** Don Jones' Tip Sheet #43: Welcome to Win2003 SP1, Part 1

This week's tip is first in a four-part series of Win2003
Service Pack 1 tips.

Now that Win2003 Service Pack 1 is out, you can start taking
advantage of its new security features. While the new Windows
Firewall included in SP1 doesn't normally enable itself by
default (it is, after all, running on a server), there is one
instance where the firewall will come up in a completely
locked-down state, automatically. Can you guess when? At the
most useful time, possible, in fact: when you're installing
Windows.

If you have a slipstreamed copy of the Win2003 installation
media (e.g., a CD that incorporates SP1 into the core
installation files), installing Win2003 results in the Windows
Firewall coming on in a "shields-up" mode. The idea is that
there will be critical updates released after SP1, many of which
will help patch vulnerabilities. By bringing the firewall up in
a fully locked-down mode to begin with, the server will be
protected until you can install the latest patches -- either
from Windows Update or from an internal Software Update Services
(SUS) or Windows Server Update Services (WSUS; these names are
killin' me) server on your network. When you're satisfied that
everything's up to speed, you can bring the firewall down and
begin normal production operations.

This capability is perhaps one of the best reasons to create
your own slipstreamed Win2003+SP1 installation CD, if you
haven't done so already: Ensuring that your servers remain
protected until the latest patches are installed solves a major
vulnerability point, and the firewall is a convenient way to
accomplish this important task.

--Don Jones

Comment on this article:
http://mcpmag.com/columns/article.asp?editorialsid=967#post

Don Jones is the owner and operator of ScriptingAnswers.com, a
speaker at national technical IT conferences, and the author of
nearly twenty books on information technology. His latest book
is "Managing Windows with VBScript and WMI" (Addison-Welsey) and
he's completing "Windows Administrator's Automation Toolkit"
(Microsoft Press). You can reach Don at his Web site or at
don@scriptinganswers.com.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MORE RESOURCES:

* Learn how to slipstream SP1 into your installation media at:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/WebW2K3SP1hfdeploy/0e02a953-aca7-4dad-b3e2-c94ea72bbc3d.mspx
* Read everything Microsoft's written to date on SP1 at:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx
* Access updated Win2003 help (including SP1-related changes) at:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspx