Our Free Study Guides and Practice Exams Will Make You Certifiable!
  Home

HOME | EXAM DETAILS | FREE TESTS | STUDY GUIDES | GLOSSARY | ARTICLES | BOOKS & TRAINING | FORUMS | CAREER & JOBS
 MICROSOFT
 COMPTIA
 CISCO
 CIW
 LPI
 RED HAT
 IBM
 FREE MAGAZINES
 WHITE PAPERS
 TOPSITES
 CONTRIBUTORS
 SITE MAP
 SITE FAQ
 

Users online
total users: 928
Last Post
70-113 - The future of Microsoft certifications?
by joe90
Nov. 20, 2008 16:57
Board statistics
We have a total of 82872 posts!
 TechTutorials
 CertifyPro
 Certnotes
 Web Host Reviews
 CBT Training
 MCSE Boot Camp
 MCSE Training

Windows 2003 Service Pack 1 – In plain English! (part 1)
By Brian Gibson (AKA Foxynox)

Microsoft has recently released Service Pack 1 for Windows Server 2003. The release documents for the Service Pack are almost 300 pages long! The purpose of these next few articles is to list the main new features and changes the service pack will make to your server, Active Directory, and server applications. Hopefully, these articles will summarise what you need to know about the latest service pack in plain English, for a much more detailed description of each, please refer to the Microsoft documentation.

Security Configuration Wizard
The Security Configuration Wizard (SCW) is a new feature with Windows 2003 SP1, and probably the single largest addition to the OS in the Service Pack. The main function of the SCW is to reduce the attack surface of the server. It guides the creation of security policies and setting up minimum functionality depending on the server role. After installing SP1, the SCW needs to be installed via the Windows Components window of Add or Remove Programs control panel. The SCW will then appear in the Administrative Tools folder. The SCW will allow you to either;
  • Create a new Security policy
  • Edit an existing Security policy
  • Apply an existing Security policy
  • Rollback the last applied Security policy
When creating a new security policy, the SCW has almost 200 different server roles, which can be added to the policy to define the minimum services, ports and other functional requirements while providing maximum security. Roles, features, options, services and ports can be selected and de-selected as required as can outbound authentication methods, registry settings and audit policies. The final policy is saved to an XML file which can then be used and modified across servers and server roles running the SCW.

It would be impossible to cover all the ins and outs of such a huge new tool in one article. For the full documentation of the Security Configuration Wizard, please go here.

Access Based Enumeration
To enable this feature you will need to download and install an additional component in the form of a msi (abeu.msi) file from the Microsoft Download site. When it is installed, a new tab will appear on shared folders named “Access Based Enumeration”.

When enabled, this will change the view users will have of files and folders when accessing shares held on the Windows 2003 server. Only files and folders the users have permissions to access will be displayed, and nothing else. Prior to enabling this change, users could see all files and folders, regardless of permissions, but would not be able to open denied folders or files.

Add or Remove Programs Filter
A new tick box has been added to the Add or Remove Programs control panel, called Show Updates. With SP1, only installed programs will displayed until this check box is ticked. It will then display both programs and updates together. This feature can be used by any software vendor, not just Microsoft updates.

DCOM Security Enhancements
The Default COM Security tab in the Component Services control panel \My Computer properties has been renamed to COM Security and extra functionality added. It now has an extra button, “Edit Limits” for both Access and Launch Permissions. This extra functionality provides a further computerwide access check in addition to the current access control checks. The reason this was introduced was due to previous weak settings allowing unauthenticated access to some processes, that administrators could not force stronger security settings on.

A new group has also been created called “Distributed COM Users” to speed up the process of adding users to DCOM computer restriction settings.

RPC Service Changes
Pre-SP1 the RPCSS provided the key service for both RPC Endpoint Mapper and also for the DCOM Infrastructure. The service ran under the permissions of the Local System account. SP1 has split this into two services, the original RPC service (for the RPC Endpoint Mapper) and a new service called DCOM Process Launcher, which is not network facing. The RPC service did not need the Local Security permissions so it now runs under the NT Authority\Network Service account, while the new DCOM Process Launcher service runs with the Local System account. This was introduced to reduce attack surface of Windows, and to tighten security permissions on network facing services.

Device\Physical Memory Change
The Device\Physical Memory object is used by applications to access physical memory. This would be used by applications attempting to read BIOS data. Pre-SP1 this was controlled by an Access Control List. Service Pack 1 changes this and now denies all access at User Mode level regardless of user context or application.


 CareerAcademy
Certification training videos with private instructors. Topics cover Microsoft MCSE, CompTIA, CISSP & Cisco exams. Courses also come with official practice exams with 7x24 mentors.
more products...
 Netwind Learning
Free Demo. Certification Training for A+, MCSE, MCTS Microsoft.NET, Cisco CCNA, CCNP, CCVP, CCSP, Java, Oracle, Linux, PMP and 100's of other courses.
more products...
 EDULEARN
Certification Training on CD-ROMs & Videos: Microsoft MCSE Training, A+ Certification, Windows 2003, & Free demos. MCSE certification training includes videos and labs.
more products...
 Training Planet
Nationwide Computer Training Boot Camp Classes and also CD based training courses A+ Certification, Cisco Training, MCSE, CISSP, Autocad, Office, PMP, SOX, PC Diagnostics
more products...


ADVERTISE | PARTNERSHIPS | PRIVACY POLICY | DISCLAIMER | | CONTACT


IT Showcase