I repost my question Security changes between Windows 2008 (Windows 7) and 2008 R2? since my account (vgv8) was banned on the StackExchange sites and I am banned to access to my own posts there. UPDATE: Changed the title to: changes in Windows (mechanisms) from 2008 (Vista) to 2008 R2(7) (related to loopback check) (previous did not mention loopback check)

Changes for Windows Server 2008 R2 on Security: AppLocker: AppLocker™ is a new feature in Windows® 7 and Windows Server® 2008 R2 that replaces the Software Restriction Policies feature. AppLocker contains new capabilities and extensions that reduce administrative overhead and help administrators control how users can access and use files, such as .exe files, scripts, Windows Installer files (.msi and .msp files), and DLLs. Biometrics: A growing number of computers, particularly portable computers, include embedded fingerprint readers. Fingerprint readers can be used for identification and authentication of users in Windows. Until now, there has been no standard support for biometric devices or for biometric-enabled applications in Windows. Computer manufacturers had to provide software to support biometric devices in their products. This made it more difficult for users to use the devices and administrators to manage the use of biometric devices. Windows 7 includes the Windows Biometric Framework that exposes fingerprint readers and other biometric devices to higher-level applications in a uniform way, and offers a consistent user experience for discovering and launching fingerprint applications. It does this by providing the following: A Biometric Devices Control Panel item that allows users to control the availability of biometric devices and whether they can be used to log on to a local computer or domain. Device Manager support for managing drivers for biometric devices. Credential provider support to enable and configure the use of biometric data to log on to a local computer and perform UAC elevation. Group Policy settings to enable, disable, or limit the use of biometric data for a local computer or domain. Group Policy settings can also prevent installation of biometric device driver software or force the biometric device driver software to be uninstalled. Biometric device driver software available from Windows Update. Service-accounts: Two new types of service accounts are available in Windows Server® 2008 R2 and Windows® 7—the managed service account and the virtual account. The managed service account is designed to provide crucial applications such as SQL Server and IIS with the isolation of their own domain accounts, while eliminating the need for an administrator to manually administer the service principal name (SPN) and credentials for these accounts. Virtual accounts in Windows Server 2008 R2 and Windows 7 are "managed local accounts" that can use a computer's credentials to access network resources. User-Account Control: In Windows® 7 and Windows Server® 2008 R2, UAC functionality is improved to: Increase the number of tasks that the standard user can perform that do not prompt for administrator approval. Allow a user with administrator privileges to configure the UAC experience in the Control Panel. Provide additional local security policies that enable a local administrator to change the behavior of the UAC messages for local administrators in Admin Approval Mode. Provide additional local security policies that enable a local administrator to change the behavior of the UAC messages for standard users. Auditing: There are a number of auditing enhancements in Windows Server® 2008 R2 and Windows® 7 that increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies. These enhancements include: Global Object Access Auditing. In Windows Server 2008 R2 and Windows 7, administrators can define computer-wide system access control lists (SACLs) for either the file system or registry. The specified SACL is then automatically applied to every single object of that type. This can be useful both for verifying that all critical files, folders, and registry settings on a computer are protected, and for identifying when an issue with a system resource occurs. "Reason for access" reporting. This list of access control entries (ACEs) provides the privileges on which the decision to allow or deny access to the object was based. This can be useful for documenting the permissions, such as group memberships, that allow or prevent the occurrence of a particular auditable event. Advanced audit policy settings. These 53 new settings can be used in place of the nine basic auditing settings under Local Policies\Audit Policy to allow administrators to more specifically target the types of activities they want to audit and eliminate the unnecessary auditing activities that can make audit logs difficult to manage and decipher. Source:What's New in Security in Windows Server 2008 R2Certifications: MCSA 2003|MCSE 2003|MCTS| MCTIP:SA

You answer to something non-asked, without reading the link to question! At least, I could not find any relation! What are docs and explanations (rationale, etc.) of changes in the behavior causing, for ex., changes in behavior of loopback security check feature in Windows-es, other mechanisms, etc.

Your question is as I far as I see: What are the security changes in Windows Server 2008 R2 (and Windows 7) in comparison with Windows Server 2008? I've posted the security changes for you, that's what you asked? Or do I misunderstand your question? I see your are developer, maybe the MSDN forum would a better place to ask this question. Because we don't know much about code changes and protocol changes. See here: http://social.msdn.microsoft.com/Forums/en-US/category/windowsserver Certifications: MCSA 2003|MCSE 2003|MCTS| MCTIP:SA

My question was about changes in Windows but not in GUI. Those are not changes in Windows (mechanisms) and I doubt that even manifestations of them. Then, I asked in certain context! Or you answer by just reading titles? I tried developer forums. I am sent from there to Windows Server forum. This question has nothing to do with development, it is related with Windows mechanisms.

One wonders why you might have had to point this out, "since my account (vgv8) was banned on the StackExchange sites and I am banned to access to my own posts there". -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html -- Shenan Stanley MS MVP --

Shenan Stanley(MS-MVP) wrote: One wonders why you might have had to point this out, "since my account (vgv8) was banned on the StackExchange sites and I am banned to access to my own posts there". 1) To give concrete conxt to the question. It is in context of breaking to webapps changes in loopback behavior check security feature between 1)Windows Server 2008/ 1a)Windows Vista) and 2)Windows 2008 R2/2a)Windows 7 1a) The cited question is more formulated/worded and if you unveil sublinks from there, they are dozens. 2) To avoid off-topic dicsussions of what has already been established there. For ex., that these changes were between codebases of 1 / 1a) and 2) /2a). For me, this was interesting. I am not sysadmin, I am developer 2a) To warn against copy&pasting the results of googling, since sysadmins tend to answer without reading question to something what has not been asked. 3) To warn against answering in cited sites there since I do not have acces to my own posts there 4) other quite obvious reasons