The complete business guide to Windows Server 2012 RC

What's less obvious are the tools that make it easier to manage virtual networks, including the option of adding third-party virtual switches, and to keep virtual networks from interacting. There's also improved support for live migration of VMs from server to server, with tools to offload file copying on storage networks.

Virtual machines don't need to be massive, or complex. Windows Server makes it easy to quickly create and use new VMs, for test and development, or to roll out new applications quickly. There's improved support for working with NAS storage, with SMB2 support as well as for additional storage networking protocols. It's also a lot easier now to migrate VMs to the cloud, with Azure now supporting Hyper-V VMs.

A server for BYOD

Whether you like it or not, your users are bringing their own devices into work – laptops, tablets and phones, or just their USB sticks. That's both a benefit, in terms of increased productivity, and a risk, with the prospect of data loss. How can you manage users' own devices without turning them into just another PC you have to manage?

The answer is right in the heart of Windows Server, built into Active Directory. You don't need to manage the machines, just the users and the information they're using. Windows Server 2012 introduces new features to help control information, in the shape of Dynamic Access Control. While it might not be the friendliest of tools to use (but we expect third-party developers to quickly develop applications that make it easier to define data classification rules), DAC works with Office and Windows Information Rights Management to control who can work with what file, and how and when.

Rules are based around the claims-based authentication tools built into Windows Server 2012's identity management features, and let you apply rules that are as coarse or as fine as you want – across an entire business, or an office, or to a department, or even to a specific individual.

Dynamic Access Control rules can be used to lock-down access to specific directories and file types, even to specific file metadata. Only approved users get access, and you're also able to audit just who's tried to open controlled files. Blocked users get a message that tells them a file is locked, and who to contact to get access. You're also able to apply more general rules, perhaps to lock-down files that contain confidential records or to comply with business regulations – and can tie controls into Information Rights Management (IRM) so that users can view but not edit files, ensuring that they can't be copied to another PC or to a memory stick – even keeping them from being emailed outside your business.

Active Directory is also part of managing users' own devices. You can use the cloud-federation features in Microsoft's Intune cloud management platform to push management policies to iOS, Android, to users' Windows 8 devices, and to Windows RT tablets. Intune uses the familiar Exchange Active Sync tools to handle policy delivery – and users who don't accept the policies won't be able to get mail or connect to network resources.

There are also improvements to Remote Desktop Services, with no need to install a server-hosted Graphics Processing Unit (GPU) to get the benefits of the RemoteFX video support. There are also plenty of networking improvements, with tools to help manage IP addresses more effectively, and a new version of the Direct Access remote connection tools that makes it a lot easier to set up secure connections to network resources over the internet.

Protecting your files

A lot of small businesses have been using Microsoft's original Home Server to protect their files. It lets you build a pool of standard disks that kept multiple copies of your files, with no need to worry about RAID or managing storage networks.