Microsoft has wrapped up development on the first major update to its Windows Server 2003 operating system and released it for download, the company said Wednesday.
Microsoft releases Windows Server 2003 update
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Hmm, is it just more, or is it hard to believe that it takes “thousands of hours to lock down Windows”? if it takes thousands of hours, doesn’t it tell you two things? firstly that Windows defaults are shyte, and secondly, that had the MCSE paper shuffler and part time oxygen thief new something, he/she would script the lock down process using VB script or something similar.
1000s of hours for not a single windows installation but 1000s of them. If it takes 1000s of hours to lock down one windows installation, then Microsoft would have died long ago.
Very easy to lock down a system, hit the power off button.
I cannot believe that! XP SP2 was 170MB and this is almost 2 times the size. There must be a huge feature improvement or a crap-ton of security updates.
their fixes broke everything so they had to fix everything 🙂
but win2k3 does a good job. i’ve installed slack 10.0 and win2k3 on the same system, and while slack’s stability is legandary, win2k3 just feels better, has a much faster GUI, plays movies smoother than slack, and doesn’t die after another power problem… but still i’m going to replace the ATX power 🙂
i still use slack, of course.
Powering off the machine to lock it down? I always unplug the network cable. Serious. It really works.
XP Pro and Server 2003 are also gold master and are available for download from MS if you have the appropriate credentials.
1000s of hours for not a single windows installation but 1000s of them. If it takes 1000s of hours to lock down one windows installation, then Microsoft would have died long ago.
Even still; nothing should need shutting off as everything should be shut off automatically. Allow the admin to open up the services required, save the settings as a template then allow that administration to open and apply that template to all the servers – that is how it SHOULD be done, and without all the hassle.
No issues so far with SP1 installed on top of an existing Win2k3 install here, though as always — thorough testing before deploying for production use. So far, it has been a very painless (and fast) transition and the new toys aren’t unwelcomed.
If this holds, I’ll be very pleased. For some reason, I don’t think it’ll fail in the next week — 2k3 has been very stable in the last year of heavy usage.
Last time I checked the definition of IS security, availability (or uptime if you will) was one of the factors (along with data confidientality and data integrity). So a powered down computer is not really secure.
Granted, from an intruders point a view a powered down computer is a little hard to hack. But thats just a part of being secure.
There are a few mixed feelings with respect to the way MS handles their patching and feature updates. However, here are some of the basics that MS should do by default (IMHO):
1) Ship the OS secure (home editions, workstations and servers) and let the admin of the box control what gets opened up.
2) Firewall and extra tools should not be part of the patching process. It should be availabe as a seperate download.
3) Document what changes this new SP and tools can and can not do for the OS. Who knows, they might have alread occured. Like the orginal SP2 for XP was nicely documented in a 70/80 page document.
1) Ship the OS secure (home editions, workstations and servers) and let the admin of the box control what gets opened up.
Security is a process.Disabling unnecesary services is just a tiny part.Most home-edition users are end-users with little knowledge or no substantial interest in security,they would be pretty much left in the dark.Unless you meant admins should know what to open-up themselves,so most unnecesary could be turned of by default.
More important in my opinion would be software firms like MS adding more priority to extensive code testing.Less bugs per 1000 lines of code would mean less possible attack vectors.
It’s sad to see how much money of the overall budget goes into code testing and how much more goes into advertising.
>>1) Ship the OS secure (home editions, workstations and servers) and let the admin of the box control what gets opened up.
>Security is a process.Disabling unnecesary services is just a tiny part.Most home-edition users are end-users with little knowledge or no substantial interest in security,they would be pretty much left in the dark.Unless you meant admins should know what to open-up themselves,so most unnecesary could be turned of by default.
While security is a process not a product, I agree with the other guy’s point.
Enable what you need as you need it.
Any OS that follows that rule by default is doing the right thing even if it fails to be secure in other ways.
Having services running on ports by default is a bad idea. Actually, having any unneeded services on (local or net-aware) or ports open (managed by a service or the OS or not) by default is a bad idea even if none of them are obviously exploitable.
As for the usability argument, having services OFF by default doesn’t seem to cause users of Apple’s OSX any problems. Microsoft’s defaults are absurd.
plays movies smoother than slack
Dude, you watch movies on a server? Thats different. What exactly do you use this server for?
On a more serious note it looks like some of the posters here have never used win2003. It is pretty secure on a default installation, doesn’t have all the services running like previous versions in the past.
But who cares, when said people are just trolls?
“But who cares, when said people are just trolls?”
Not to burst your bubbles, but some people use Windows Server as their development workstation since the kernel is not crippled. That way they can do full code development and not really worry about things breaking because of the number of connections.
First of all, 2k3 has any unneeded services (IIS, File sharing, etc.) shut off by default. You have to enable those server roles to use them.
2nd, the new Security Configuration Wizard (SCW) does create a “template” that can be applied to other machines with the same roles.
“SCW guides you through the process of creating, editing, applying, or rolling back a security policy based on the selected roles of the server. The security policies that are created with SCW are XML files that, when applied, configure services, network security, specific registry values, audit policy, and if applicable, Internet Information Services (IIS).”
So in addition to services, it can specify which ports & need to be allowed & other settings for let’s say a Domain Controller or a DHCP Server or SQL Server, etc. Everything else will be locked down and shut-off. It comes with best practice settings for 60 of the most common roles and you can define your own.
“SCW determines the minimum functionality required for a server’s role or roles, and disables functionality that is not required. Specifically, SCW:
• Disables unneeded services.
• Blocks unused ports.
• Allows further address or security restrictions for ports that are left open.
• Prohibits unnecessary IIS web extensions, if applicable.
• Reduces protocol exposure to server message block (SMB), LanMan, and Lightweight Directory Access Protocol (LDAP).
• Defines a high signal-to-noise audit policy. “
Well, win2k3 makes a very good client / workstation OS. I like it better than WinXP. I had a collegue who used it on his laptop. Wannahave the newest M$ OS, then go for windows 2003 – and don’t forget to visit:
http://www.neowin.net/reviews/win2003_wks/Windows%20Server%…
There might be a problem with upgrading Windows with SP1 if you have Norton Anti Virus Corp. 9.0 installed. Currently being descused over at Slashdot in the thread below by one unhappy admin who had Auto Update on a server. It also seemed that MS tech support wasn’t even clued into the update either. This is just a warning for those that have NAV 9 out there, wait and see if this is the real problem. Here is the thread: http://slashdot.org/comments.pl?sid=144386&threshold=1&commentsort=…
Anybody really know what was in the SP2 update for XP?! Cause my update size was 80 mb and then another 9 mb for post SP2 update…and someone on this forum claims a 170 mb update. I thought SP2 included SP1 and its updates in it or something like that.
COuld you elaborate on your comment about the kernel. In other words, I’ve always had the feeling that XP Pro’s kernel was crippled. I’ve noticed this when I send many requests to the HDD. Do you have any links explaining the differences in the kernels between the two OSes?
BTW, I’ve never tried running server 2003 as a desktop, but I may try if it runs better. I run VMWare a lot and wouldn’t mind some performance improvement.
Thanks,
Mike
COuld you elaborate on your comment about the kernel. In other words, I’ve always had the feeling that XP Pro’s kernel was crippled. I’ve noticed this when I send many requests to the HDD. Do you have any links explaining the differences in the kernels between the two OSes?
Check through http://groups.google.com
Parts include a limited number of network connections, CPUs supported, fine grainedness of certain parts etc. etc. Although they’re based off the same base, there are still differences.
If you just run the express update, it only downloads the parts that you need, as service packs include the many hotfixes that are released between service packs.
I don’t see your point? I made no comments that are even close to being what you posted about.
OMG! Thanks for that link. I had no idea you could turn a win2003 server into a workstation, and after reading the link I’m very curious now. I know what I’ll be doing this weekend