Windows Server 2003 SP1 Shows Promise
Microsoft focuses on 64-bit architectures and security in upcoming updates to the Windows Server 2003 platform.At Microsoft Corp.s Windows Server technical workshop earlier this month in Redmond, Wash., eWEEK Labs got an early look at at the forthcoming update plans for the Windows Server 2003 platform. We saw many exciting changes on the Windows Server 2003 road map. Some, such as Windows Server 2003 SP1 (Service Pack 1) and Windows Update Services, are long overdue, but we believe Microsoft is addressing customer concerns in these updates and is showing a commitment to improve. The workshop focused on the soon-to-be-released Windows Server 2003 SP1 and performance expectations for the 64-bit version of Windows Server 2003. Microsoft officials also provided details (under a nondisclosure agreement) on the anticipated Windows Server 2003 update, code-named R2, with a beta release slated for the first half of this year.
/SP1/default.mspx. The most notable security enhancement in SP1 is the new SCW (Security Configuration Wizard), which uses Windows Server 2003s roles-based approach to handle server-side security lockdowns. The SCW detects what services and ports are necessary to fulfill the needs of server roles, and it disables unnecessary services and blocks unused ports. The SCW will also disable any unnecessary Internet Information Services Web extensions, making it easier to harden servers with assigned IIS roles. The SCW uses XML to create security templates, so security policy settings can be quickly exported to other servers. Servers configured with different roles can also be associated with separate security templates. To counter server vulnerabilities after a clean operating system install, SP1 provides a PSSU (Post-Setup Security Updates) dialog box after the initial boot that prompts administrators to download updates and configure Automatic Updates settings. While the PSSU screen is up, SP1 enables the Windows Firewall and blocks all inbound network connections, protecting the server from attacks until update downloads are complete. PSSU is enabled only on new installations, not on upgrades. In addition, Windows Firewall is not enabled by default, only during clean installations of SP1. SP1 addresses RPC (remote procedure call) and DCOM (Distributed Component Object Model) vulnerabilities and helps create a base-line security threshold for servers running these services. RPC objects now operate with a tighter authentication scheme. New RPC registry keys also provide better access control to server applications. Using the registry keys, administrators can modify the behavior of RPC interfaces to eliminate remote anonymous access that can compromise the system. The DCOM authentication model has been enhanced to reduce the risk of network attacks against applications that are dependent on these services. SP1 performance improvements include kernel-mode Secure Sockets Layer integration to provide enhanced performance when running SSL workloads. eWEEK Labs will review SP1 shortly after its gold-code release. Microsoft will be releasing 64-bit versions of Windows Server 2003, which officials are calling x64 Windows, in the first half of this year. Although migrating to the x64 architecture will require both software and hardware platform upgrades, IT managers can expect significant performance gains when upgrading applications to run on x64. They also will likely see more pep in their existing 32-bit applications because of the 64-bit kernels much larger address space. Microsoft defines Windows Server 2003 R2 as a release update. This follows the companys schedule: A major operating system release comes out every four years, and release updates emerge every two years following the major releases. Technical Analyst Francis Chu can be reached at email@example.com. Check out eWEEK.coms for Microsoft and Windows news, views and analysis.