Windows Server 2025 Standard

MS

Windows Server 2025 Standard

(No reviews yet) Write a Review
CA$800.00
Adding to cart… The item has been added
SKU:
WINSERV2025STD1USER
UPC:
4050118029291

Windows Server 2025 Standard:

*** IMPORTANT NOTE: This is a RETAIL Edition, and no software assurance is needed for this type. ***

A New Era of Hybrid Cloud, Enhanced Security, and Performance Excellence

Windows Server 2025 Standard is gearing up to be a significant update with a focus on hybrid, adaptive cloud environments, reflecting Microsoft's commitment to innovation based on user feedback. The introduction of this version was officially announced by Microsoft, aiming to cater to the evolving needs of modern businesses with enhanced security, performance improvements, and new features.

 

Why do you buy from us?

  • Expert advice on any SERVER-related matter without any extra cost.
  • Expert advice on SERVER download, installation, and activation free of charge.
  • Buy our server products without any hesitation, as we will give you the complete set of instructions needed until it is fully activated, or we will refund your money in full.   
  • 100% Full Refund or Replacement Guaranteed in case of any failure and without any drama, which gives you complete peace of mind.
  • We are an Australian GST registered business (ABN: 43 657 323 491). Contact us at +61 3 9013 7712, +61 0480 330 414 or National Toll-Free: +61 1300 849 283 (operating for 12 years).
  • 100% Genuine & Full Edition
  • Instant delivery to your email inbox
  • Remote installation support is provided (free of charge).
  • Global Edition (Works Worldwide)
  • Electronic Download Version

 

Microsoft Windows Server 2025 Key Features

Windows Server 2025 introduces several advancements to address the needs of modern IT environments, especially for hybrid and high-security applications.

  1. Enhanced Hybrid and Cloud Integration: Windows Server 2025 deepens Azure Arc integration, allowing easier onboarding for hybrid cloud solutions, enabling Arc-enabled hotpatching, and supporting multi-cloud environments with flexible management tools and software-defined networking for remote connectivity.

  2. Security Features: Credential Guard is now enabled by default, and enhancements in Server Message Block (SMB) provide stronger protections against spoofing and relay attacks. Active Directory security has also been updated with default LDAP encryption, and NTLM use is minimized to further secure authentication processes.

  3. Improved Virtualization and AI Support: GPU partitioning is available in Hyper-V with live migration capabilities, aimed at supporting AI and machine learning workloads. The Server 2025 version also supports high scalability, with improved VM performance, allowing up to 240TB memory per VM and 4PB host memory, an increase beneficial for large-scale AI and data-heavy applications.

  4. Hotpatching for Minimal Downtime: This feature enables application of security patches without rebooting, supporting both Azure and non-Azure environments, improving uptime and reducing disruptions.

  5. Advanced Storage and Networking: Windows Server 2025 includes ReFS-based data deduplication and compression, significantly enhancing storage efficiency. Network Adaptive Traffic Control (ATC) and Health and Usage Dashboard (HUD) simplify network management and monitoring, reducing setup time and enhancing issue remediation.

These features aim to enhance performance, security, and integration across complex, multi-environment infrastructures, addressing demands for scalability and streamlined management in hybrid deployments

Compare between Windows server 2025 Standard vs Datacenter:

Windows Server 2025 offers two main editions, Standard and Datacenter, each suited to different organizational needs:

  1. Virtualization Capabilities:

    • Datacenter supports unlimited virtual machines (VMs) per server, making it ideal for large-scale virtualization.
    • Standard allows only two VMs per physical processor, which is typically sufficient for small to medium-sized environments without heavy virtualization needs​
       

  2. Storage and High Availability:

    • Datacenter includes advanced storage features like Storage Spaces Direct, enabling high-performance, hyperconverged storage and offering extensive scalability for high I/O demands. It also supports Storage Replica, allowing synchronous replication across data centers for disaster recovery.
    • Standard lacks these capabilities, though it still offers basic Storage Spaces for simpler storage pooling and two-node clustering for basic high availability​
       

  3. Security Features:

    • Datacenter provides Shielded VMs and Host Guardian Service, ensuring high security for VMs against fabric-based attacks, a feature useful for organizations with strict compliance and data security requirements.
    • Standard includes robust baseline security with features like TPM and BitLocker but does not support Shielded VMs​

  4. Clustering and Scalability:

    • Datacenter supports clusters of any size with live migration, making it a fit for large, mission-critical applications needing high uptime.
    • Standard is limited to two-node clusters, which suits environments that don’t need extensive failover capacity​

In summary, Windows Server 2025 Datacenter is ideal for large enterprises needing extensive virtualization, high availability, and robust security. Standard serves smaller organizations looking for essential features at a lower cost without advanced virtualization and high-availability demands.

 

What's new

Active Directory Domain Services

The latest enhancements to Active Directory Domain Services (AD DS) and Active Directory Lightweight Domain Services (AD LDS) introduce a range of new functionalities and capabilities aimed at optimizing your domain management experience:

  • 32k database page size optional feature - AD uses an Extensible Storage Engine (ESE) database since its introduction in Windows 2000 that uses an 8k database page size. The 8k architectural design decision resulted in limitations throughout AD that are documented in AD Maximum Limits Scalability. An example of this limitation is a single record AD object, which can't exceed 8k bytes in size. Moving to a 32k database page format offers a huge improvement in areas affected by legacy restrictions, including multi-valued attributes are now able to hold up to ~3,200 values, which is an increase by a factor of 2.6.

    New DCs can be installed with a 32k page database that uses 64-bit Long Value IDs (LIDs) and runs in an "8k page mode" for compatibility with previous versions. An upgraded DC continues to use its current database format and 8k pages. Moving to 32k database pages is done on a forest-wide basis and requires that all DCs in the forest have a 32k page capable database.

  • AD schema updates - Three new Log Database Files (LDF) are introduced that extend the AD schema, sch89.ldf, sch90.ldf, and sch91.ldf. The AD LDS equivalent schema updates are in MS-ADAM-Upgrade3.ldf. For learn more about previous schema updates, see Windows Server AD schema updates

  • AD object repair - AD now allows enterprise administrators to repair objects with missing core attributes SamAccountType and ObjectCategory. Enterprise administrators can reset the LastLogonTimeStamp attribute on an object to the current time. These operations are achieved through a new RootDSE modify operation feature on the affected object called fixupObjectState.

  • Channel binding audit support - Events 3074 and 3075 can now be enabled for Lightweight Directory Access Protocol (LDAP) channel binding. When the channel binding policy was modified to a more secure setting, an administrator can identify devices in the environment that don't support or fail channel binding validations. These audit events are also available in Windows Server 2022 and later via KB4520412.

  • DC-location algorithm improvements - DC discovery algorithm provides new functionality with improvements to mapping of short NetBIOS-style domain names to DNS-style domain names. To learn more, see Active Directory DC locator changes.

     Note

    Windows doesn't use mailslots during DC discovery operations as Microsoft has announced the deprecation of WINS and mailslots for these legacy technologies.

  • Forest and Domain Functional Levels - The new functional level is used for general supportability and is required for the new 32K database page size feature. The new functional level maps to the value of DomainLevel 10 and ForestLevel 10 for unattended installs. Microsoft has no plans to retrofit functional levels for Windows Server 2019 and Windows Server 2022. To perform an unattended promotion and demotion of a Domain Controller (DC), see DCPROMO answer file syntax for unattended promotion and demotion of domain controllers.

    The DsGetDcName Application Programming Interface (API) also supports a new flag DS_DIRECTORY_SERVICE_13_REQUIRED that enables location of DCs running Windows Server 2025. You can learn more about functional levels in the following articles:

    • Forest and Domain Functional Levels

    • Raise the Domain Functional Level

    • Raise the Forest Functional Level

     Note

    New AD forests or AD LDS configuration sets are required to have a functional level of Windows Server 2016 or greater. Promotion of an AD or AD LDS replica requires that the existing domain or config set is already running with a functional level of Windows Server 2016 or greater.

    Microsoft recommends that all customers begin planning now to upgrade their AD and AD LDS servers to Windows Server 2022 in preparation of the next release.

  • Improved algorithms for Name/Sid Lookups - Local Security Authority (LSA) Name and Sid lookup forwarding between machine accounts no longer uses the legacy Netlogon secure channel. Kerberos authentication and DC Locator algorithm are used instead. To maintain compatibility with legacy operating systems, it's still possible to use the Netlogon secure channel as a fallback option.

  • Improved security for confidential attributes - DCs and AD LDS instances only allow LDAP add, search, and modify operations involving confidential attributes when the connection is encrypted.

  • Improved security for default machine account passwords - AD now uses random generated default computer account passwords. Windows 2025 DCs block setting computer account passwords to the default password of the computer account name.

    This behavior can be controlled by enabling the GPO setting Domain controller: Refuse setting default machine account password located in: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

    Utilities like Active Directory Administrative Center (ADAC), Active Directory Users and Computers (ADUC), net computer, and dsmod also honors this new behavior. Both ADAC and ADUC no longer allow creating a pre-2k Windows account.

  • Kerberos AES SHA256 and SHA384 - The Kerberos protocol implementation is updated to support stronger encryption and signing mechanisms with support for RFC 8009 by adding SHA-256 and SHA-384. RC4 is deprecated and moved to the do-not-use cipher list.

  • Kerberos PKINIT support for cryptographic agility - The Kerberos Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) protocol implementation is updated to allow for cryptographic agility by supporting more algorithms and removing hardcoded algorithms.

  • LAN Manager GPO setting - The GPO setting Network security: Don't store LAN Manager hash value on next password change is no longer present nor applicable to new versions of Windows.

  • LDAP encryption by default - All LDAP client communication after a Simple Authentication and Security Layer (SASL) bind utilizes LDAP sealing by default. To learn more about SASL, see SASL Authentication.

  • LDAP support for TLS 1.3 - LDAP uses the latest SCHANNEL implementation and supports TLS 1.3 for LDAP over TLS connections. Using TLS 1.3 eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. To learn more, see Protocols in TLS/SSL (Schannel SSP) and TLS Cipher Suites in Windows Server 2022.

  • Legacy SAM RPC password change behavior - Secure protocols such as Kerberos are the preferred way to change domain user passwords. On DCs, the latest SAM RPC password change method SamrUnicodeChangePasswordUser4 using AES is accepted by default when called remotely. The following legacy SAM RPC methods are blocked by default when called remotely:

    For domain users that are members of the Protected Users group and for local accounts on domain member computers, all remote password changes through the legacy SAM RPC interface are blocked by default including SamrUnicodeChangePasswordUser4.

  •  

    This behavior can be controlled using the following Group Policy Object (GPO) setting:

    Computer Configuration > Administrative Templates > System > Security Account Manager > Configure SAM change password RPC methods policy

  • NUMA support - AD DS now takes advantage of Non-uniform Memory Access (NUMA) capable hardware by utilizing CPUs in all processor groups. Previously, AD would only use CPUs in group 0. Active Directory can expand beyond 64 cores.

  • Performance counters - Monitoring and troubleshooting the performance of the following counters are now available:

    • DC Locator - Client and DC specific counters available.

    • LSA Lookups - Name and SID lookups through the LsaLookupNames, LsaLookupSids, and equivalent APIs. These counters are available on both Client and Server SKUs.

    • LDAP Client - Available in Windows Server 2022 and later via KB 5029250 update.

  • Replication priority order - AD now allows administrators to increase the system calculated replication priority with a particular replication partner for a particular naming context. This feature allows more flexibility in configuring the replication order to address specific scenarios.

Azure Arc

By default, the Azure Arc setup Feature-on-Demand is installed, which offers a user-friendly wizard interface and a system tray icon in the taskbar to facilitate the process of adding servers to Azure Arc. Azure Arc extends the capabilities of the Azure platform, allowing for the creation of applications and services that can operate in diverse environments. These include data centers, the edge, multicloud environments, and provide increased flexibility. To learn more, see Connect Windows Server machines to Azure through Azure Arc Setup.

Bluetooth

You can now connect mice, keyboards, headsets, audio devices, and more via bluetooth in Windows Server 2025.

Desktop shell

When you sign in for the first time, the desktop shell experience conforms to the style and appearance of Windows 11.

Delegated Managed Service Account

This new type of account enables migration from a service account to a delegated Managed Service Account (dMSA). This account type comes with managed and fully randomized keys ensuring minimal application changes while disabling the original service account passwords. To learn more, see Delegated Managed Service Accounts overview.

DTrace

Windows Server 2025 comes equipped with dtrace as a native tool. DTrace is a command-line utility that enables users to monitor and troubleshoot their system's performance in real-time. DTrace allows users to dynamically instrument both the kernel and user-space code without any need to modify the code itself. This versatile tool supports a range of data collection and analysis techniques, such as aggregations, histograms, and tracing of user-level events. To learn more, see DTrace for command line help and DTrace on Windows for additional capabilities.

Email & accounts

You can now add the following accounts in Settings > Accounts > Email & accounts for Windows Server 2025:

  • Microsoft Entra ID
  • Microsoft account
  • Work or school account

It's important to keep in mind that domain join is still required for most situations.

Feedback Hub

Submitting feedback or reporting problems encountered while using Windows Server 2025 can now be done using the Windows Feedback Hub. You can include screenshots or recordings of the process that caused the issue to help us understand your situation and share suggestions to enhance your Windows experience. To learn more, see Explore the Feedback Hub.

File Compression

Build 26040 has a new compression feature when compressing an item by performing a right-click called Compress to. This feature supports ZIP, 7z, and TAR compression formats with specific compression methods for each.

Flighting

Flighting is only available for the Canary Channel release beginning in early 2024 starting with build 26010, which allows users to receive Windows Server flights similar to Windows client. To enable flighting on your device, go to Start > Settings > Windows Update > Windows Insider Program. From there, you can choose to opt into your desired Insiders release.

Pinned apps

Pinning your most used apps is now available through the Start menu and is customizable to suit your needs. As of build 26085, the default pinned apps are currently:

  • Azure Arc Setup
  • Feedback Hub
  • File Explorer
  • Microsoft Edge
  • Server Manager
  • Settings
  • Terminal
  • Windows PowerShell

Server Message Block

Server Message Block (SMB) is one of the most widely used protocols in networking by providing a reliable way to share files and other resources between devices on your network. Windows Server 2025 brings the following SMB capabilities.

Starting with build 26090, another set of SMB protocol changes are introduced for disabling QUIC, signing, and encryption.

  • SMB over QUIC disablement

    Administrators can disable SMB over QUIC client through Group Policy and PowerShell. To disable SMB over QUIC using Group Policy, set the Enable SMB over QUIC policy in these paths to Disabled.

    • Computer Configuration\Administrative Templates\Network\Lanman Workstation

    • Computer Configuration\Administrative Templates\Network\Lanman Server

    To disable SMB over QUIC using PowerShell, run this command in an elevated PowerShell prompt:

    PowerShell 
    Set-SmbClientConfiguration -EnableSMBQUIC $false

  • SMB signing and encryption auditing

    Administrators can enable auditing of the SMB server and client for support of SMB signing and encryption. If a third-party client or server lacks support for SMB encryption or signing, it can be detected. When your third-party device or software states it supports SMB 3.1.1, but fails to support SMB signing, it violates the SMB 3.1.1 Pre-authentication integrity protocol requirement.

    You can configure SMB signing and encryption auditing settings using Group Policy or PowerShell. These policies can be changed in the following Group Policy paths:

    • Computer Configuration\Administrative Templates\Network\Lanman Server\Audit client does not support encryption

    • Computer Configuration\Administrative Templates\Network\Lanman Server\Audit client does not support signing

    • Computer Configuration\Administrative Templates\Network\Lanman Workstation\Audit server does not support encryption

    • Computer Configuration\Administrative Templates\Network\Lanman Workstation\Audit server does not support signing

    To perform these changes using PowerShell, run these commands in an elevated prompt where $true is to enable and $false to disable these settings:

    PowerShell 
    Set-SmbServerConfiguration -AuditClientDoesNotSupportEncryption $true
Set-SmbServerConfiguration -AuditClientDoesNotSupportSigning $true

Set-SmbClientConfiguration -AuditServerDoesNotSupportEncryption $true
Set-SmbClientConfiguration -AuditServerDoesNotSupportSigning $true

    Event logs for these changes are stored in the following Event Viewer paths with their given Event ID.

    Path Event ID
    Applications and Services Logs\Microsoft\Windows\SMBClient\Audit 31998
    31999
    Applications and Services Logs\Microsoft\Windows\SMBServer\Audit 3021
    3022

  • SMB over QUIC auditing

    SMB over QUIC client connection auditing captures events that are written to an event log to include the QUIC transport in the Event Viewer. These logs are stored in the following paths with their given Event ID.

    Path Event ID
    Applications and Services Logs\Microsoft\Windows\SMBClient\Connectivity 30832
    Applications and Services Logs\Microsoft\Windows\SMBServer\Connectivity 1913

  • The SMB over QUIC server feature, which was only available in Windows Server Azure Edition, is now available in both Windows Server Standard and Windows Server Datacenter versions. SMB over QUIC adds the benefits of the QUIC, which provides low-latency, encrypted connections over the internet.

    Previously, SMB server in Windows mandated inbound connections to use the IANA-registered port TCP/445 while the SMB TCP client only allowed outbound connections to that same TCP port. Now, SMB over QUIC allows for SMB alternative ports where QUIC-mandated UDP/443 ports are available for both server and client devices. To learn more, see Configure alternative SMB ports.

    Another feature that's introduced to SMB over QUIC is client access control, which is an alternative to TCP and RDMA that supplies secure connectivity to edge file servers over untrusted networks. To learn more, see How client access control works.

  • Previously, when a share was created, the SMB firewall rules would be automatically configured to enable the "File and Printer Sharing" group for the relevant firewall profiles. Now, the creation of an SMB share in Windows results in the automatic configuration of the new "File and Printer Sharing (Restrictive)" group, which no longer permits inbound NetBIOS ports 137-139. To learn more, see Updated firewall rules.

  • Starting with build 25997, an update is made to enforce SMB encryption for all outbound SMB client connections. With this update, administrators can set a mandate that all destination servers support SMB 3.x and encryption. If a server lacks these capabilities, the client is unable to establish a connection.

  • Also in build 25997, the SMB authentication rate limiter, which limits the number of authentication attempts that can be made within a certain time period, is enabled by default. To learn more, see How SMB authentication rate limiter works

  • Starting with build 25951, the SMB client supports NTLM blocking for remote outbound connections. Previously, the Windows Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) would negotiate Kerberos, NTLM, and other mechanisms with the destination server to determine a supported security package. To learn more, see Block NTLM connections on SMB

  • A new feature in build 25951 allows you to manage SMB dialects in Windows where the SMB server now controls which SMB 2 and SMB 3 dialects it negotiates compared to the previous behavior matching only the highest dialect.

  • Beginning with build 25931, SMB signing is now required by default for all SMB outbound connections where previously it was only required when connecting to shares named SYSVOL and NETLOGON on AD domain controllers. To learn more, see How signing works.

  • The Remote Mailslot protocol is disabled by default starting in build 25314 and may be removed in a later release. To learn more, see Features we're no longer developing.

  • SMB compression adds support for industry standard LZ4 compression algorithm, in addition to its existing support for XPRESS (LZ77), XPRESS Huffman (LZ77+Huffman), LZNT1, and PATTERN_V1.

Storage Replica Enhanced Log

Enhanced Logs help the Storage Replica log implementation to eliminate the performance costs associated with file system abstractions, leading to improved block replication performance. To learn more, see Storage Replica Enhanced Log.

Task Manager

Build 26040 now sports the modern Task Manager app with mica material conforming to the style of Windows 11.

Wi-Fi

It's now easier to enable wireless capabilities as the Wireless LAN Service feature is now installed by default. The wireless startup service is set to manual and can be enabled by running net start wlansvc in the Command Prompt, Windows Terminal, or PowerShell.

Windows containers portability

Portability is a crucial aspect of container management and has the ability to simplify upgrades by applying enhanced flexibility and compatibility of containers in Windows. Portability is a feature of Windows Server Annual Channel for container hosts that allows users to move container images, and their associated data, between different hosts or environments without requiring any modifications. Users can create a container image on one host and then deploy it on another host without having to worry about compatibility issues. To learn more, see Portability for containers.

Windows Insider Program

The Windows Insider Program provides early access to the latest Windows OS releases for a community of enthusiasts. As a member, you can be among the first to try out new ideas and concepts that Microsoft is developing. After registering as a member, you can opt to participate in different release channels by going to go to Start > Settings > Windows Update > Windows Insider Program.

Windows Local Administrator Password Solution (LAPS)

Windows LAPS helps organizations manage local administrator passwords on their domain-joined computers. It automatically generates unique passwords for each computer's local administrator account, stores them securely in AD, and updates them regularly. This helps to improve security by reducing the risk of attackers gaining access to sensitive systems using compromised or easily guessable passwords.

Several features are introduced to Microsoft LAPS that bring the following improvements:

  • New automatic account management feature

    The latest update allows IT admins to create a managed local account with ease. With this feature, you can customize the account name, enable or disable the account, and even randomize the account name for enhanced security. Additionally, the update includes improved integration with Microsoft's existing local account management policies. To learn more about this feature, see Windows LAPS account management modes.

  • New image rollback detection feature

    Windows LAPS now detects when an image rollback occurs. If a rollback does happen, the password stored in AD may no longer match the password stored locally on the device. Rollbacks can result in a "torn state" where the IT admin is unable to sign into the device using the persisted Windows LAPS password.

    To address this issue, a new feature was added that includes an AD attribute called msLAPS-CurrentPasswordVersion. This attribute contains a random GUID written by Windows LAPS every time a new password is persisted in AD and saved locally. During every processing cycle, the GUID stored in msLAPS-CurrentPasswordVersion is queried and compared to the locally persisted copy. If they're different, the password is immediately rotated.

    To enable this feature, it's necessary to run the latest version of the Update-LapsADSchema cmdlet. Once complete, Windows LAPS recognizes the new attribute and begins using it. If you don't run the updated version of the Update-LapsADSchema cmdlet, Windows LAPS logs a 10108 warning event in the event log, but continues to function normally in all other respects.

    No policy settings are used to enable or configure this feature. The feature is always enabled once the new schema attribute is added.

  • New passphrase feature

    IT admins can now utilize a new feature in Windows LAPS that enables the generation of less complex passphrases. An example would be a passphrase such as "EatYummyCaramelCandy", which is easier to read, remember, and type, compared to a traditional password like "V3r_b4tim#963?".

    This new feature also allows the PasswordComplexity policy setting to be configured to select one of three different passphrase word lists, all of which are included in Windows without requiring a separate download. A new policy setting called PassphraseLength controls the number of words used in the passphrase.

    When you're creating a passphrase, the specified number of words are randomly selected from the chosen word list and concatenated. The first letter of each word is capitalized to enhance readability. This feature also fully supports backing passwords up to either Windows Server AD or Microsoft Entra ID.

    The passphrase word lists used in the three new PasswordComplexity passphrase settings are sourced from the Electronic Frontier Foundation's article, "Deep Dive: EFF's New Wordlists for Random Passphrases". The Windows LAPS Passphrase Word Lists is licensed under the CC-BY-3.0 Attribution license and is available for download.

     Note

    Windows LAPS doesn't allow for customization of the built-in word lists nor the use of customer-configured word lists.

  • Improved readability password dictionary

    Windows LAPS introduces a new PasswordComplexity setting that enables IT admins to create less complex passwords. This feature allows you to customize LAPS to use all four character categories (upper case letters, lower case letters, numbers, and special characters) like the existing complexity setting of 4. However, with the new setting of 5, the more complex characters are excluded to enhance password readability and minimize confusion. For example, the number "1" and the letter "I" are never used with the new setting.

    When PasswordComplexity is configured to 5, the following changes are made to the default password dictionary character set:

    1. Don’t use these letters: 'I', 'O', 'Q', 'l', 'o'
    2. Don’t use these numbers: '0', '1'
    3. Don’t use these "special" characters: ',', '.', '&', '{', '}', '[', ']', '(', ')', ';'
    4. Start using these "special" characters: ':', '=', '?', '*'

    The Active Directory Users and Computers snap-in (via Microsoft Management Console) now features an improved Windows LAPS tab. The Windows LAPS password is now displayed in a new font that enhances its readability when shown in plain text.

  • PostAuthenticationAction support for terminating individual processes

    A new option is added to the PostAuthenticationActions (PAA) Group Policy setting, “Reset the password, sign out the managed account, and terminate any remaining processes” located in Computer Configuration > Administrative Templates > System > LAPS > Post-authentication actions.

    This new option is an extension of the previous "Reset the password and sign out the managed account" option. Once configured, the PAA notifies and then terminates any interactive sign-in sessions. It enumerates and terminates any remaining processes that are still running under the Windows LAPS-managed local account identity. It's important to note that no notification precedes this termination.

    Furthermore, the expansion of logging events during post-authentication-action execution provides deeper insights into the operation.

To learn more about Windows LAPS, see What is Windows LAPS?.

Windows Terminal

The Windows Terminal, a powerful and efficient multishell application for command-line users, is available in this build. Search for "Terminal" in the search bar.

Winget

Winget is installed by default, which is a command line Windows Package Manager tool that provides comprehensive package manager solutions for installing applications on Windows devices. To learn more, see Use the winget tool to install and manage applications.

 

Minimum hardware requirements for Windows Server 2025

The minimum hardware requirements for Windows Server 2025 (Server Core and Server with Desktop Experience) are as listed below. These requirements are applicable for both Windows Server Standard and Windows Server Datacenter editions.

If your computer’s hardware configuration is less than the requirements specified here, Windows Server 2025 may not install properly in your computer.

Please note that below specified numbers are the very minimum hardware requirements for Windows Server 2025 (Server Core and Server with Desktop Experience) to install and run. If you planning to run high resource consuming applications or services in your Windows Server 2025 computer, it is always better to pre-calculate the hardware resource requirements of those applications or services, and then plan the hardware configuration of your Windows Server 2025 accordingly.

Processor

Minimum processor requirements to install Windows Server 2022 is listed below.

  • Clock speed : 1.4 GHz
  • Processor architecture type : 64–bit Processor
  • Instruction set : x64 Compatible
  • Support for DEP/NX Protection : Should support DEP (Data Execution Prevention)/NX (No–Execute). DEP and NX features help to prevent buffer overflow attacks.
  • Support for PrefetchW, CMPXCHG16b (Compare–and–Exchange), and LAHF/SAHF : PrefetchW (Pre-fetch) fetches resources required for a program earlier than the resources are required so that programs run faster. LAHF (Load AH from Flags) and SAHF (Store AH into Flags) are used to load and store instructions for certain status flags. These are the features for virtualization.
  • SLAT (Second Level Address Translation) : Second Level Address Translation (SLAT), is a virtualization technology, implemented at the hardware level. SLAT is a required feature of the processor to run Windows Server 2025 Operating System. Hyper–V uses SLAT to optimize the available resources. Intel calls Second Level Address Translation (SLAT) technology as Extended Page Tables (EPT) and AMD calls Second Level Address Translation (SLAT) as Nested Page Tables (NPT).

Memory

  • Minimum memory requirement : Minimum memory size required to install Windows Server 2025 as Server Core is 512 MB and with Desktop experience is 2 GB as bare-metal Operating Systems.

    If you try to install Windows Server 2025 as a Guest Operating System in a Virtual Machine with exact 512 MB as RAM, the installation will fail, showing no available memory. Following image shows the error message when I tried to install Windows Server 2025 on a Virtual Machine, with exactly 512 MB memory.

    not-enough-memory-error-to-install-windows-server-2025.jpg

    I suggest 2 GB of minimum memory for Windows Server 2025 Server Core installations and minimum 4 GB memory for Windows Server 2025 with Desktop experience installations. 4 GB of memory is very common even for today’s mobile phones.

  • ECC (Error Correcting Code) : Errors are possible in physical RAM due to hardware related issues or electrical noises. Error Correction Code (ECC) supported memory cards may correct these errors in the memory. ECC is a mathematical operation on the data stored in the RAM memory and ensures that the data in the memory is correct. Note that ECC memories are not common in normal PC or laptop memory cards. ECC supported memory cards are costly than normal memory cards, and ECC memories are more commonly used in Servers or Workstations.

Storage controller

PCI Express standard-based Storage controller.

Minimum storage requirement

Windows Server 2025 requires minimum 32 GB storage space. 32 GB storage space is the very basic storage requirement. For the smooth running of Windows Server 2025 Operating System, the suggested minimum storage space is 64 GB or more.

Ethernet Adapter

Minimum 1 Gbps speed is required.

PCI Express standard-based Ethernet adapter.

Pre-boot Execution Environment (PXE boot) for network boot and network-based Windows Server 2025 installation.

Other requirements for Windows Server 2025

  • A decent bandwidth internet connection (to receive the latest updated installation files or updates from Microsoft).
  • Keyboard and Mouse.
  • DVD Drive (A DVD Drive is required if you have a DVD burnt Windows Server 2025 installation media and you are planning to boot and install Windows Server 2025 from that DVD disk).
  • Graphics, Super VGA (1024 x 768) or higher-resolution.
  • UEFI 2.3.1c-based system and firmware that supports secure boot.
  • Trusted Platform Module 2.0 (TPM 2.0) – A TPM chip is necessary for Windows Server 2025 for features like BitLocker Encryption. Please visit the following link to learn more about the TPM requirements for Windows Server 2025.

Related Products

An exceptionally experience