Riguy Index and Archive:
Windows Server 2003 Observations and Notes - Part I
General Observations of Windows Server 2003. After a 180 Day Evaluation on a home SOHO network, here are some general observations, in no particular order, from simple Notepad and appearance changes, or RDP to Shadow Copies and RSoP. I try to compare where possible this new OS to the previous Windows 2000 OS.
--> The NIC Configurations / Properties are XP-like (that is, Windows NT 5.1). Open the LAN / NIC props. Double-click if system tray icon is present. Otherwise, Network Connections can be found in the Control Panel:
--> Whereas the Windows 2000 network interface cards, for example, have only a 'General' tab up top, in Windows Server 2003 there is a 'Support' tab as well. The 'General' view, above, is standard (data packs activity, Sent/Received). Select Properties to view Local Area Connection Properties:
--> The ubiquitous Client for Microsoft Networks -yup, it's still there and its properties reveal the 'Windows Locator' (related to the MS RPC port /worm issue) or 'DCE Cell Directory Service'. Also, the File and Printer Sharing for MS Networks and TCP/IP components are still there.
--> BUT, Network Load Balancing, as chosen from the image above, is new (well, this is Enterprise Edition, so I believe this is widely available in Windows 2000 Datacenter Server). It needs a check mark in order to view Properties:
--> Clustering involves managing data intensive server activities, thus numerous servers. They all share in the load. Cluster Parameters could be entered, i.e the IP addressing of the cluster or 'Cluster operation mode' (Unicast or Multicast?). Can also edit some Host Parameters as well as 'Port Rules (below):
--> The Port Rules involve handling ports of choice or necessity; for example, web servers would need to direct port 80 traffic in, but maybe leave out the rest. Rules can be added with ease. There are up to 65000+ ports theoretically which can be directed in: 2 ^ 16 (2 to the sixteenth power) equals 65,536, funny enough.
--> Venturing back to the original NIC image, go to the 'Support' tab for all TCP/IP information (this server uses DHCP because it's only an evaluation, thus not needing static IP):
--> The Details tab gives a bit more, err, details and a view of essentially the command, 'ipconfig /all' output (the NIC's Physical Address, i.e MAC address (which is needed when making DHCP Reservations), the IP address itself, and the default gateway, amongst others.
--> Again, back to the original view, going into General/Properties/Authentication. Here is IEEE 802.1x networking authentication types, i.e. MD5-Challenge. The Protected EAP and Smart Card properties (not visible in image below, but they are there!) can be viewed further, and more importantly, configured for a secure log on process:
--> In the Advanced tab, Internet Connection Firewall can be seen, and the firewall service can be used and set up here:
--> If ICF is checked, the Settings tab (grayed out, above) can be used to configure the running services (and more importantly their ports) that users can access on the server. Otherwise, all ports amay be available if the Firewall is not selected, unless another firewall is in place. Also, Security Logging and ICMP (Internet Control Message Protocol) settings can be made:
--> Within the Settings, services, with the appropriate port number, can be added and edited as needed:
--> Utilize the 'Learn more about Internet Connection Firewall' link, it is very helpful:
--> In sum: only use this if connected directly to the internet from the server (a bad idea anyway) or if the situation = small SOHO (small office/home office) LAN and ICS is used (~ 10- 20 shares).
--> A network should have a Hardware or at least a Software (i.e.Zone Alarm) firewall solution, but maybe this could be used as well. This comes with XP as too. A snippet from the aforementioned Help:
"To thwart common hacking attempts, such as port scanning, communications that originate from the Internet are dropped by the firewall. Rather than sending you notifications about firewall activity, ICF silently discards unsolicited communications, because such notifications could be sent frequently enough to become a distraction. Instead, ICF creates a security log to track this activity. For more information, see Internet Connection Firewall security log."
--> Finally, back to original view - try the Support tab this time. I tried 'Repair' (what the hell, I have nothing to lose with this Evaluation) and got the following within 1/2 second:
--> Nothing was broken, so let's hope nothing was 'repaired'.
--> I am not sure what it does, but I would guess that Repair means various IPConfig commands + options (i.e.renew or registerdns) would be run if obtaining IP addressing was a problem.