server where the web client is accessed -- at the web client <a href="https://www.techtarget.com/searchnetworking/definition/URL">URL</a> -- must match the RD Web Access <a href="https://www.techtarget.com/searchsecurity/definition/public-key-certificate">public certificate</a> in the URL. This is typically the server fully qualified domain name (FQDN).</p> <p>The RD Web Access server enables installation of the RD web client without an internet connection. This can be done either by importing the RD web client management PowerShell module or by copying the downloaded RDWebClientManagement folder to a <a href="https://www.techtarget.com/searchwindowsserver/tip/Top-PowerShell-commands-you-must-know-with-cheat-sheet">local PowerShell</a> module folder listed under $env:psmodulePath.</p> <p>The RD web client can also be updated using the RD Web Access server and an elevated PowerShell prompt. Once the client is updated, it gets replaced for all users when they relaunch the web client webpage.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-1" src="https://www.youtube.com/embed/rtyXJC6RdpA?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="RD Web Access role and trusted certificates"> <h2 class="section-title"><i class="icon" data-icon="1"></i>RD Web Access role and trusted certificates</h2> <p>If a user gets a security warning in their web browser when trying to access the web client, it may mean that the RD Web Access role is not using a trusted certificate. This issue can be prevented by ensuring that the role is configured with a publicly trusted certificate. If this step doesn't work, there <a href="https://www.techtarget.com/searchwindowsserver/tip/Getting-a-handle-on-certificate-management-in-Windows-shops">may be a mismatch</a> between the server's name in the web client URL and the name provided by the RD Web Access certificate. This issue may be resolved by checking that the URL uses the FQDN of the server hosting the RD Web Access role.</p> <p>It's also important to <a href="https://media.techtarget.com/digitalguide/images/Misc/EA-Marketing/Eguides/How_to_Fix_8_Common_Remote_Desktop_Connection_Problems.pdf">check that the certificate</a> has not expired. It must be copied in CER format to the RD Web Access server. Without these precautions, a user may not be able to connect to a resource with the web client even if they can see the items under All Resources. They may also get an "unexpected server authentication certificate was received" error message when trying to connect to the web client.</p> <p><em>When the connection between a desktop and its host fails, it's time to do some remote desktop troubleshooting. See how to <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Top-5-remote-desktop-connectivity-problems-and-how-to-prevent-them">fix common remote desktop connection problems</a>. Also, compare the <a href="https://www.techtarget.com/searchwindowsserver/tip/Compare-the-features-in-the-Windows-Server-2022-editions">features in the Windows Server 2022 editions</a>, and learn how to <a href="https://www.techtarget.com/searchwindowsserver/answer/How-to-deploy-a-Windows-Server-2016-domain-controller">set up a Windows Server 2022 domain controller</a>.</em></p> </section> Microsoft Remote Desktop Web Access (Microsoft RD Web Access) is a Remote Desktop Services role in some versions of the Windows Server OS. https://cdn.ttgtmedia.com/visuals/digdeeper/3.jpg https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Remote-Desktop-Web-Access-Microsoft-RD-Web-Access Mon, 13 May 2024 09:00:00 GMT Microsoft Remote Desktop Web Access (Microsoft RD Web Access) <p>Admins have no zero-days or public disclosures to stress over this month, but organizations that work with Hyper-V or use Exchange Server will want to avoid delays with patch deployment.</p> <p>On March Patch Tuesday, Microsoft issued security updates to correct 60 new vulnerabilities and revised two Microsoft Visio flaws from August with updated information.</p> <section class="section main-article-chapter" data-menu-title="Microsoft virtualization platform hit with critical bugs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft virtualization platform hit with critical bugs</h2> <p>The only two critical vulnerabilities for March Patch Tuesday were both in Hyper-V, Microsoft's hypervisor.</p> <p>A Hyper-V remote code execution vulnerability (CVE-2024-21407) has a CVSS score of 8.1. The attacker needs to be authenticated on a guest VM to send a malicious file operation request to hardware resources to attempt remote code execution on the host. Microsoft gave this flaw an assessment of "exploitation less likely."</p> <p>The other critical flaw is CVE-2024-21408, a Hyper-V <a href="https://www.techtarget.com/searchsecurity/definition/denial-of-service">denial-of-service</a> vulnerability with a CVSS rating of 5.5. Microsoft assessed this CVE with "exploitation less likely." Microsoft did not release additional details in its vulnerability notes, but the attacker does not require user interaction and only needs basic privileges to disrupt the system, potentially causing a crash.</p> </section> <section class="section main-article-chapter" data-menu-title="Microsoft delivers fix and issues advisory for Exchange Server"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Microsoft delivers fix and issues advisory for Exchange Server</h2> <p>Microsoft released a security update for Exchange Server that corrects a remote code execution vulnerability (CVE-2024-26198) rated important with an 8.8 CVSS rating. The attacker needs to place a malicious file either in an online directory or on the local network, then convince a user to open the file to trigger the exploit.</p> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/onlineImages/goettl_chris.jpg" alt="Chris Goettl, vice president of product management for security products, Ivanti">Chris Goettl </div> <p>Chris Goettl, vice president of product management for security products at Ivanti, stressed that any patching delays only benefit threat actors who are in a race to develop tools and techniques to exploit vulnerabilities on unpatched systems, <a href="https://www.techtarget.com/searchsecurity/news/366562020/Fancy-Bear-hackers-still-exploiting-Microsoft-Exchange-flaw">particularly Exchange Server</a>. He cited two February Patch Tuesday vulnerabilities -- a Windows kernel elevation-of-privilege vulnerability (CVE-2024-21338) and an Exchange Server elevation-of-privilege vulnerability (CVE-2024-21410) -- that initially did not show as exploited, but were updated with exploitation flags within two weeks of publication.</p> <p>"Exchange is still targeted by sophisticated groups who know it extremely well. I've seen articles that count 97,000 Exchange Servers still out in the wild. When you have that big of an audience, then it's still worth it for these groups to go and poke at it," Goettl said.</p> <p>Microsoft also published an advisory for Exchange Server (<a target="_blank" href="https://msrc.microsoft.com/update-guide/advisory/ADV24199947" rel="noopener">ADV24199947</a>) to warn admins that applying the March security updates for Exchange Server will disable an Oracle library.</p> <p>Oracle's Outside In Technology (OIT), also called the OutsideInModule, is used to extract text from email attachments <a href="https://www.techtarget.com/searchsecurity/tip/12-Microsoft-Exchange-Server-security-best-practices">for security checks</a> in the Exchange Transport Rule and Data Loss Prevention features. Applying the security update will patch the OIT libraries to mitigate multiple vulnerabilities, then disable the OIT module and finally configure Exchange to use an alternative file scanner. While not recommended, admins can reenable the OIT module with a script included with the security update.</p> <p>This is the initial step in a three-part rollout. The second phase will replace the OutsideInModule with a Microsoft-based file scanner, and the last phase will remove the OIT module code. As of publication, Microsoft did not release a timeline for the upcoming stages.</p> </section> <section class="section main-article-chapter" data-menu-title="2 corrections delivered for Open Management Infrastructure"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2 corrections delivered for Open Management Infrastructure</h2> <p>Enterprises that use Microsoft's Azure cloud platform have two security updates in the Open Management Infrastructure (OMI) platform, an open source project designed for Linux and Unix management.</p> <p>An OMI remote code execution vulnerability (CVE-2024-21334) rated important has March Patch Tuesday's highest CVSS rating with 9.8. This bug also affects <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-System-Center-Operations-Manager-Microsoft-SCOM">System Center Operations Manager</a> (SCOM) 2019 and 2022 systems. SCOM uses OMI to collect logs and automate configuration for Linux VMs.</p> <p>"A remote unauthenticated attacker could access the OMI instance from the Internet and send specially crafted requests to trigger a use-after-free vulnerability," Microsoft wrote in the CVE notes.</p> <p>Admins need to update to OMI version 1.8.1-0 to mitigate the vulnerability, or they can disable OMI incoming ports on Linux VMs that do not require network listening.</p> <p>The other OMI flaw is an elevation-of-privilege vulnerability (CVE-2024-21330) rated important with a CVSS score of 7.8. An attacker who exploits the flaw can gain full administrative privileges to control the OMI server. This flaw affects a wide range of Microsoft products listed in the <a target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330" rel="noopener">CVE notes</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="Next step to mitigate Secure Boot vulnerability coming in April"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Next step to mitigate Secure Boot vulnerability coming in April</h2> <p>In addition to their usual patching duties, admins will have to pay close attention to prevent issues during another staged rollout, this time to protect the boot state of Windows systems. Over the next several months, all bootable media will require an update, otherwise Windows systems will not start with outdated recovery media.</p> <p>A Microsoft Knowledge Base article (<a target="_blank" href="https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d" rel="noopener">KB5025885</a>) gives the timeline and steps admins need to take to protect Windows systems affected by CVE-2023-24932, a <a href="https://www.techtarget.com/searchwindowsserver/news/366537316/Light-May-Patch-Tuesday-will-weigh-heavily-on-Windows-admins">Secure Boot security feature bypass vulnerability</a> first reported in May 2023. This flaw is not limited to on-premises physical devices, but also affects some VMs and cloud-based devices.</p> <p>The Microsoft security update from May Patch Tuesday addressed the vulnerability that allowed an attacker with physical access or administrative privileges to exploit a system with the BlackLotus <a href="https://www.techtarget.com/whatis/definition/Unified-Extensible-Firmware-Interface-UEFI">UEFI</a> bootkit and alter the system's boot policy. The threat actor could then lower the system's defenses, opening the way to further damage.</p> <p>However, the protections from the security update are not enabled by default because it removes the existing <a href="https://www.techtarget.com/searchdatacenter/definition/boot-loader-boot-manager">boot manager</a>, which could cause problems with system boot configurations.</p> <p><a href="https://www.techtarget.com/searchwindowsserver/news/366544377/Microsoft-repairs-5-zero-days-for-July-Patch-Tuesday">July Patch Tuesday added revocation files</a> to update the Code Integrity Boot Policy and the Secure Boot UEFI Forbidden List, which add full protection from CVE-2023-24932. Following the deployment of this security update, admins need to follow several steps to complete the process. Admins should be aware that any bootable media that does not have the July Patch Tuesday updates will not work after the revocations have been implemented on the system.</p> <p>"Once the mitigation for this issue is enabled on a device, meaning the revocations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even reformatting of the disk will not remove the revocations if they have already been applied," Microsoft wrote.</p> <p>In Microsoft's third deployment phase, the security updates for April Patch Tuesday will add more boot manager mitigations. Admins will have until October Patch Tuesday to prepare for the final step, the enforcement phase, which will apply the Code Integrity Boot Policy and Secure Boot disallow list revocations.</p> <p>Goettl said admins need to redo all bootable media to avoid future issues. The other hurdle is to check systems for problems with the firmware update.</p> <p>"The final stage coming in October is when mandatory enforcement begins and mitigations become revocations," he said. "The update will no longer allow anything that is vulnerable to the Secure Boot bypass. The biggest challenge will be checking the Windows event error logs."</p> <p>Goettl said it will take some work for admins to examine all the system event logs for codes that tell if the patch did or did not install properly. Microsoft <a target="_blank" href="https://support.microsoft.com/en-us/topic/kb5016061-secure-boot-db-and-dbx-variable-update-events-37e47cf8-608b-4a87-8175-bdead630eb69" rel="noopener">released a list</a> of relevant event IDs to help with this process.</p> <p>"When the updated [Forbidden Signature Database] DBX revocation list is installed on a device, Windows checks to determine whether the system is in a state where the DBX update can be successfully applied to the firmware and will report event log errors if an issue is detected," Microsoft wrote.</p> <p><i>Tom Walat is the site editor for TechTarget Editorial's Windows Server site, where he manages all site content. Walat previously worked for a newspaper in the Greater Boston area.</i></p> </section> Microsoft also corrects a remote code execution flaw on Exchange Server and issues an advisory related to changes with an outdated file-scanning feature on the messaging platform. https://cdn.ttgtmedia.com/rms/onlineimages/security_a303249453.jpg https://www.techtarget.com/searchwindowsserver/news/366573352/March-Patch-Tuesday-fixes-critical-Hyper-V-vulnerabilities Tue, 12 Mar 2024 21:29:00 GMT March Patch Tuesday fixes critical Hyper-V vulnerabilities <h3>What is Windows Sysinternals?</h3> <p>Windows Sysinternals is a collection of 70 <a href="https://www.techtarget.com/whatis/definition/freeware">freeware</a> utilities that Microsoft offers IT administrators and developers to help them monitor, manage, diagnose and <a href="https://www.techtarget.com/whatis/definition/troubleshooting">troubleshoot</a> <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows">Windows</a> systems and their applications. Microsoft has also started porting some of the Sysinternals tools to the <a href="https://www.techtarget.com/searchdatacenter/definition/Linux-operating-system">Linux</a> platform, although the number of tools is still limited.</p> <p>Each Sysinternals utility is an <a href="https://www.techtarget.com/whatis/definition/executable-file-exe-file">executable file</a> that users can run on demand without needing to install a program on their systems. Microsoft provides utilities for x86, x64 and <a href="https://www.techtarget.com/whatis/definition/ARM-processor">Arm64</a> Windows platforms, as well as for systems running <a href="https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Nano-Server">Nano Server</a>. Users have several options for acquiring and running these tools:</p> <ul class="default-list"> <li>Download the individual utilities or one of the full suites from the <a href="https://learn.microsoft.com/en-us/sysinternals/" target="_blank" rel="noopener">Microsoft Sysinternals site</a> or from the <a href="https://live.sysinternals.com/" target="_blank" rel="noopener">Sysinternals Live site</a>.</li> <li>Run the utilities directly from the Sysinternals Live site without downloading the files. For example, you can use the following command to run the AccessChk utility at a command prompt: <span style="font-family: courier new, courier, monospace;">\\live.sysinternals.com\tools\handle</span>.</li> <li>Download the suite from the <a href="https://apps.microsoft.com/store/detail/sysinternals-suite/9P7KNL5RWT25" target="_blank" rel="noopener">Microsoft Store</a>. The suite is installed as an MSIX bundle that includes separate packages for x86, x64 and Arm64 systems.</li> <li>For the ported Linux tools, download the source code from <a href="https://github.com/Sysinternals" target="_blank" rel="noopener">GitHub</a>. Microsoft has ported only a few Sysinternals tools to Linux.</li> </ul> <p>Sysinternals generally doesn't include utilities that can't be used for troubleshooting, such as BlueScreen Screen Saver. Also, some of the original utilities are no longer available as standalone tools because their functionality has been incorporated into other Sysinternals tools. For example, the features in RegMon and FileMon were rolled into the Process Monitor utility.</p> <p>Microsoft also offers Sysinternals tools for Nano Server, a lightweight version of Windows Server. Because Nano Server does not run 32-bit applications, Microsoft developed 64-bit versions of more than 40 Sysinternals utilities so they'd be compatible with Nano Server. The utilities, which include "64" at the end of their file names, also work with other 64-bit Windows systems.</p> <h3>Sysinternals categories</h3> <p>Microsoft divides the Sysinternals utilities into the following six categories:</p> <ol class="default-list"> <li><b>File and disk.</b> This category provides utilities that monitor file usage and disk status. For example, it includes DiskMon for capturing hard disk activity, SDelete for securely overwriting sensitive files and Disk Usage for viewing disk usage by directory.</li> <li><b>Networking.</b> This category offers utilities for troubleshooting and monitoring connections on desktop and server systems. Two of the more popular tools are <a href="https://www.techtarget.com/searchwindowsserver/definition/TCPView">TCPView</a>, which checks <a href="https://www.techtarget.com/searchnetworking/definition/TCP">TCP</a> and User Datagram Protocol (<a href="https://www.techtarget.com/searchnetworking/definition/UDP-User-Datagram-Protocol">UDP</a>) endpoints, and PsTools, a set of <a href="https://www.techtarget.com/searchwindowsserver/definition/command-line-interface-CLI">command-line</a> utilities for listing and running processes on local and remote systems.</li> <li><b>Process.</b> This category includes utilities for monitoring and troubleshooting running applications. One popular utility is <a href="https://www.techtarget.com/searchenterprisedesktop/definition/Process-Explorer">Process Explorer</a>, which monitors the files, registry keys and other objects that a process has open. Another popular tool is Process Monitor, a tool that shows real-time activity in the file system, registry and processes.</li> <li><b>Security.</b> This category offers <a href="https://www.techtarget.com/searchsecurity/definition/security">security</a>-based utilities such as LogonSessions, which lists the active logon sessions, and <a href="https://www.techtarget.com/searchenterprisedesktop/photostory/2240218252/Five-Windows-Sysinternals-utilities-can-aid-in-desktop-troubleshooting/3/Disabling-unwanted-components-with-Sysinternals-Autoruns">Autoruns</a>, which shows the applications that start automatically when the system boots.</li> <li><b>System information.</b> This category includes utilities that display general information about a workstation or server. For example, the Coreinfo utility shows the mappings between logical and physical processors, and the Handle utility lists which files are open by which processes.</li> <li><b>Miscellaneous.</b> Utilities in this category do not fit into other categories and have limited diagnostic or troubleshooting capabilities. One of the more popular tools is BgInfo, which creates a background image that shows key features of the system's configuration, such as the <a href="https://www.techtarget.com/whatis/definition/IP-address-Internet-Protocol-Address">IP address</a> and computer name.</li> </ol> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/editorial/090518_SWS_ProcessExplorer_Fig1.png"> <img data-src="https://www.techtarget.com/rms/editorial/090518_SWS_ProcessExplorer_Fig1_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/editorial/090518_SWS_ProcessExplorer_Fig1_mobile.png 960w,https://www.techtarget.com/rms/editorial/090518_SWS_ProcessExplorer_Fig1.png 1280w" alt="Windows Sysinternals Process Explorer screenshot" height="288" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Process Explorer lets administrators do a technical deep dive into Windows processes. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>History of Sysinternals</h3> <p>The original Sysinternals tools were developed by Mark Russinovich and Bryce Cogswell. In 1996, they launched a website named NTInternals, which hosted the Sysinternals freeware utilities and related articles. The first utility they released, NTFSDOS, enabled a <a href="https://www.techtarget.com/searchenterprisedesktop/definition/MS-DOS">Microsoft Disk Operating System</a> machine to read New Technology (NT) File System volumes.</p> <p>In the same year, Russinovich and Cogswell founded Winternals, a company whose goal was to develop advanced Windows technologies. Out of this effort came a range of software products, including Protection Manager, Defrag Manager, Administrator's Pak and Recovery Manager. The company also continued to refine the Sysinternals tools.</p> <p>In 1998, Russinovich and Cogswell renamed the NTInternals site to Sysinternals. This came after Microsoft's legal department requested that Winternals change the name, citing the similarity between the name NTInternals and the <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows-NT">Windows NT</a> operating system (OS).</p> <p>In July 2006, Microsoft acquired Winternals and Sysinternals, and Cogswell and Russinovich joined the company. Cogswell retired from Microsoft in 2010 and no longer contributes to the Sysinternals tools. Russinovich -- currently chief technology officer of the Microsoft Azure cloud platform -- continues to participate in Sysinternals.</p> <p>Microsoft still owns the Sysinternals utilities and offers them for free through the Microsoft site. The company does not limit the number of times that someone can download or use the software. However, Microsoft does not offer any type of distribution license, which means that <a href="https://www.techtarget.com/whatis/definition/third-party">third-party</a> entities are not permitted to distribute the utilities in their software or through their websites. Microsoft currently has no plans to remove or change the availability of the Sysinternals tools.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/dataCenter-Virtualization/rammap_fig5.png"> <img data-src="https://www.techtarget.com/rms/dataCenter-Virtualization/rammap_fig5_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/dataCenter-Virtualization/rammap_fig5_mobile.png 960w,https://www.techtarget.com/rms/dataCenter-Virtualization/rammap_fig5.png 1280w" alt="VMMap screenshot"> <figcaption> <i class="icon pictures" data-icon="z"></i>VMMap enables users to view an existing process or trace a new one and observe its memory usage. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>RootkitRevealer uncovers hidden tools</h3> <p>In 2005, Sysinternals received widespread exposure when Russinovich wrote a blog that explained how he found a <a href="https://www.techtarget.com/searchsecurity/definition/rootkit">rootkit</a> on one of his computers when testing the RootkitRevealer tool in Sysinternals. The utility -- since discontinued -- produced a report of all the files and registry entries hidden from the system's <a href="https://www.techtarget.com/searchapparchitecture/definition/application-program-interface-API">application programming interfaces</a>.</p> <p>RootkitRevealer detected a rootkit that originated from a Sony BMG audio compact disc, which installed a digital rights management (DRM) program that modified the OS to prevent a user from copying the CD.</p> <p>Bowing to public pressure after the blog's release, Sony BMG recalled products with the rootkit and released an uninstaller to remove it. The company also settled class-action lawsuits related to the rootkit with the Federal Trade Commission, several states and the Electronic Frontier Foundation.</p> <h3>Additional reference guide available</h3> <p>Russinovich and Aaron Margosis co-authored a Sysinternals companion book called <i>Troubleshooting with the Windows Sysinternals Tools,</i> which provides in-depth details about working with the various utilities, along with tips and tricks for using them.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/rtyXJC6RdpA?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p><em>Use the <a href="https://www.techtarget.com/searchwindowsserver/tutorial/Using-the-Sysinternals-Sysmon-tool-to-check-DNS-queries">Sysinternals Sysmon tool to check DNS queries</a> and these <a href="https://www.techtarget.com/searchwindowsserver/tip/Windows-troubleshooting-tools-to-improve-VM-performance">Windows troubleshooting tools to improve virtual machine performance</a>. Check out <a href="https://www.techtarget.com/searchitoperations/tip/These-IT-automation-scripts-take-little-effort-and-save-a-lot-of-work">IT automation scripts that take little effort and save a lot of work</a>. Learn about <a href="https://www.techtarget.com/searchwindowsserver/definition/PowerShell">PowerShell and how to use it</a>. Explore <a href="https://www.techtarget.com/searchnetworking/tip/PowerShell-commands-for-network-troubleshooting">16 PowerShell commands for network troubleshooting</a> and <a href="https://www.techtarget.com/searchwindowsserver/tip/Top-PowerShell-commands-you-must-know-with-cheat-sheet">top PowerShell commands you must know in general</a>.</em></p> Windows Sysinternals is a collection of 70 freeware utilities that Microsoft offers IT administrators and developers to help them monitor, manage, diagnose and troubleshoot Windows systems and their applications. https://cdn.ttgtmedia.com/visuals/digdeeper/5.jpg https://www.techtarget.com/searchwindowsserver/definition/Windows-Sysinternals Mon, 18 Sep 2023 09:00:00 GMT Windows Sysinternals SearchWindows Server Resources and Information from TechTarget 60 webmaster@techtarget.com