News Stay informed about the latest enterprise technology news and product updates.

Microsoft further tightens security in Windows Server

The first service pack for Windows Server 2003 shaves attack surfaces and offers other security enhancements.

IT administrators looking to better secure their Windows Server 2003 machines can get some additional hardening capabilities with the release on Wednesday of Service Pack 1

This will be useful for customers who don't have advanced configuration management systems …

Laura Koetzle, analyst,

Forrester Research

for the server operating system.

Separately, Microsoft said it has released to manufacturing several 64-bit versions of Windows, including Windows Server 2003 Standard x64 Edition, Windows Server 2000 Enterprise x64 Edition, Windows Server 2003 Datacenter x64Edition and Windows XP Professional x64 Edition. All 64-bit editions should be generally available at the time of Microsoft's WinHEC 2005 conference in late April.

The final version of Windows Server 2003 SP1 is essentially unchanged from the release candidate version that came out in February. The software includes a number of fixes and changes in the core operating system to shore up security, including a security-configuration wizard that helps administrators cut the attack surface of their servers by tuning each one to its proper configuration.

If a server is to be used as a file server that will not be managed remotely, the tool lets an administrator shut off the feature that allows for remote management, explained Samm DiStasio, a group product manager in Microsoft's Windows Server division. The tool can also be used to push a standard configuration out to all servers in an enterprise, simplifying server administration, he said.

One analyst gave the feature high marks for its convenience factor. "This will be useful for customers who don't have advanced configuration management systems, and even for those who do, it's an easy way to configure groups of servers," said Laura Koetzle, an analyst at Forrester Research Inc., in Cambridge, Mass.

Microsoft recommends quick deployment

The service pack also features a firewall, which can be controlled through Group Policy. And the Network Access VPN quarantine function limits the number of clients

For more information

Learning guide: Migrating to Windows Server 2003


Bernie's Books: Deploying Windows Server 2003

that can access a network to only those that have the most current security updates.

Because of the security advances, DiStasio recommends that customers incorporate the service pack into their schedule of server refreshes as soon as possible. Though many IT shops will undoubtedly apply the service pack quickly, there are likely to be many more that will deploy it only after a program of careful testing.

At Middle Tennessee State University's Jennings A. Jones College of Business in Murfreesboro, Tenn., Windows 2000 Server will be supplanted by Windows Server 2003 by the summer. Carlos Coronel, an IT manager for the institution, said any move to Windows Server 2003 SP1 will be a cautious one, particularly since the firewall has to be configured to work with some remote-control applications. That means the service pack will have to be tested first, he said.

SP1 now available as a download

Windows Server 2003 SP1, which was formally released to manufacturing on Wednesday, is now available as a download for multiple servers in Microsoft's Download Center and for single servers through Windows Update.

Next up for Microsoft's Windows Server team before Longhorn server will be an interim version of Windows Server called R2, which is due out at the end of the year. There is currently a closed beta test under way, but a public beta is expected to start within the next few months.

Microsoft also announced Wednesday that Windows Small Business Server 2003 SP1 will be available on its Web site within the next 60 days.

Dig Deeper on Enterprise infrastructure management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.