Best Practice Ezine #50 Windows 2003 Server SP1
Even service packs have personalities, and the main character of Windows Server 2003 SP1 is security. There is a similarity between SP2 for XP and SP1 for W2K3, for instance they both introduce a firewall.
Microsoft is shifting into proactive mode. With SP1 they are removing attack points and battening down the hatches; Microsoft seem determined to make it as difficult as possible for malicious code to get a handle on the operating system. Some say, ‘about time too’, other say ‘Microsoft is delivering on their promise to make security a priority’.
What SP1 can do for your Windows 2003 Server?
Problems with service packs
The reason why service packs occasionally cripple servers, is that some machines have a combination of hardware and software that have not been validated for a particular service pack.
I estimate that 95% of all service packs which have ever been applied to any machine, worked perfectly. On reflection I believe, that the success rate is nearer 99%. However, if you suffer from one of the service packs that cause problems, it’s like being mugged. While your belief is that this misfortune only befalls someone else, when it does happen to you, there is a terrible feeling of shock and betrayal.
Danny, Sean and Lee ride to my rescue
I am also grateful to Sean for pointing out that Microsoft recommend waiting for Exchange 2003 Server SP2, before applying Windows Server 2003 SP1. Sean kindly provided this link.
When I sent out a correction, Lee took the trouble to report his findings. This is what he discovered: ‘Windows Hosting is its own product. It’s technically Exchange 2003, but with proprietary add-ons. The website is a little misleading. Microsoft actually does recommend that you install SP1 on a system with Exchange 2003. (I just talked to them about this.) ‘
Eureka! Thanks to Lee, I declare, here is the definitive SP1 reference KB 896367. I see Exchange 2003 failed the SP1 compatibility test, but only with OWA on clustering.
If I can draw any crumb of comfort from these three reports, it is that have continually advocated testing SP1 before deploying on production servers.
Guy Recommends: The Free IP Address Tracker (IPAT)
Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets. IPAT cracks this problem of allocating IP addresses in networks in two ways:
For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges.
For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers. Download the Free IP Address Tracker
Minor Problem with extra security
Test your particular server
Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.
It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.
An enduring superstition for all service packs, is that even numbers are good but odd numbers are bad. I will leave you to make up your own mind. Another urban myth is that applying SP1 will transform 120 evaluation copies into fully blown versions of Windows Server 2003 – wrong.
Incidentally, ‘Mad Mick’ was telling me that he tried to apply SP1 to one of his ‘clients’ servers and it would not install. It turned out to be a pirate copy of Windows Server 2003, and you cannot apply SP 1 to such machines. Mick started to blame Microsoft, but eventually even Mick had to concede that preventing SP1 running on pirate software, was fair enough. This really is a case of ‘feature by design’.
A ‘killer’ reason to install SP1 (after testing)
A security guru told me what happens after Microsoft release a security fix. He claims that hackers reverse engineer the fix and discover the underlying vulnerability. Then these hackers design a nasty virus which attacks those who did NOT apply the service pack. So you have to be smart and install SP1 before a new wave of viruses attack your Windows Server 2003.
How to obtain SP1 for Windows Server 2003
In general SP1 works in just the same way as previous Microsoft service packs. Keep in mind that all you need is one SP1 file, which can be applied to all your Windows Server 2003 editions, Standard, Enterprise, Web, even the SBS edition.
Kevin kindly tells me that Microsoft is going to bring out a new edition especially for SBS. Furthermore, Kevin says while you can apply SP1 to SBS, it’s better to wait for the specially designed service pack.
Watch out for another new twist from Microsoft; there are now multiple versions of SP1. One version designed for single server application, one version for deploying to multiple servers, and also a 64bit Itanium version. (There are also 2 developer versions with checked code.) Just to recap, which ever SP1 file you download, it works for all editions of Windows Server 2003.
When I downloaded the SP1 file from Microsoft, the size was about 337 MB. To then go ahead and install SP1, your server needs a minimum of 700 MB free disk space, 2 GB recommended.
Summary SP1 for Windows Server 2003
Test SP1 on your machine now. Microsoft’s worthy goals for this service pack are improved security and reliability. Watch out for new Windows Server 2003 features, for example, firewall and the Secure Configuration Wizard.
See more information about Microsoft Windows service packs