Microsoft is working on a set of security upgrades for Windows Server 2003 that executives said will deliver on the companys promise to make its products more secure by default and give enterprises more options for locking down servers.
The security capabilities for the companys flagship server operating system are due to be included in Service Pack 1, which is scheduled for release late this year.
Microsoft Corp. historically has used service packs to fix minor bugs and introduce new features.
But as the companys focus on security has become more pervasive throughout the development process, Microsoft has begun using the updates to integrate more security capabilities.
The biggest addition due in SP1 is a technology called server roles that can automatically set up security procedures based on server use.
With templates that define settings for servers, Windows will be able to lock down Web, mail and FTP servers and other boxes, said officials.
For example, if an administrator is setting up a Windows Server 2003 machine as a mail server, the system could automatically close port 80 and turn off IIS (Internet Information Services) to deny Web traffic and open port 25 to SMTP connections.
If the organization needs to change the box into a Web server, the change can be made quickly, and the system can apply the recommended settings for locking down the IIS server.
Microsoft seeks to make it easier for those without substantial security knowledge to secure Windows environments, officials said.
"The number of people who can manage security well is fairly small. We could spend a lot of time training systems administrators on this, but we can do it automatically," said Scott Charney, chief security strategist at Microsoft, in Redmond, Wash.