Windows IT Pro UPDATE-- A look at Windows Server 2003 Service Pack 1--December 21, 2004

1. Commentary
- A look at Windows Server 2003 Service Pack 1

2. Hot Off the Press
- Sunbelt Challenges Microsoft's GIANT Purchase

3. Networking Perspectives
- Video Conferencing Interoperability Problems

4. Resources
- Featured Thread: Trust Relations
- Tip: What's the Virtual Server 2005 Migration Toolkit?

5. New and Improved
- Manage Your Network

==== Sponsor: Free White Paper: Measuring the ROI of Systems Management Software ====
Argent delivers what a growing number of enterprises need today: flawless management of Windows, UNIX, and application servers; low total cost of ownership; flexible configuration; scalable architecture; modular products; positive ROI; and outstanding customer support. Every enterprise IT department wants value without sacrificing performance, and that describes Argent's value proposition. To read the entire paper, click here:
http://www.argent.com/w/whitepapers_ema.html?Source=WNT

==== 1. Commentary: A look at Windows Server 2003 Service Pack 1 ====
by Paul Thurrott, News Editor, [email protected]

A few weeks ago, Microsoft shipped a public release of Windows Server 2003 Service Pack 1 (SP1) Release Candidate 1 (RC1), a near-final version of the first service pack for Windows 2003. Due in early 2005, Windows 2003 SP1 is, in many ways, a massive security update along the same vein as Windows XP SP2. However, enterprises and other businesses will find Windows 2003 SP1 to be far less disruptive than XP SP2, a situation I'm sure many will cheer. To the administrator, Windows 2003 SP1 is, in fact, quite a minor update.

Where It Fits in the Product Timeline

In mid-2004, Microsoft first announced its Windows Server timeline, in which the company will ship new versions of the product every 2 years. Specifically, after a major release such as Windows 2003, Microsoft will ship a minor one. Then the next release will be a major release, followed by another minor one. So the next minor release in this product line is Windows 2003 Release 2 (R2), which is due in October 2005. But before that release ships, Microsoft will ship Windows 2003 SP1 in the first quarter of 2005.

What It Is, What It Isn't

Windows 2003 SP1 includes all the bug and security fixes you'd expect from a Windows service pack. But like XP SP2, it also includes a collection of low-level security-oriented changes, some of which were derived from similar changes in XP SP2, but implemented differently because of the unique needs of server OSs. (Other XP SP2 security features debuted in the initial release of Windows 2003.)

If you administer Windows Server systems, you'll appreciate Microsoft's focus with this release. Not only is Windows 2003 SP1 dedicated to "reducing the attack surface" of your Windows 2003-based servers, as Microsoft says, it also includes easier ways to configure server security features. Key among these new configuration features is the new Security Configuration Wizard (SCW), which I examine later in this article.

Ultimately, Windows 2003 SP1 will be a minor upgrade for most environments because it's minimally disruptive, can be implemented in existing environments with few worries, and is almost completely compatible with code written for the initial release of Windows 2003 (the few exceptions are custom applications that rely on older behavior in Distributed COM--DCOM--and remote procedure call—RPC technologies). Windows 2003 SP1 is based on the same code base and kernel as Windows 2003 and appears as any other Windows 2003 server on your network.

Feature Alert: SCW

The SCW is the most important new feature in Windows 2003 SP1. But in keeping with the theme of minimal disruptions, the SCW isn't installed by default. Instead, the SCW is available through the Control Panel Add/Remove Windows Components applet. (This is the same way that the unique features in R2 will be installed.)

The SCW helps you create security policies by walking you through a series of steps. Those policies configure the services and security needed by the roles (e.g., file server, Web server, Windows 2000 Server Terminal Services server) your server will assume and shut down any unnecessary ports and services. If you prefer to work from a command-line, please don't make assumptions about what you might perceive as the Fisher Price-like nature of this wizard. The SCW is a powerful and valuable tool, and it will make Windows 2003 a more secure system.

When you run the wizard, you're given the option to create a new security policy, edit or apply an existing security policy, or roll back the most recently applied security policy. You can use the wizard to apply or create policies for any Windows 2003 machines in your network. As you step through the wizard, you can configure server roles (e.g., file server, DFS server, print server); server features (e.g., Automatic Update client, DHCP client, Group Policy administrative client); server options (e.g., the Alerter service, audio, the Remote Assistance Expert), and other features. You also can configure inbound and outbound ports, many of which are described in plain English (e.g., Ports used by System RPC applications); registry settings (including approved inbound and outbound authentication methods); and your audit policy, which determines which events are logged.

Security policies are saved as simple XML files in C:\windows\security\msscw\Policies\by default, which means you can edit them and copy them to other servers. You can also choose whether to apply newly created policies immediately or at a later date.

Other Interesting Changes

In addition to the SCW, SP1 brings other notable and noticeable changes. The newly available Windows Firewall will protect your server from Blaster-type attacks during setup, but will typically be turned off when the server is up and running. However, a new post-setup security updates screen appears on first boot after a clean install, preventing any inbound network connections until you've optionally configured Automatic Updates and updated the server with the most recent security updates. Microsoft also tells me that it's seeing a slight performance boost across the board after installing SP1, which is the first time that's happened with a Windows Server service pack.

Final Thoughts

I'm out of space, but I have a lot more to say about Windows 2003 SP1. I'll soon be posting a review of the RC1 build to the SuperSite for Windows (http://www.itprotoday.com), but in the meantime, I recommend that you check out the public release of RC1 (see the URL below) and evaluate its new features, especially the SCW. I think you'll be pleasantly surprised.

Windows Server 2003 Service Pack 1 Release Candidate

http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx

==== Sponsor: Free Patch Management White Paper from St. Bernard Software ====
Successful patch management is a core component of maintaining a secure computing environment. With a growing number of patches being released by Microsoft weekly, IT administrators must be vigilant in assuring that the machines on their networks are accurately patched. Although Microsoft offers tools to assist administrators with the tasks of patching, they are often time-consuming and far from comprehensive. However there are solutions on the market that can reliably and accurately automate the tasks involved in successful patch management. In this free white paper, learn more about the patch management dilemma and patch management solutions. Download this free white paper now!
http://www.windowsitpro.com/whitepapers/stbernard/patchmanagement/index.cfm?code=1222ITPRO_S

==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

Sunbelt Challenges Microsoft's GIANT Purchase
After Microsoft announced Friday morning that it was acquiring antispyware solution maker GIANT Company Software, Microsoft received a surprise from Sunbelt Software, which says it owns partial rights to GIANT's technologies. Find out the details at the following URL:
http://www.windowsitpro.com/article/articleid/44857/44857.html

==== 3. Networking Perspectives ====
by Alan Sugano, [email protected]

Video Conferencing Interoperability Problems
Alan Sugano troubleshoots some interoperability problems while setting up a client's video-conferencing system. Read the details at the following URL:
http://www.windowsitpro.com/article/articleid/44866/44866.html

==== Announcements ====
(from Windows IT Pro and its partners)

Are You "Getting By" Using Fax Machines or Relying on a Less Savvy Solution That Doesn't Offer Truly Integrated Faxing from Within User Applications?
Attend this free on-demand Web seminar and learn what questions to ask when selecting an integrated fax solution, discover how an integrated fax solution is more efficient than traditional faxing methods, and learn how to select the fax technology that's right for your organization. Register now!
http://www.windowsitpro.com/seminars/faxsolutions/index.cfm?code=1220emailannc

Harness the Power of Active Directory Provisioning
Join Active Directory expert Jeremy Moskowitz for this on-demand Web seminar. Discover the power of using Group Policy to efficiently configure and manage computers within your company to reduce administration and maximize productivity. You'll learn how to leverage Group Policy to provision desktops, manage the provisioning process, and more. Register now!
http://www.windowsitpro.com/seminars/activedirectoryprovisioning2/index.cfm?code=1220emailannc

Best Practices for Systems Management
In this free on-demand Web seminar, you'll discover the most effective practices to monitor and manage your OSs and how they can be put into practice in your environment. Our expert panel will deliver the tips and techniques you need to improve service levels and maximize the use of your IT staff. Register now!
http://www.windowsitpro.com/seminars/systemsmanagement/index.cfm?code=1220emailannc

Get the Entire Exchange 2003 eBook
This free eBook will educate Exchange administrators and systems managers on how to best approach the migration and overall management of an Exchange Server 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management. Get the entire eBook now!
http://www.windowsitlibrary.com/ebooks/exchangeserver2003/Index.cfm?code=1220emailannc

~~~~ Hot Release: (Advertisement) Oracle ~~~~

Find Oracle Answers Fast
Find answers to your Oracle questions. With over 700 how-to articles and simple tips, you'll discover how to maximize Oracle features and ultimately improve IT productivity and management of your network and database. Get answers now!
http://www.windowsitpro.com/OracleonWindows/

==== Instant Poll ====

Results of Previous Poll:
The voting has closed in Windows IT Pro's nonscientific Instant Poll for the question, "Do you support content management (CM) software?" Here are the results from the 44 votes:
- 11% Yes, I support CM software to manage my company's business documents
- 9% Yes, I support CM software to manage my company's Web content
- 0% Yes, I support CM software for source code control
- 11% No, my company uses CM software, but another department supports it
- 68% No, my company doesn't use CM software

(Deviations from 100 percent are due to rounding error.)

New Instant Poll
The next Instant Poll question is, "Is your IT department staff on call Christmas Day?" Go to the Windows IT Pro home page and submit your vote for a) Yes, b) No, we outsource IT help on Christmas, c) No, we provide no IT support on Christmas, or d) I don't know.
http://www.windowsitpro.com/magazine

==== 4. Resources ====

Featured Thread: Trust Relations
Forum user Guru wants to know how to set up a trust relationship between Windows Server 2003 Active Directory (AD) and Windows NT PDCs. If you can help, join the discussion at the following URL:
http://www.windowsitpro.com/forums/messageview.cfm?catid=54&threadid=128635

Tip: What's the Virtual Server 2005 Migration Toolkit?
by John Savill, http://www.windows2000faq.com

Learn about the toolkit at the following URL:
http://www.windowsitpro.com/article/articleid/44806/44806.html

==== Events Central ====
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )

Stop the "Silent Killer" Unleashed by Spammers
You're under attack from the "silent killer" trying to steal your email directory addresses through directory harvest attacks. Symptoms include sudden bursts of email activity that last only a few minutes and server deferral queues that are constantly full slowing your server performance. Register now for this free on-demand Web seminar and learn how to stop the “silent killer" in its tracks!
http://www.windowsitpro.com/seminars/emailspam/index.cfm?code=1220emailannc

==== 5. New and Improved ====
by Angie Brew, [email protected]

Manage Your Network
Wennstrom Software released AdmWin 6.05, a Windows and Novell network management toolkit. The product features SetupBatcher, a scripting tool that automates repetitive management tasks; SetupExplorer, which lets you view, edit, sort, and export accounts, Active Directory (AD) properties, and group membership and shares; Ntinfo, which extracts and displays network, event-log, and system information and searches for files and calculates directory sizes across multiple machines; Ntreport, which automatically scans Windows domains or machines for data, filters the data, and exports the data; and WinRemote, a remote management utility. An AdmWin personal license costs $95. Contact Wennstrom Software at [email protected].
http://www.admwin.com

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to mailto:[email protected].

==== Sponsored Link ====

Data Protection from NSI and Microsoft
Instant recovery and data protection solutions for Exchange and SQL servers
http://ad.doubleclick.net/clk;12746138;8214395;l?http://www.protect-your-data.com

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]