Insider Announcing Windows Server LTSC Preview Build 25075


  • Staff
Hello Windows Server Insiders!

Today we are pleased to release a new build of the next Windows Server Long-Term Servicing Channel (LTSC) Preview that contains both the Desktop Experience and Server Core installation options for Datacenter and Standard editions. Branding has not yet been updated and remains as Windows Server 2022 in this preview - when reporting issues please refer to "VNext" rather than Windows Server 2022 which is currently in market.

What's New​

SMB NTLM Authentication Rate Limiter

SMB isn't just a file server running on tens of millions of Windows Server machines, it's a ubiquitous service on more than a billion Windows 10 and 11 computers. While not remotely accessible by default, and even though not all machines are dedicated file servers, IT staff often enable access to the SMB server for legitimate organizational reasons like file transfers. A side effect of this ubiquity is SMB can be a useful authentication mechanism for bad actors to attempt brute force dictionary attacks. After enumerating or guessing Active Directory or local account names through other means, an attacker can send NTLM logons to a machine at high rate - dozens to hundreds of attempts per second - in an attempt to guess their password. If an organization has no intrusion detection software or does not set a password lockout threshold, an attacker might guess a user's password in a matter of hours or less.

Starting in Windows Insider build 25069.1000.220302-1408 and later on Windows 11 and Windows Server 2022, the SMB Server service now implements a default 2-second delay between each failed NTLM-based authentication. This means that if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes, the same number of attempts would now take 25 hours at a minimum. This setting is controllable by an administrator and can also be disabled. It's possible the default time and behaviors may change after we evaluate usage in Insiders and take feedback; it's also possible some third-party applications may have problems with this new feature - please use Feedback Hub to file bugs if you find that disabling the feature resolves your application's issue.

This feature is controlled with PowerShell cmdlet:

Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n

The value is in milliseconds, must be a multiple of 100 and can be 0-10000. Setting to 0 disables the feature.

To see the current value, run:

Get-SmbServerConfiguration

This behavior change has no effect on Kerberos, which authenticates before an application protocol like SMB connects. It is designed to be another layer in your defense in depth planning. This continues the new generation of SMB and file server security enhancements first begun with SMB over QUIC in Windows 11 and Windows Server 2022. We will deprecate and remove many legacy SMB and pre-SMB protocol behaviors over the next few major releases of operating systems in a security modernization campaign similar to the removal of SMB1.

Available Downloads​

  • Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only.
  • Microsoft Server Languages and Optional Features Preview
Keys: Keys are valid for preview builds only.
  • Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH
  • Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67
Symbols: available on the public symbol server – see Using the Microsoft Symbol Server.

Expiration: This Windows Server Preview will expire September 15, 2022.

How to Download​

Registered Insiders may navigate directly to the Windows Server Insider Preview download page. If you have not yet registered as an Insider, see GETTING STARTED WITH SERVER on the Windows Insiders for Business portal.

We value your feedback!​

The most important part of the release cycle is to hear what's working and what needs to be improved, so your feedback is extremely valued. For Windows Server, use your registered Windows 10 or Windows 11 Insider device and use the Feedback Hub application. In the app, choose the Windows Server category and then the appropriate subcategory for your feedback. In the title of the Feedback, please indicate the build number you are providing feedback on as shown below to ensure that your issue is attributed to the right version:

[Server #####] Title of my feedback

See Give Feedback on Windows Server via Feedback Hub for specifics. We also encourage you to visit the Windows Server Insiders space on the Microsoft Tech Communities forum to collaborate, share and learn from experts. The Insider forum supports pre-release builds of the next version of Windows Server. For versions that have been released to general availability in market, try the Windows Server for IT Pro forum or contact Support for Business.

Diagnostic and Usage Information​

Microsoft collects this information over the internet to help keep Windows secure and up to date, troubleshoot problems, and make product improvements. Microsoft server operating systems can be configured to turn diagnostic data off, send Required diagnostic data, or send Optional diagnostic data. During previews, Microsoft asks that you change the default setting to Optional to provide the best automatic feedback and help us improve the final product.

Administrators can change the level of information collection through Settings. For details, see http://aka.ms/winserverdata. Also see the Microsoft Privacy Statement.

Terms of Use​

This is pre-release software - it is provided for use "as-is" and is not supported in production environments. Users are responsible for installing any updates that may be made available from Windows Update. All pre-release software made available to you via the Windows Server Insider program is governed by the Insider Terms of Use.


Source:
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Back
Top Bottom