Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


March 2005

What You Need to Know About Windows Server 2003 SP1


From the March 2005 Edition
of Windows IT Pro
Paul Thurrott
Need to Know
InstantDoc #45246
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Hotfixes Articles Here | Reprints
Or get the Monthly Online Pass—only $5.95 a month!

Sometime in the first half of 2005, Microsoft will ship Windows Server 2003 Service Pack 1 (SP1), a major feature and security update for its flagship server OS that is, in many ways, as important to Windows 2003 as Windows XP SP2 is to XP. Like other service packs, Windows 2003 SP1 will bring a host of security and bug fixes. It will also provide an unexpected performance bump, new features, and a wide range of security enhancements. Here's what you need to know about Windows 2003 SP1.

New Security Features
Windows 2003 SP1 includes the new Security Configuration Wizard (SCW), a graphical tool that walks you through the server configuration process. The tool uses Windows 2003's roles-based infrastructure to examine the ports and services that must be enabled for a server to fulfill its intended roles. The SCW turns off unneeded services and closes unneeded ports. Because the wizard uses XML-based security templates, you can easily create new templates related to specific needs or export templates to replicate a particular setup across a wide range of machines.

When you first reboot a Windows 2003 SP1 installation on a server that has a live network connection, you'll see a Post-Setup Security Updates screen that prompts you to update the server with any pending critical security updates and to configure Automatic Updates. Until you click Finish on this page, the machine ignores all inbound network traffic. Although you don't need to configure critical security updates or Automatic Updates, you do need to address this screen for the server to become fully functional.

As a major security update for what was already Microsoft's most secure Windows Server version ever, Windows 2003 SP1 also adds all the relevant security fixes that Microsoft first added to XP SP2. However, some of these features, such as Windows Firewall, the Data Execution Prevention (DEP) environment, and boot-time protection, behave differently in Windows 2003 SP1. For example, Windows Firewall is enabled by default only during clean installations (i.e., not upgrades) of Windows 2003 SP1 to protect the system from network-based attacks during the installation. After installation, Windows Firewall is disabled until you enable it.

Windows 2003 SP1 also adds the DEP memory-protection technology, as well as changes to low-level technologies such as Distributed COM (DCOM) and user-level applications such as Microsoft Internet Explorer (IE). IE gets the Local Machine zone lockdown, Information Bar, pop-up blocking, add-on management, and low-level architectural changes that the XP SP2 version of IE first received.

Performance Improvements
Although improving performance wasn't a key goal of Windows 2003 SP1, Microsoft was pleasantly surprised to discover that new code optimizations have generally improved performance. So virtually every Windows 2003 SP1 installation should realize at least a small performance improvement. However, SP1 doesn't include a new version of the kernel or other core Windows Server code. Instead, Microsoft built SP1 on the same kernel as the original software release and says that enterprises won't need to extensively test application compatibility when they upgrade to SP1.

New Wireless Tools
Windows 2003 SP1 ships with a new Wireless Provisioning Services (WPS) technology that lets wireless ISPs (i.e., those companies that operate wireless hotspots at locations such as coffee shops, airports, and the public areas of corporations) use a secure, standards-based wireless provisioning platform. WPS lets clients connect seamlessly to a wireless network and roam from network to network without having to reconfigure settings. Although WPS is a new feature of Windows 2003 SP1, it builds on earlier Windows 2003 technologies such as Protected Extensible Authentication Protocol (PEAP) and Wi-Fi, the 802.11b wireless standard.

Protected Access
Windows 2003 SPI also includes a new Wireless Network Setup Wizard that helps administrators configure secure wireless networks. Like its XP SP2–based counterpart, the Wireless Network Setup Wizard in Windows 2003 can copy configuration settings to USB flash drives or other removable media, then use the information to configure other servers. (Malicious users can also use this data to compromise your wireless network, if you're not careful.)

Recommendations
Like XP SP2, Windows 2003 SP1 is a major upgrade that almost constitutes a new product version. For this reason, I recommend that you evaluate Windows 2003 SP1 as soon as possible, with an eye toward rolling it out to your Windows 2003 machines as quickly as feasible. Although no security upgrade will be perfect, Windows 2003 SP1 establishes a new security baseline and helps you, via the SCW, to securely configure servers for specific roles. It's an important upgrade that you shouldn't ignore.

End of Article

Reader Comments
What will be the cost of this? Do you have information available on the pricing yet? Thank you.

Anonymous User February 23, 2005 (Article Rating: )

SP1 does not increase or adds any cost to Windows 2003.

Anonymous User February 23, 2005

"Until you click Finish on this page, the machine ignores all inbound network traffic. Although you don't need to configure critical security updates or Automatic Updates, you do need to address this screen for the server to become fully functional."

Does this mean you can't install SP1 remotely (via Remote Desktop)? Is the server going to hang there waiting for a keypress or mouse click on the console?

Anonymous User March 01, 2005

More importantly, Is it going to be possible to install this as a scheduled update outside the SUS/WUS environment and respond to this screen by setting the registry like you can do with AutoUpdate service??

Anonymous User March 02, 2005

This feature is only enabled on "fresh" installations like on Installation CDs with SP1 sleapstreamed, not on upgrades.
On fresh installations you can set a unattended configuration to disable the "first boot firewall protection".
Regarding the installation options, you could deploy it as XP SP2, over SUS/WUS, manually or over any Software Distribution Solution (like SMS).

Cheers,

Berni

Anonymous User March 03, 2005

Does it now support shared fax client for the Mac or does Entourage link up to it to send faxes via a Mac through MS 2003 SBS.

Anonymous User March 03, 2005 (Article Rating: )

"Until you click Finish on this page, the machine ignores all inbound network traffic. Although you don't need to configure critical security updates or Automatic Updates, you do need to address this screen for the server to become fully functional."

Does this mean you can't install SP1 remotely (via Remote Desktop)? Is the server going to hang there waiting for a keypress or mouse click on the console?


>>No - this just refers to the Automatic Updates Wizard.

I installed SP1 (RC) via an RDP connection with no issues.

The Memory protection feature looks like it might be a pain, though. For example, the Altiris Client burps up that it can't map physical memory.

Anonymous User March 04, 2005

thanks for the heads up regarding alitiris!

Anonymous User March 06, 2005 (Article Rating: )

want to get more from this to se if i am doing this right

Anonymous User March 09, 2005 (Article Rating: )

does this mean that you have to have a valid internect connection before installing a new server with win2003 sp1 from cd

Anonymous User March 14, 2005 (Article Rating: )

 See More Comments  1   2   3   4 

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

VMware and the Future of Virtualization

What's next for virtualization and business IT? Windows IT Pro senior editor Jeff James speaks with VMware President and CEO Diane Greene on the future of virtualization technology. ...

What service packs and fixes are available?

...
Security Whitepapers Anti-Virus Is Dead: The Advent of the Graylist Approach to Computer Protection

Getting the Job Done: Comparing Approaches for Desktop Software Lockdown

Instant Messaging, VoIP, P2P, and games in the workplace: How to take back control
Related Events Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.


ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Critical Challenges of ESI & Email Retention
Are you storing too much electronic information? Get expert legal advice and better understanding of what you are required to do as an IT professional.

Become a fan of Windows IT Pro on Facebook!
Join us on Facebook and be a fan of Windows IT Pro!

Sustainable Compliance: Are You Having a Resource Crisis?
Read this white paper to examine trends in compliance and security management and review approaches to reducing the cost and operational burden of compliance.

Rev Up Your IT Know-How with Our Recharged Magazine!
The improved Windows IT Pro provides trusted IT content with an enhanced new look and functionality! Get comprehensive coverage of industry topics, expert advice, and real-world solutions—PLUS access to over 10,000 articles online. Order today!

Get It All with Windows IT Pro VIP
Stock your IT toolbox with every solution ever printed in Windows IT Pro and SQL Server Magazine plus bonus Web-exclusive content on hot topics. Subscribe to receive the VIP CD and a subscription to your choice of Windows IT Pro or SQL Server Magazine!



Order Your Fundamentals CD Today!
Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.
Windows IT Pro Home Register About Us Affiliates / Licensing Media Kit Contact Us/Customer Service  
SQL Connected Home IT Library SuperSite FAQ Wininfo News
Europe Edition Office & SharePoint Pro Windows Dev Pro Windows Excavator 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing