Originally due in late 2003, Windows Server 2003 is the server-oriented brother to Windows XP SP2, a major security update with many new features. Chief among these is the new Security Configuration Wizard, a new roles-based administration tool that will allow you to configure servers for specific purposes while automatically locking down ports and services.

Q: What is Windows Server 2003 Service Pack 1 (SP1)?

A: Windows Server 2003 SP1 is a major, security-oriented update to Windows Server 2003. It will include all the bug and security fixes Microsoft shipped since the original Windows Server 2003 release as well as a number of exciting new security features.

Q: What security features will Windows Server 2003 SP1 include?

A: Windows Server 2003 SP1 will include a new roles-based Security Configuration Wizard (SCW), enhanced support for 32-Bit applications on Itanium 2 servers, support for client network isolation so that Windows 2003 SP1 machines can prevent clients from accessing a corporate network until their security state is verified, IIS 6.0 improvements, and a VPN Quarantine feature called Network Access Protection (NAP) will let remote Windows clients safely access network features.

Q: How does the Security Configuration Wizard work?

A: The new roles-based Security Configuration Wizard will finally answer what might be the most commonly asked question about Windows 2003: Which services can you turn off? This question has been difficult to answer to date because of the thousands of possible combinations of installed technology, each with a cascading hierarchy of dependencies, that can exist on any Windows system. And when you add to the mix other Microsoft server systems, such as Microsoft Exchange Server or Microsoft SQL Server, the dependencies change yet again. To address this problem and give administrators a way to configure server systems to run only those services that are required by the roles assigned to a server, the Security Configuration Wizard accesses a back-end XML database that knows about Windows 2003 and all the Microsoft enterprise products that run on it. The wizard can run in two modes. In the first mode, the wizard examines the system and reports the roles the server is assigned; when prompted by the user, the wizard will shut down any inappropriate services not related to the currently configured roles. In the second mode, you simply tell the wizard which roles the server should fulfill, and it automatically configures the server for the currently configured roles. In addition to shutting down services, the wizard can shut down ports that are unnecessary to the server's currently configured roles. The Security Configuration Wizard can also export and import configurations. This feature lets you configure one server and apply that configuration to other servers. Another useful feature lets administrators and third parties add information about custom applications and third-party servers to the XML database.

Q: When will Windows Server 2003 SP1 ship?

A: Sometime in the first half of 2005.

Last updated September 17, 2004.