1.2. What Service Pack 1 Adds
Windows Server 2003 Service Pack 1
was released in April 2005 and consists of several must-have updates. Essentially, SP1 brings the new security features, improvements to the built-in firewall and Windows Explorer, and the overall better user experience found in Windows XP Service Pack 2 over the fence to the server side. You'll find the following:
The Security Configuration Wizard makes it its debut. The SCW is perhaps the biggest security enhancement to any version of Windows on the server since the initial release of Windows NT Server. The SCW takes into account the functional roles a machine is performing and adjusts the configuration and operation of its installed services, Registry, filesystem, and auditing policies to significantly reduce the attack surface of the machine. It does this with a wonderfully easy-to-use interface that includes the ability to save created policies, apply existing policies to other machines, and roll back misapplied policies. I cover the SCW in great detail in Chapter 7. The Internet Connection Firewall is renamed Windows Firewall and is improved to work almost exactly like its Windows XP counterpart. A major difference, however, is the default state: unlike XP, the firewall is turned off by default on the server. You'll need to specifically enable it if you want its protection. The Automatic Updates interface has been completely redesigned, again to resemble the XP interface. Security for the DCOM and RPC subsystems of the product, both of which have been exploited by several pieces of malware over the past few years on other Windows operating systems, has also been significantly improved. Microsoft has increased the speed at which IPSec connections between trusted nodes are made by moving code into kernel mode for faster SSL connections and other secure transmissions. Now the performance hit of using secure channels for communication has been lessened. IIS start-up times have also been optimized. I cover other, more specific (and less obvious) improvements to IIS in SP1 in Chapter 8. Finally, don't discount the convenience of having all security updates issued between the initial "gold" release of the product in April 2005 all rolled into one easily executable package. Patching is a big headache these days, and service packs are great ways to leap ahead to the most secure installation possible if you're a bit behind on your updating.
The bottom line is that Service Pack 1, in my opinion, is a critical upgrade that you should install as soon as you've done due diligence (making sure your applications will run with the updates, ensuring the new security features don't interfere with legacy communications, and generally giving the service pack a thorough once-over). There have been some Windows commercial upgrades in the past that didn't offer the level of improvements and new features that this freely available service pack contains. Recommendation: download and install Service Pack 1 as soon as you can.
|