Secondly, Longhorn Active Directory Domain Services now supports multiple password policies within a domain. Previously only a single password policy could be set for a domain accounts within a domain. If you wished to enforce differing levels of password complexity for users, you either needed mulitple domains, or a custom passfilt.dll password filter.

Recently Ulf B. Simon-Weidner let the "cat out of the bag" proverbially speaking, and blogged the changes that will come with Longhorn Server. Now we have the ability to control password policies on a per user/group basis.

This allows organisations to set far stricter requirements for privileged accounts (service accounts, administrative accounts) without having to implement a separate domain.

Lastly I'd like to mention the huge array of new Group Policy options that will come Out-of-the-box with Longhorn Server. Actually these are available today (for managing Windows Vista), but will require some additional components to be installed on Windows Server 2003.

Not only are there new inbuilt configuration options with Windows Vista and Longhorn Server, but there are a number of other improvements. In particular, a new ADMX format for Group Policy templates will simplify the creation of custom templates by administrators. Replication is assisted by the fact that DFS (rather than FRS) is now used for replication, and that updating a GPO in a way that doesn't affect a template (e.g. changing a setting or editing permissions) doesn't require the ADM/ADMX itself to be replicated.

And one of the last enhancements with GPOs is a new GPMC (Group Policy Management Console) available inbox with Longhorn Server (it took me about 3 hours to figure that out for the B3 build). More details of changes are available on TechNet.

In the next post, we'll look at a topic closer to my heart - the new Application Server capabilities (IIS, WCF etc) available in Longhorn Server.