Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News

      Windows Server 2003 Beefs Up

      Written by

      Francis Chu
      Published May 2, 2005
      Share
      Facebook
      Twitter
      Linkedin

        eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

        Service Pack 1 has the potential to tighten the security and ease the management of Microsoft Corp.s Windows Server 2003, but it also has the potential to cause many problems if IT departments do not deploy it with care.

        Click here to read the full review of Windows Server 2003 SP1.

        2

        Service Pack 1 has the potential to tighten the security and ease the management of Microsoft Corp.s Windows Server 2003, but it also has the potential to cause many problems if IT departments do not deploy it with care.

        Microsoft released Windows Server 2003 SP1 last month, two years after the release of the companys flagship server operating platform. The service pack provides a strong set of base-line security fixes and core feature enhancements, and eWEEK Labs recommends that administrators deploy it in their Windows Server 2003 environments. The beefed-up operating system may also entice Windows 2000 Server shops to move to Windows Server 2003.

        However, administrators must proceed with caution and follow best security practices before rolling out SP1. As with SP2 for Windows XP, SP1 for Windows Server 2003 is much more than a bunch of bug fixes. Also as with Windows XP SP2, SP1 has been the source of many reported problems since its release—most notably, it has caused some other applications, including other Microsoft applications, to break.

        /zimages/3/28571.gifSP1 deployment has been largely hassle-free for IT staffs that prepared well. Click here to read more.

        SP1 addresses known vulnerabilities in Windows Server 2003 by locking down authorization parameters of many key services and disabling others completely. IT managers implementing SP1 will likely encounter unexpected server behavior following SP1 installation, especially on Windows Server 2003 systems that use DCOM (Distributed Component Object Model) or RPCs (remote procedure calls).

        eWEEK Labs has run into problems with the service pack on both test and production systems.

        For example, during tests, we were unable to remotely administer an enterprise application running on a Windows Server 2003 system that we had updated with SP1 because the application used both RPC and DCOM for its remote management tools. In addition, after installing SP1 on a Windows Server 2003 system that runs a production Microsoft SharePoint portal, we lost much of our access to the portal.

        eWEEK Labs recommends that IT managers carefully evaluate and test application compatibility before updating production systems. To ensure that updated servers will run within normal parameters, its especially important to know what application settings need to be modified after SP1 locks down a system.

        Windows Server 2003 SP1 is available for download at www.microsoft.com/downloads/search.aspx?displaylang=en or via Windows Update. SP1 will also be available in slipstream versions of Windows Server 2003, including the forthcoming x64 Windows Server 2003 releases.

        /zimages/3/28571.gifClick here to read a review of Windows Server Update Services RC1.

        One of SP1s most welcome and long-overdue features is improved security around DCOM and RPC services. SP1 changes the way COM (Component Object Model) calls are made by checking every request against an access control list, thereby restricting access. SP1 also gains new registry keys that will allow administrators to modify RPC behaviors to eliminate anonymous remote access.

        SP1 adds DEP (Data Execution Prevention) technology to the Windows Server 2003 platform. As in Windows XP SP2, DEP performs memory checks in Windows Server 2003 SP1 to protect systems against malicious code exploits.

        The operating system can enforce DEP using hardware and software: Both Advanced Micro Devices Inc. and Intel Corp. have shipped DEP-compatible chip architectures, and SP1 adds a set of security checks in the form of software-enforced DEP.

        SP1 also brings many administration enhancements to Windows Server 2003.

        SCW (Security Configuration Wizard) enables role-based security policy authoring that guides administrators via a series of questions to determine a servers security blueprint—a big improvement over (but a good complement to) the similar Configure Your Server tool in standard Windows Server 2003. During tests, SCW let us quickly shut down services that were not being used and, more important, disable unnecessary Internet Information Services extensions. SCW also helped us identify and block unused ports.

        Using SCW, we could author XML-based security templates to roll out security policies to multiple systems. Using different templates, administrators can roll back a system with previously configured security policies before disabling other services. SCW also integrates with Microsoft Active Directory, so IT managers can deploy SCW policies via Group Policy.

        SP1 also introduces PSSU (Post-Setup Security Updates), which protects servers from network attacks while they are getting patched. The PSSU feature is enabled during any slipstream version install of Windows Server 2003 with SP1, and it appears the first time an administrator logs on. The PSSU dialog box reminds administrators that all inbound connections are blocked and prompts users to download and install critical updates and configure automatic-update settings.

        A feature that was welcome on the desktop side, in Windows XP SP2, wont be so widely embraced on the server side. It made sense to provide Windows Firewall in XP SP2, but its inclusion in Windows Server 2003 SP1 is questionable because most organizations production servers are well-protected behind corporate firewalls. The Windows Firewall will be enabled only during new installations of Windows Server 2003 with SP1.

        Another update to Windows Server 2003, set for release later this year and code-named R2, will introduce capabilities including Active Directory Federated Services and new rights and storage resource management features.

        R2 is built on top of the SP1 code base, so Windows Server 2003 shops will be able to choose to run some or all of R2s features and to run both Windows Server 2003 SP1 and R2 systems on the same network. Customers on the Microsoft Software Assurance plan will receive R2 at no charge; others will have to purchase separate licenses for R2 in addition to Windows Server 2003 licenses.

        Next page: Some SP1 gotchas.

        Page Three

        Windows Server 2003 SP1 addresses, among other things, known vulnerabilities within Windows Server 2003 by tightening the authorization needed for some services and disabling others. This is a good thing, but deployment of SP1 without proper testing and an eye toward reported incompatibilities could wreak havoc on production systems. Following are some of the most potentially problematic issues that have been reported after deployment of SP1. For a comprehensive list of application regression issues, go to Microsofts online Knowledge Base at www.support.microsoft.com/?scid=kb;en-us;896367&spid=3198.

        • Exchange Server 2003 users will lose Microsoft Outlook Web Access mailbox access located on an Exchange Cluster. Microsoft has provided a workaround for this issue at go.microsoft.com/fwlink/?LinkId=37488.
        • System management tools such as Hewlett-Packard Co.s HP Systems Insight Manager and Dell Inc.s OpenManage will not work with SP1. Shops running Windows Server 2003 should wait until an update is available before deploying SP1 on production servers.
        • System Management Server 2003 has had issues with SP1 that require resetting DCOM permissions and enabling remote WMI (Windows Management Instrumentation).
        • Issues have been reported with Citrix Systems Inc.s Citrix MetaFrame client connectivity.
        • Small Business Server 2003 shops should not install the version of SP1 now available via Windows Update. Microsoft will provide a dedicated service pack for SBS 2003 this month.

        Next page: Best practices.

        Page Four

        Best practices: Windows Server 2003 SP1

        • Test, test, test The service pack should be tested in a preproduction environment before it is deployed onto production servers. Test all business-critical applications against the service pack to ensure compatibility and to mitigate risks.
        • Ensure everything is up-to-date Check all drivers, firm-ware, BIOSes, and monitoring and management tools and make sure they have been updated.
        • Application compatibility is key Understand the changes introduced by SP1 and test for changes to application compatibility. To better secure Windows Server 2003, Microsoft has included more computerwide restrictions that may disrupt what are insecure computing methods already in place within your organization. Keep an eye on changes to DCOM (Distributed Component Object Model) and RPC (remote procedure call), in particular.
        • Educate yourself Check the Microsoft Windows Server 2003 SP1 support site (www.support.microsoft.com/?scid=kb;en-us;896367&spid=3198) for updates that fix regressions found in application testing.

        Source: Microsoft and eWEEK reporting

        Next page: Evaluation Shortlist: Related Products.

        Page Five

        Evaluation Shortlist

        Apple Computer Inc.s Mac OS X Server 10.4 Adds 64-bit application support, ACLs (access control lists), services such as iChat Server and Weblog Server and Xgrid software for building compute clusters (www.apple.com)

        Linux Kernel 2.6 Major changes include Linux for embedded systems and NUMA (Non-Uniform Memory Access) support (www.linux.org)

        Sun Microsystems Inc.s Solaris 10 Provides better resource utilization with Solaris Containers and easier debugging through DTrace diagnostic tools (www.sun.com)

        Technical Analyst Francis Chu can be reached at francis_chu@ziffdavis.com.

        Check out eWEEK.coms for Microsoft and Windows news, views and analysis.

        Francis Chu
        Francis Chu

        Get the Free Newsletter!

        Subscribe to Daily Tech Insider for top news, trends & analysis

        Get the Free Newsletter!

        Subscribe to Daily Tech Insider for top news, trends & analysis

        MOST POPULAR ARTICLES

        Artificial Intelligence

        9 Best AI 3D Generators You Need...

        Sam Rinko - June 25, 2024 0
        AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
        Read more
        Cloud

        RingCentral Expands Its Collaboration Platform

        Zeus Kerravala - November 22, 2023 0
        RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
        Read more
        Artificial Intelligence

        8 Best AI Data Analytics Software &...

        Aminu Abdullahi - January 18, 2024 0
        Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
        Read more
        Latest News

        Zeus Kerravala on Networking: Multicloud, 5G, and...

        James Maguire - December 16, 2022 0
        I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
        Read more
        Video

        Datadog President Amit Agarwal on Trends in...

        James Maguire - November 11, 2022 0
        I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
        Read more
        Logo

        eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

        Facebook
        Linkedin
        RSS
        Twitter
        Youtube

        Advertisers

        Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

        Advertise with Us

        Menu

        • About eWeek
        • Subscribe to our Newsletter
        • Latest News

        Our Brands

        • Privacy Policy
        • Terms
        • About
        • Contact
        • Advertise
        • Sitemap
        • California – Do Not Sell My Information

        Property of TechnologyAdvice.
        © 2024 TechnologyAdvice. All Rights Reserved

        Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

        ×