Robert Hurlbut's Blog

Thoughts on .NET, Security, Architecture, Agility, and Databases.

Syndication

.Company / Other Sites / Other Blogs

.NET Links

.NET Local Boston Events

.NET User Groups in New England

Blogs - .NET

Blogs - Agile

Blogs - Architecture

Blogs - CLR

Blogs - Security

Blogs - SQL Server

Blogs - System.Transactions

Enterprise Services (COM+) Resources

Indigo Resources

Microsoft Security Resources

Presentation resources

Recommended Books

Rotor Resources

Security Resources

Windows Server 2003 SP1: first impressions

As you may know, the long awaited Windows Server 2003 SP1 has finally reached RTM. Here is some technical information, and a Top Ten feature list [links found by way of Sam].

I didn't get to play with the betas that much for this product, so this was my first real exposure. I decided to install it on a couple of virtual servers I have running on my main development server. In both cases, I can access the virtual servers either through the Virtual Server Administration web pages or through Remote Desktop. Installation on both servers worked without flaw, but I noticed it locked down nearly every port, including Remote Desktop! The one port it leaves open is the port used by the Security Configuration Wizard (which you still have to manually install). So, if you are installing this over a Remote Desktop connection, you may find after you reboot that you are no longer able to access your machine. I am sure there must be a work around for this, but I don't know what it is at the moment.

One nice feature is that when the Service Pack has been installed, all the previous hotfixes are removed from the "Add/Remove" window (since SP1 rolls them all in, the "uninstall" operations for hotfixes are no longer needed, but I don't remember other Service Packs removing those previous ones for you like this one did).

I started to run the SCW, but backed off as I want to put a couple of other bits of software on the servers before locking it down completely. So far, except for the Remote Desktop issue, I am very impressed.

Published Thursday, March 31, 2005 5:47 PM by RHurlbut
Filed under: , , ,

Comments

# re: Windows Server 2003 SP1: first impressions@ Thursday, March 31, 2005 6:21 PM

I'm glad I read your post before installing. Currently I only have access to my server through remote desktop. That would've been quite a headache for me, had I not known.

by matt johnson

# re: Windows Server 2003 SP1: first impressions@ Thursday, March 31, 2005 6:25 PM

I was able to install it just fine using Remote Desktop. However, SCW was not installed by default. What I don't know is whether SCW closes the Remote Desktop port DURING unattended installation. I doubt it though since unattended wizard makes no sense. Does anyone have any clues?

by Don Park

# re: Windows Server 2003 SP1: first impressions@ Thursday, March 31, 2005 7:48 PM

Matt -- I just know that is what I saw twice in a virtual server, but I haven't tried it on my host machine to see if Remote Desktop is also closed.

Don -- Did you do anything special to make sure Remote Desktop was kept open? It took me a little while to find where SCW was located, even though there is a document that is installed and linked to the desktop. So, the document describing SCW is there, but installing SCW is optional.

by Robert Hurlbut

# Windows Server 2003 SP1: second impressions@ Friday, April 01, 2005 7:51 AM

by TrackBack

# re: Windows Server 2003 SP1: first impressions@ Tuesday, April 19, 2005 9:38 AM

Disabling the Internet Connection Firewall service fixes the problem. You will then be able to connect via Remote Desktop after reboot.

by Matt Flinn

# re: Windows Server 2003 SP1: first impressions@ Friday, April 22, 2005 4:02 PM

all i know is that sp1 enabled the sid filter and which disabled all my trust to uk and causing some problem with exchange

by Adolphus