|
|
| 第 95 行: |
第 95 行: |
|
| |
|
| === Windows 安全 === | | === Windows 安全 === |
| Support for encrypting disk drives has been added via the BitLocker to Go functionality. Base BCrypt encryption functions and cryptosystem primitives for [[w:RSA (cryptosystem)|Rivest–Shamir–Adleman]] (RSA), [[w:Digital Signature Algorithm|Digital Signature Algorithm]] (DSA) and [[w:Elliptic-curve cryptography|elliptic curve]]s have been merged into a unified <code>BCryptPrimitives</code> library.
| | 通过 BitLocker to Go 功能,增加了对加密磁盘驱动器的支持。基本的 BCrypt 加密函数和用于 Rivest–Shamir–Adleman (RSA)、数字签名算法 (DSA) 及椭圆曲线的密码系统原语合并到一个统一的 <code>BCryptPrimitives</code> 库中。 |
|
| |
|
| Kerberos authentication now supports sending AES-encrypted pre-authentication requests upon the first Authentication Service request, and can be controlled via group policy. Additional compliance with IETF RFC 1510 has been made through the addition of the <code>KSetup</code> command-line utility, which allows for manually configuring realm settings, user and computer account mappings, password configuration as well as the ability to join an Active Directory domain. A Kerberos logon ticket cache list utility has also been added. | | Kerberos 认证现在支持在第一次身份验证服务请求时发送 AES 加密的预身份验证请求,并且可以通过组策略进行控制。通过添加 <code>KSetup</code> 命令行工具,进一步符合 IETF RFC 1510,此工具允许手动配置领域设置、用户和计算机帐户映射、密码配置,以及加入一个活动目录域的能力。还增加了 Kerberos 登录票据缓存列表工具。 |
|
| |
|
| The <code>NLTest</code> command-line tool has been added, and is used to interact with the NetLogon service on an existing server machine, and supports capabilities including (but not limited to) user authentication, querying service details, controlling Secure Channel variables, and Active Directory domain controller and forest management. It is now possible to remotely associate a computer or user account as the principal for a specific machine or device on the current network via the <code>SetSPN</code> utility.
| | 添加了 <code>NLTest</code> 命令行工具,并用于与现有服务器上的 NetLogon 服务交互,支持的功能包括(但不限于)用户身份验证、查询服务详细信息、控制安全通道变量,以及 Active Directory 域控制器和森林管理。现在可以通过 <code>SetSPN</code> 工具远程关联计算机或用户帐户作为当前网络上特定机器或设备的主体。 |
|
| |
|
| OEMs can now customize the Windows logon screen to include their own branding with custom background images.
| | OEM 现在可以自定义 Windows 登录屏幕,将他们自己的品牌与自定义背景图像结合在一起。 |
|
| |
|
| === Windows 安装程序 === | | === Windows 安装程序 === |