Three questions & answers: The most important innovations in Windows Server 2025

A new Windows Server is a concern for most administrators – Microsoft's system is used in so many places that the new 2025 also has to manage the balancing act between innovative features and legacy features that are still needed. iX cover author Evgenij Smirnov explains in an interview why the release is definitely a worthwhile update.

What is the most important new feature in Windows Server 2025 for administrators – and why?

For the vast majority who operate their servers on premises with the desktop GUI, the long-awaited terminal integration is certainly a major highlight. For those who strategically integrate administration from the cloud using Azure Arc into their system management concept, hotpatching will help to increase the availability of services and make the entire update process more fluid.

SSH is a protocol well known to many Linux administrators. Why should it now also be used with Windows?

The biggest functional gain over the previous WinRM or DCOM remoting is the ability to reach and manage the systems in the same way from any client platform – Windows, Unix, Linux or macOS –. The protocol automatically includes transport encryption, so that quite good protection against the interception of administrative communication is guaranteed.

However, SSH involves a certain amount of effort as well as potential security risks. An SSH session with explicit authentication is not covered by the guidelines for preventing interactive login, but leaves credentials in the same way as a conventional RDP session. If you switch to SSH in the context of PowerShell remoting, you currently lose all JEA functionality and usually have to grant higher privileges directly to the accessing accounts. This makes JIT all the more valuable, which many companies have not yet mastered sufficiently. And with SSH login using key pairs, we are entering a whole new discipline – private keys in the user context must be protected by DPAPI if you do not want to or cannot use the key distribution service.

What unexpected changes are there in the new Windows Server?

I didn't initially expect the merger with Windows 11 to go so far that we would find Microsoft Store, WinGet and WLAN and even Bluetooth in the server. The use cases will still have to develop, and standard server hardware does not normally have WLAN or Bluetooth devices built in. From a security point of view, both unexpected innovations will also present administrators with new challenges – Both store access and wireless communication channels will have to be managed in a binding manner – something that was previously only an issue in client management, where it was well covered by the respective endpoint management.

Evgenij, many thanks for the answers! Readers can find a detailed test of the new Windows Server 2025 in the new iX 10/2024, which is available from today. The October issue places a special focus on the thoroughly renovated Active Directory.

In the "Three questions and answers" series, iX aims to get to the heart of today's IT challenges – regardless of whether it is the user's view in front of the PC, the manager's view or the everyday life of an administrator. Do you have any suggestions from your day-to-day work or that of your users? Whose tips on which topic would you like to read in a nutshell? Then please write to us or leave a comment in the forum.

(fo)