Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2003 Server service pack 1 2

Status
Not open for further replies.
aftertaf

aftertaf

IS-IT--Management
May 27, 2004
3,320
EU
its been released.


A.

The additions to Windows Server 2003 introduced by Windows Server 2003 SP1 are designed to improve security, reliability, and productivity. Below is a brief introduction to the new features and enhancements brought to Windows Server 2003 by Service Pack 1. A more detailed description of these additions can be found in the Windows Server 2003 SP1 Product Overview.

Enhancements
Windows Server 2003 SP1 includes improvements to functionality that originally shipped with Windows Server 2003. Such enhancements make a great product better and raise the security, reliability, and productivity of Windows Server 2003. Some of the key enhancements include:


Support for "no execute" hardware. Windows Server 2003 SP1 allows Windows Server 2003 to utilize functionality built in to computing hardware by companies such as Intel and Advanced Micro Devices to prevent malicious code from launching attacks from areas of computer memory that should not run code. This enhancement reduces the likelihood of the broadest and most exploited avenues of information attack.


Internet Information Services (IIS) 6.0 metabase auditing. The metabase is the XML-based, hierarchical store of configuration information for IIS 6.0. The ability to audit this store allows network administrators to see which user accessed the metabase if it becomes corrupted.


Stronger defaults and privilege reduction on services. Services such as RPC and DCOM are integral to Windows Server 2003 and thus make an alluring target for hackers. By requiring greater authentication for calls of these services, Windows Server 2003 SP1 establishes a minimum threshold of security for all applications that use these services, even if they possess little or no security inherently.


Addition of Network Access Quarantine Control components. Windows Server 2003 SP1 now includes the RQS.exe and RQC.exe components to make deployment of Network Access Quarantine Control easier. For more information, see Network Access Quarantine Control in Windows Server 2003.

New features
In contrast with other service pack releases, Microsoft is taking the opportunity afforded by the release of SP1 to introduce powerful new functionality to Windows Server 2003.


Windows Firewall. Also released with Windows XP Service Pack 2, Windows Firewall is the successor to the Internet Connection Firewall. Windows Firewall is a host (software) firewall, a firewall around each client and server computer on a customer's network. Windows Server 2003 Service Pack 1 installs Windows Firewall on the server and allows network-wide control through Group Policy.


Post-Setup Security Updates (PSSU). Servers are vulnerable in the time between being installation and when the latest security updates are applied. To counter this, Windows Server 2003 with Windows Server 2003 Service Pack 1 blocks all inbound connections to the server after installation until Windows Update has run to deliver the latest security updates to the new computer. This feature also guides administrators through Automatic Update at the time of first log on.


Security Configuration Wizard (SCW). SCW asks users questions about the role their servers fill and then stops all services and blocks ports not necessary to perform those roles. This new feature of Windows Server 2003 closes unnecessary avenues of attack.

Aftertaf

"Solutions are not the answer." - Richard Nixon
 
Definitely needs a lot of testing before rolling out. After the debacle with the Integrated firewall in XP SP2, I can only surmise that similar problems will be had with this one!
 
I'm betting on it!

[blue]Arguably the best cat skinner around ! [/blue]

Cheers
Scott
 
Yep i've had issues with the "INTEL LANDesk(R) System Manager System Space Manager" not starting after instlling SP1. I've had to set it to manual and then start it after a reeboot.
I'll look into it further later.

"Horsey to king bish three
 
I plan on waiting to install it until it's been tested and proven for at least a month. While XP SP2 gave me no problems, a workstation is much easier to rebuild than an Exchange server.

Would it be inappropriate to ask people who have installed it to post their stories, good and bad, in this thread? I would very much like to hear others' experiences with it.
 
Oh yes i agree that wasn't on a production server, but it will be in the near future. 2K3 SP1 has been in beta for 18 months though so lets hope they have learned some lessons along the way especially from XP SP2.

"Horsey to king bish three
 
I recently deployed on a test server. Checked the eventlogs and besides a DCOM error which said that its service could not start, however it did start, everything else seems fine.

I even went through the Security Configuration Wizard and all services including DHCP, DNS, AD are running fine.

Anthony
 
wildmagpie....
good idea!

Aftertaf

"Solutions are not the answer." - Richard Nixon
 
there are big differences :)

we made alot of improvements in alot of aspects

my favorite...metadata cleanup will now clean up ALL metadata from a failed DC...no more having to go through adsiedit :)

another big thing is the introduction of the security configuration wizard, although this is going ot be a dangerous tool and generate alot of support calls

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
Hi guys, some good news the "INTEL LANDesk(R) System Manager System Space Manager" does start it's just slower than before (for some reason) so it doesn't respond within the time limit that Windows sets, it starts eventually though.

Also another nice touch is the (S4U) Kerberos extension issue seems to of been fixed so the event log isn't filling up with 673 events from the local host DC (I believe there was a patch for this but it wasn't tested in all situations).



"Horsey to king bish three
 
Has anyone run into a problem where after installing SP1 and rebooting your server it hangs at the Windows 2003 Screen and will not go any further?





Life is a mind game
Wanna Play?
 
Thats what my home PC did with XP Sp2 which was nice!

I had to do a system restore.

Boot to safe mode and view the eventviewer and see if you can tell what it hung on, if you can!

[blue]Arguably the best cat skinner around ! [/blue]

Cheers
Scott
 
i will try this.....Thank goodness we put this on our testing server.. Gotta love Microsoft

Life is a mind game
Wanna Play?
 
no luck...when i boot to safe mode, the process hangs at the initial boot up section when running this file \windows\system32\acpitabl.dat

Life is a mind game
Wanna Play?
 
Ok guys as i'm sure many of you are aware there were a number of problems with editing group policy after installing XP SP2, one was the "the string was too long and has been truncated..." problem that MS made a patch available to fix. KBID=842933
Has anyone encountered any Active Directory or GP problems during testing where one DC is SP1 and others are still not upgraded?

"Horsey to king bish three
 
there is a known issue with RRAS (I believe this was authentication through a firewall), as well as with ISA 2000/ISA 2004's RPC filter

you must disable the RPC filter on ISA 2000, for ISA 2004, you must disable the RPC or filter OR upgrade to ISA 2004 SP1

RPC communications were changed to add an extra function

842933 is rolled into Win2003 SP1 as well

You DO NOT want to have SP1 on one DC and not teh others

As always when upgrading a DC, when you are upgrading versions of important items such as say ntfrs, you must upgrade all DCs at one time (in teh same night) or your potential for replication/group policy application issues has increased exponentially



-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
those items mentioned will be available shortly in a KB

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
You DO NOT want to have SP1 on one DC and not the others
Click to expand...

Doesn't this create massive problems for large setups e.g. hundreds + DC's?

Surely there must be some crossover, are there procedures that can be avoided during this time to avoid problems and if so what?

Cheers.

"Horsey to king bish three
 
ill have to look into the detaisl of teh effects onreplication and such.....but as best practice, even with hotfixes that affect this sort of thing, its always said to get them done in as short amount of time as possible....

a good example was the Win2000 SP3 to SP4 rollout

if you did not upgrade all DCs to SP4, or at least the hotfix for ntfrs for SP3 (that was included in SP4), then Win2000 SP3 DCs would not replicate

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
If you apply SP1 and discover issues which you are not happy with, can you roll-back the installation ?
 
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
218
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
266
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
314
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
225
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
253
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top