Windows Tip Sheet

Welcome to Win2003 SP1, Part 1

Securely install Win2003 with SP1 from the get-go.

• By Don Jones
• 05/04/2005

Now that Win2003 Service Pack 1 is out, you can start taking advantage of its new security features. While the new Windows Firewall included in SP1 doesn’t normally enable itself by default (it is, after all, running on a server), there is one instance where the firewall will come up in a completely locked-down state, automatically. Can you guess when? At the most useful time, possible, in fact: when you’re installing Windows.

If you have a slipstreamed copy of the Win2003 installation media (e.g., a CD that incorporates SP1 into the core installation files), installing Win2003 results in the Windows Firewall coming on in a “shields-up” mode. The idea is that there will be critical updates released after SP1, many of which will help patch vulnerabilities. By bringing the firewall up in a fully locked-down mode to begin with, the server will be protected until you can install the latest patches—either from Windows Update or from an internal Software Update Services (SUS) or Windows Server Update Services (WSUS; these names are killin’ me) server on your network. When you’re satisfied that everything’s up to speed, you can bring the firewall down and begin normal production operations.

This capability is perhaps one of the best reasons to create your own slipstreamed Win2003+SP1 installation CD, if you haven’t done so already: Ensuring that your servers remain protected until the latest patches are installed solves a major vulnerability point, and the firewall is a convenient way to accomplish this important task.

More Resources:

• Learn how to slipstream SP1 into your installation media here.
• Read everything Microsoft’s written to date on SP1 here.
• Access updated Win2003 help (including SP1-related changes) here.