Windows Server 2003 Improvements
The purpose of this section is to bring you up to speed on Windows Server 2003. In particular, I will give you independent advice on the improvements from Windows 2000 to Windows Server 2003.
Firstly, a quick terminology check, this section is about Windows Server 2003; during development it was know as Whistler, XP Server or plain .NET. Talking of names, if you liked the acronym W2K, then you may like the acronym W2K3 for this product.
7 Reasons for migrating to Windows Server 2003
- Improved IIS
- Active Directory
- Group Policy – Management Console (GPMC)
- Volume Shadow copy restore
- Terminal Services
- Intelligent Files services. DFS, FRS
As I knew both Windows 2000 and XP very well, I thought it would be a cinch to grasp what extra Windows Server 2003 had to offer. Surprisingly, it turned out to be a long journey before I discovered all the new features. Nevertheless, it was a labour of love and I uncovered some ‘gems’ which I am happy to share with you.
My initial impression was that Microsoft had made it easier to configure the server, while at the same time the menus challenged me to think about what I was doing. For example, one of the first questions was – ‘Choose a role for the server’, I felt obliged to stop and double check all the components that I needed to install. Lately I revisited the server role and disabled services that were not needed and a potential security liability.
The front end of Server 2003 is like XP – but without that Luna desktop! Is it my imagination, or are the Icons that bit crisper than they were in Windows 2000?
Update: Darrin wrote in said, ‘ Windows XP / Windows 2003 Server icons are 32-bit (24-bit colour plus an 8-bit alpha channel) as opposed to 8-bit in Windows 2000.’
The Start Menu is similar to XP and gradually I am making more use of its efficient design. Already, I have adapted to using the control panel as a menu, rather than displaying all the icons. I must review the programs ‘Pinned’ on the left side of the Start Menu.
Finally, a word in praise of for Help and Support, not only is it useful for checking new features, but also for contacting the TechNet site when I have a query. Also with ever more waves of virus attacks, Help and Support is useful to update security patches. More so if, like me, you turned off the Automatic Updates service.
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
Everywhere I go in Server 2003, I see signs that Microsoft are at last serious about security. During installation the wizard tried hard to make me choose a secure, long, password for the administrator’s account. Later, when I created my first user, I could not complete the task until I set a complex password.
When I launched the Internet Explorer, browsing was severely restricted because Internet Security was set to High. It also turned out to be security that was preventing me from running a database across my own LAN, I solved that by adding a ‘Trusted Site’ through the Internet Explorer.
As I was checking the Windows Components (Add or Remove Programs), I spotted a new item: ‘Internet Explorer Enhanced Security Features’. Although it breaks security guidelines, many administrators remove this IE feature for ease of use.
IIS 6.0 has come a long way from version 2 in NT4.0 – mind you it needed to! The first security improvement is that IIS is not installed by default. This means that IIS is not just sitting on your server waiting to be attacked. Administrators have been asking for years for a secure installation option, well now they have it as the default installation of IIS 6.0 is ‘Locked Down’.
Time alone will tell if it will capture market share from Apache or Linux servers. But if you like integrated products then look no further than Server 2003 with IIS v 6.0. Perhaps the neatest feature is the ability to isolate each site on multiple web servers. Under the bonnet, the IIS architecture has been redesigned for great robustness and scalability. Note that although the Enterprise version of Server 2003 does contain IIS, there is also a separate Web Version of Server 2003. See more about IIS.
Advantages of Server 2003 : –
- For security reasons, you now CAN disable the Administrator’s account.
- Active Directory Users and Computers you can drag and drop objects into different OUs.
- Now you CAN change common properties of a bunch of users by selecting them with the shift or control keys.
- Rename the domain and the domain controllers. In Windows Server 2003 you can change the name of both the domain and the domain controller. I never could find a way of changing either in Window 2000 – unless I demoted the domain controller to a member server. So this naming flexibility will save hours of rework if you have a good business reason to rename your Active Directory domain. Note you need to raise the function level before you can take advantage or renaming.
- Users also benefit by being able to logon with cached credentials at remote sites. There is no longer a reliance on contacting a Global Catalog server before logging on because the domain controller can cache the universal group membership.
- I first saw the ADMT (Active Directory Migration Tool) in Exchange, next it appeared in XP Pro and now an improved version is provided in Windows Server 2003. What the ADMT version 2.0 can do is to copy user accounts and passwords from NT4.0 or Windows 2000 then create a new user in W2K3’s Active Directory.
- In merger situations you can create cross-forest trusts. Developers will like the ability to deactivate attributes and classes in the schema so that their definitions can be changed.
- Active Directory is a huge topic see more in other Active Directory pages, also Mixed v Native modes.
SolarWinds have produced three Active Directory add-ons. These free utilities have been approved by Microsoft, and will help to manage your domain by:
- Seeking and zapping unwanted user accounts.
- Finding inactive computers.
- Bulk-importing new users. Give this AD utility a try, it’s free!
4. Group Policy – Management Console (GPMC) – Add on from Microsoft’s site
Anyone with experience of Windows 2000 will realise the power of Group Policies in controlling the user’s desktop. There is no doubt that Group Policies are here to stay and with expertise you can configure almost every aspect of the user interaction. There are another 200 Group Policies for XP Professional and an additional 100 for Windows Server 2003. See more here.
If you like configuring Group Policies the GPMC is the ultimate tool for you. What GPMC does is to integrate and centralise all Group Policy functions. What I particularly like about the GPMC is the way that it produces reports on which settings are in effect. So far I have only found GPMC as a download from Microsoft’s site.
Thanks to volume shadow copy, at last you can back up open files. This is done through a ‘Shadow Copy’ created by the Volume Shadow Service working with the VDS (Virtual Disk Service). Shadow copy has other advantages, administrators can configure disks so that users can find previous versions of files.
As well as providing tools and interfaces to connect network attached storage (SANs), Windows Server 2003 provides the ability to boot from SAN configuration if required.
This feature enables you to copy critical data volumes without service interruption. These copies can then be used for service restoration. The idea can be extended to users so they can retrieve archived versions of their documents.
Kiwi CatTools is a free program for backing up configuration settings on hardware devices. Here is Guy’s challenge. If you download CatTools, then it will not only take care of backups, but also it will show you something new about the hardware on you network. I could give you a money back guarantee – but CatTools is already free! Thus, I just make a techie to techie challenge, you will learn more about your network if you:
At first I was rude about Terminal Services. However,Arthur Schopenhauer (1788-1860) was right when he said :-
All truth passes through three stages.
First, it is ridiculed.
Second, it is violently opposed.
Third, it is accepted as being self-evident.
So from being a former critic, I am now an enthusiastic advocate of thin client technology. I think it makes sense to have the applications run on the server, while all the client does is pass keystrokes and receive screen refreshes across the network.
It is unusual for Microsoft to change the name of an item from version to the next, but Terminal Server has suffered more than most. In NT 4.0 it was Terminal Services. The latest name change is for 2000’s ‘Remote Administration mode’, to become ‘Remote Desktop for Administration’ in Windows Server 2003.
There is more than just name changes in Terminal Services, thankfully, we now have True Color and up to 1600 X 1200 resolution to see all the new features. The RDP (Remote Desktop Protocol) extends the local devices from just the printer in Windows 2000 to include smart cards and the client file system.
There were several candidates for the flakiest service in NT 4.0, I would put the old Directory Replication Service at the top of that list. The reason I mention this is that the Distributed File System and File Replication Service are wonderful in W2K3. It is a great advantage to point all the users to shares one server, while creating links and replicas to the actual data on other services. The benefits are redundancy, fault tolerance and the ease with which you can reconfigure your file servers without the users noticing.
When you shut down or restart Windows Server 2003, the event tracker prompts you for a reason for the shut down, which is stored in the Event Log.
If you like this page then please share it with your friends