Windows Tip Sheet
Welcome to Win2003 SP1, Part 1
Securely install Win2003 with SP1 from the get-go.
This week’s tip is first in a four-part series of
Win2003 Service Pack 1 tips.
Now that Win2003 Service Pack 1 is out, you can start taking advantage of its
new security features. While the new Windows Firewall included in SP1 doesn’t
normally enable itself by default (it is, after all, running on a server), there
is one instance where the firewall will come up in a completely locked-down
state, automatically. Can you guess when? At the most useful time, possible,
in fact: when you’re installing Windows.
If you have a slipstreamed copy of the Win2003 installation media (e.g., a
CD that incorporates SP1 into the core installation files), installing Win2003
results in the Windows Firewall coming on in a “shields-up” mode.
The idea is that there will be critical updates released after SP1, many of
which will help patch vulnerabilities. By bringing the firewall up in a fully
locked-down mode to begin with, the server will be protected until you can install
the latest patches—either from Windows Update or from an internal Software
Update Services (SUS) or Windows Server Update Services (WSUS; these names are
killin’ me) server on your network. When you’re satisfied that everything’s
up to speed, you can bring the firewall down and begin normal production operations.
This capability is perhaps one of the best reasons to create your own slipstreamed
Win2003+SP1 installation CD, if you haven’t done so already: Ensuring
that your servers remain protected until the latest patches are installed solves
a major vulnerability point, and the firewall is a convenient way to accomplish
this important task.
- Learn how to slipstream SP1 into your installation media here.
- Read everything Microsoft’s written to date on SP1 here.
- Access updated Win2003 help (including SP1-related changes) here.
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.