i get This is the first in a two-part series by contributor Laura Hunter on the inner workings of Windows Server 2003 R2. In part one, Laura describes the most critical new features in R2.
The most recent release of the Window server operating system, Windows Server 2003 R2, contains new features that offer improved interoperability, security and manageability for a Windows network.
Going from 2003 to R2 is not a radical upgrade, like the move from NT4 to 2000; R2 is more of an incremental upgrade that includes a number of new features that weren't available in the initial release of Windows Server 2003. Here are some of the key benefits of R2 to help you decide when and how to make the move:
- Improved security. R2 is based on Windows Server 2003 Service Pack 1, one of the more significant security improvements to come out of Redmond in a very long time. SP1 is unique in the history of Windows service packs in that it is almost exclusively a "security" service pack -- no new versions of Outlook Express or Windows Media Player to be found. SP1 includes the Security Configuration Wizard (SCW), which is a must-have for any security-conscious systems administrator. SCW provides a way to create consistent security policies that you can apply to a single server or dozens, in a much more intuitive and all-encompassing fashion than simply relying on the .INF security templates from Windows 2000 and 2003. By starting with a basis of 2003 SP1, R2 offers a secure foundation from which you can deploy its new features.
- Unix interoperability. Prior to R2, Microsoft offered Services for Unix (SFU) as a free Web download to provide Unix interoperability services. In R2, Microsoft has bundled Unix services straight into the OS in two key components: Identity Management for Unix (IDMU) and the Windows Subsystem for Unix-based Applications (SUA). IDMU includes a password management service to synchronize passwords between Active Directory and a Unix Network Information Service (NIS) server. This allows AD clients to authenticate against a NIS server, and it allows a Windows domain controller to function as a master server for a Unix NIS domain. The Subsystem for Unix provides a way to port Unix applications to a Windows environment and provides access to Unix shell utilities using the Korn or C shell.
- Distributed File System improvements. Microsoft has split the familiar DFS service from Windows 2000 and 2003 into two separate components: DFS-Namespaces and DFS-Replication. DFS Namespaces allows you to create a unified namespace for your clients that doesn't depend on physical file locations. So, if you have one file share stored on the SERVER1 file server, and a second that's stored on SERVER2, your users won't need to remember two separate pathnames to access the shares; they can simply access DFSROOTShare1 and DFSROOTShare2 . This makes the process of providing access to shared files much more manageable, since you can move file shares from one physical server to another without disrupting your users. DFS-R is a new component that lets you set up multiple "targets" for a share, where the same files are stored on multiple servers and any changes are replicated between the targets. DFS-R uses a new replication process that only replicates changes rather than an entire file. This makes DFS an ideal solution for branch offices with limited bandwidth because it cuts down immensely on the amount of time it takes to save a file across a WAN link when you've only made one or two changes.
- Print Management Console. A new feature of R2, the PMC provides administrators with a unified view of all of the printers in their environment, including at-a-glance views of any printing issues such as jammed or offline printers. R2 also provides a new utility that allows you to publish printer settings via Group Policy.
- Active Directory Application Mode (ADAM). This is perhaps one of the most useful and least understood tools that Microsoft has released. ADAM is a lightweight directory services tool that lets you integrate directory-enabled applications into your network without needing to extend the Active Directory schema. ADAM runs as a user service rather than a system service, which means you can start and stop ADAM instances as needed, and you can install and remove them without affecting the integrity of the underlying AD database.
Laura E. Hunter (CISSP, MCSE: Security, MCDBA, Microsoft MVP) is a senior IT specialist with the University of Pennsylvania, where she provides network planning, implementation and troubleshooting services for business units and schools within the university. Hunter is a two-time recipient of the prestigious Microsoft Most Valuable Professional award in the area of Windows Server-Networking. She is the author of the Active Directory Field Guide (Apress Publishing). You can contact her at firstname.lastname@example.org.