Win2K3 Update

Installation and testing of the samples from my latest book went very smoothly (as expected). So far my experience with the RTM version of Windows Server 2003 is as good as I've been hearing from others.

One interesting change from previous RCs is that in keeping with their ongoing push for better security, Microsoft has locked down the security settings on IE. When you open IE on the RTM version, you'll see the following screen:

The key changes I've seen so far is that both ActiveX controls and scripting are disabled by default for all sites other than those in the Local Intranet or Trusted Site zones. In order to allow scripting, you have to either add the desired site to the Trusted Sites zone (which you don't want to do unless you really trust the site), or turn off the Enhanced Security Configuration, using the following steps:

1. Open Control Panel, click Add or Remove Programs, and then click Add/Remove Windows Components.
2. Select Internet Explorer Enhanced Security Configuration, click the check box to clear the selection, and then click OK.
3. Click Next and then click Finish.
4. Restart Internet Explorer to apply the changes.

You can also use the Add/Remove Windows Components applet to apply the IE Enhanced Security Configuration to administrators or other groups (by default, it's applied to both), so if you want administrators to be able to surf without the Enhanced Security Configuration, you can disable it for them, while still leaving it enabled for other groups.

I'm pleased to see that Microsoft is continuing to push for more secure default settings, but I'm going to predict that this one will cause quite a bit of squawking because it will break a great many sites (including some of Microsoft's). I'm also not sure that requiring users to add sites to the Trusted Sites zone is such a good idea. Yes, it requires an active step by the user, and thus is secure by default, but the likelihood that many users will simply get in the habit of adding sites to the Trusted Sites zone is pretty high, IMO, and risks making that zone less useful in segregating truly trusted sites. So while I think it's a step in the right direction overall, I hope that the IE team will continue to think about this problem, and perhaps find more comprehensive ways to address it.