Windows Server 2025 Launches with Hotpatching Support and Active Directory Enhancements

Windows Server 2025 introduces seamless updates, enhanced security, and hybrid cloud integration.

Published: Nov 04, 2024

Cloud Computing

SHARE ARTICLE

Key Takeaways:

  • Windows Server 2025 introduces hotpatching, allowing security updates to be applied without a system reboot.
  • Windows Server 2025 supports in-place upgrades from Windows Server 2012 R2 and later versions.
  • Certain legacy features, like WordPad, IIS 6 management console, and Windows PowerShell 2.0 Engine, are no longer supported.

Windows Server 2025, which launched in public preview earlier this year, is now generally available for commercial customers. The latest version comes with a set of new features to enhance performance and security, including hotpatching support, expanded Active Directory capabilities, and advanced security configurations. Customers will be able to perform in-place upgrades right back to Windows Server version 2012 R2.

Hotpatching

In Windows Server 2025, Microsoft has introduced hotpatching support that allows administrators to apply security updates without requiring a reboot. This feature works by patching the in-memory code of running processes and minimizes disruptions to the services.

Compared to traditional updates, hotpatches are smaller and quicker to apply as well as make it easier to manage and orchestrate updates across their infrastructure. This feature is available in both the Standard and Datacenter editions of Windows Server 2025.

Windows Server 2025 Launches with Hotpatching Support and Active Directory Enhancements
Hotpatching in Windows Server 2022 Azure Edition (Image Credit: Microsoft)

Active Directory enhancements

Microsoft has announced some major improvements coming to Active Directory Domain Services (AD DS) and Active Directory Lightweight Domain Services (AD LDS). The company has also increased the database page size from 8k to 32k as well as extended the AD schema with three new Log Database Files (LDF), including sch89.ldf, sch90.ldf, and sch91.ldf.

Additionally, Microsoft has added a new feature that lets administrators repair objects with missing core attributes. There are also new domain and forest functional levels to support the 32k database page size and other new capabilities. The latest update brings enhanced support for Non-Uniform Memory Access (NUMA) to boost performance on multi-processor systems.

Server Message Block

Windows Server 2025 adds several new capabilities to the Server Message Block (SMB). The SMB over QUIC feature allows secure and reliable file sharing over untrusted networks. It’s currently available in both Windows Server Standard and Windows Server Datacenter versions. Moreover, SMB signing is now required by default for all SMB outbound connections to prevent data tampering and relay attacks.

Furthermore, the SMB authentication rate limiter feature limits the number of authentication attempts within a certain time period. The SMB feature now offers enhanced auditing capabilities for SMB over QUIC as well as supports third-party encryption and signing.

Azure Arc integration

With Azure Arc integration, IT admins manage and secure their servers across on-premises, multi-cloud, and edge environments. The Azure Arc feature-on-demand is installed by default, which makes it easier to add servers to Azure Arc.

Block cloning support

Microsoft has introduced block cloning support for Dev Drive in Windows Server 2025. This security feature offers dramatic performance improvements for file copy operations when used with the ReFS file system. Dev Drive is a feature taken from Windows 11 that’s designed to improve file system performance for developers that are performing frequent write operations on small files. Dev Drives provides a volume that tunes Windows filesystem properties to reduce overhead, primarily from Microsoft Defender Antivirus and other Windows-specific features.

Security improvements

Windows Server 2025 includes over 350 preconfigured security settings that help to align the system configuration with Microsoft’s best practices and industry standards. Additionally, the virtualization-based security (VBS) enclaves feature isolate sensitive data in a secure partition in memory and cryptographic key protection.

Windows Local Administrator Password Solution (LAPS)

Microsoft has announced that organizations can now use Windows LAPS for managing local admin accounts in AD. This service also enables administrators to generate less complex passwords and passphrases. The latest update also brings a new feature that helps to detect when an image rollback occurs.

Removed and deprecated features

Windows Server 2025 no longer supports a couple of features, including WordPad, the IIS 6 management console, the SMTP Server, and the Windows PowerShell 2.0 Engine. Microsoft has also deprecated a couple of features in the latest version of Windows Server, including Computer Browser, Network Load Balancing (NLB), WMIC, NTLM, and Windows Server Update Services (WSUS).

Windows Server 2025 processor requirements

Last but not least, Microsoft Microsoft has released a CPU support list for Windows Server 2025, which now includes second- through fifth-generation Intel Xeon SP CPUs, as well as the Xeon D, E, and 6 series, among others.

Windows Server 2025 also supports the AMD EPYC 7002 series, 7003 series, 4004 series, 8004 series, 9004 series, and 9005 series. We invite you to checkout this support page for more details.

SHARE ARTICLE