For the most part, the same skills you use working in Windows 2000 Server will transfer over to Windows Server 2003. However, there are a few hidden gotchas to watch out for. One of them involves how inheritance works.
Under Windows 2000 Server, inheritance is set to ON by default. Under Windows Server 2003, inheritance is set to OFF by default.
This may at first seem like a simple and insignificant change, but it has serious implications. Inheritance is the concept whereby child objects -- such as folders and files on a storage device or OUs (organizational units) and objects within Active Directory -- take on the security configurations of their parent containers.
As we work with various parent-child structures, we have been trained to assume that inheritance always takes place. However, under Windows Server 2003, Active Directory has been reconfigured so that inheritance is not enabled by default. Thus, you must intentionally enable the inheritance feature or manually configure all security settings for every object throughout your directory structure.
If you find you can't access resources under Windows Server 2003 that you assumed would be accessible as they were under Windows 2000 Server, one of the troubleshooting steps you should take is to evaluate the inheritance settings and subsequent permission settings on various AD objects. You may be surprised how much you rely on inheritance to simplify your administrative tasks.
James Michael Stewart has co-authored numerous books on Microsoft, security certification and administration and is a regular speaker at Networld+Interop. Michael holds the following certifications: MCSE, MCT, CTT+, CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K and iNet+. He can be reached at firstname.lastname@example.org.
This was first published in March 2005