Longhorn Server introduces the concept of a read-only domain controller (RODC), which is great for branch offices and other locations where the machines hosting the domain controller role aren't able to be physically protected in the same way as a machine in datacenter might be. RODCs hold a read-only copy of Active Directory, which allows for the immediate benefits of faster log-ons and quicker authentication turnaround times for other network resources, as well as for long-term security benefits. No attacker can create changes in an easily accessible DC in a branch office that will then replicate up to the main tree at the corporate office, since the DC is read-only.

The RODC can also cache the credentials of branch-office users and, with just one contact to a regular, writeable domain controller up the tree, can directly service users' log-on requests. However, this caching is left off by default in the Password Replication Policy.

Security improvements

Security problems have plagued Microsoft since the Windows inception, but only in the past few years, as more people have become connected, have those flaws been heavily exploited by malcontents. Some of the vulnerabilities in products that we see on so-called Patch Tuesdays are the results of poor design decisions. These types of flaws are the ones Microsoft is hoping to stamp out in the release of Longhorn Server.

You'll see quite a bit of change to the architecture of services in Windows Server 200x, including increasing the number of layers required to get to the kernel, segmenting services to reduce buffer overflows and reducing the size of the high-risk, privileged layers to make the attack surface smaller.