Canadian users cautious about deploying SP1 for Server 2003

The most compelling feature of Service Pack 1 for Windows Server 2003, released earlier in April, may be its power to take away from the operating system.

SP1 provides security enhancements not unlike those of SP2 for the XP operating system, but it’s doing so in a smarter way.

The problem

with SP2 — and the reason Microsoft temporarily disabled the automatic update feature that would allow customers to deploy it — was that it automatically activated a Windows firewall, potentially creating problems in other areas of an IT environment. SP1 for Server 2003 also includes a firewall, but its default is in the “”off”” position.

SP1 takes a similar approach with other features available in Server 2003 — it turns them off if they aren’t necessary. Through a security configuration wizard, users can specify what the server is being used for (e.g. file and print or a Web server) and only the germane features will be activated.

By keeping the server running on the necessary minimum, it’s possible to reduce the “”attack surface area,”” said Derick Wong, senior product manager of security and management at Microsoft Canada.

“”They can actually disable unused services and block unnecessary ports and modify registry values to configure the Windows Server for that specific workload,”” he said.

Andy Papadopoulos, president of Toronto-based integrator Legend Corp. is currently working with some of his clients that are looking to deploy SP1. As with any upgrade, he emphasizes caution and preparedness.

“”It’s not a service pack, it’s a security pack,”” he said, “”so it’s going to make some deep changes. You have to be educated first.””

Papadopoulos built a lab to test SP1 on a variety of common configurations of Server 2003 and recommends that his clients do the same. By having an install wizard that can meet a user’s specifications, the install process should be simplified, he said.

“”In most cases where customers had (security) issues, it’s simple; it just had to do with do with misconfiguration. They just had a lot of unnecessary services turned on,”” he said.

Orezone Resources Inc., based in Ottawa, is a gold exploration and development company with operations in Africa. The company has Server 2003 deployed across its network, which communicates with its African operations via satellite.

Will deploy, but not immediately

Doug Perkins, the company’s CFO, said he will likely deploy SP1, but not immediately. “”Given that we’re running all of our accounting and all of our geological databases by satellite linked into Africa. We can’t afford to cut that line. We will deploy it shortly, but we’ll just see if there are bugs first.””

Perkins’ IT department advised Orezone to wait at least a few weeks. “”We’re pretty state of the art. As CFO, I push these guys, but I listen to them as well,”” he said.

Tourism Vancouver is also a Server 2003 user, but will wait even longer before considering a move to SP1. The organization is in the midst of a CRM rollout, said IT director Kevin Tarasoff, and that takes priority.

Microsoft is taking the right tack by helping users lock down unnecessary features and ports, he said. But Tourism Vancouver will wait until the end of the month — the deployment date for the CRM application, which will be hosted by a third-party provider — before looking at SP1. Tarasoff said he also backed away from SP2 for XP based on the advice of his services company and the results of some initial in-house tests. Both SP1 and SP2 may be deployed at a later date.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs