High Level Look at Win 2003 - Part 1

Well I have been playing with Windows 2003 Standard addition and I decided to start with the networking components.

General
==========================
I'd like to start by saying that the look and feel of 2003, to me, is nothing more than XP with additional server services. Aside from graphic tweaks and adding a few wizards, on the surface there are no real changes that stand out.

Part 1 - Networking
=========================
The first surprise that I found was that WINS support was still around. Also, like promised, IPX/SPX support has ben removed. Looks like Novell didn't win this one :)

A new CLI tool has been added called netsh diag. To run it, just type netsh -c diag, then type ? to get a list of commands. This looks like it *may* be helpful but I haven't given it much time just yet.

Support for Protected Extensible Authentication Protocol (PEAP) for wireless network connections has been added and it also has been added to IAS services (RADIUS server on W2K3). I like this one since I have many RADIUS boxes handling authentication. MS-CHAP v2 is now available as a PEAP authentication type. This is cool because you can setup secure wireless authentication without having to deploy a certificate infrastructure(PKI), and install certificates on each wireless client. RAS also has been fitted with PEAP support too.

Some attention has been given to SmartCard technology. They added a section under advanced when you edit the properties of your network connection. They even have a blurb about it when you login to the server.

Remote access and routing have gotten polished up a bit. In typical MS fashion, they added tons of extras to "simplify" our lives. The one thing that stands out is the NetBT proxy feature. With the NetBT proxy enabled, clients connecting remotely are able to resolve the names of computers on the network without requiring the deployment of a DNS or WINS server.This will actually be helpful to me with my current VPN solution. The NetBT proxy is built-in to the Routing and Remote Access service.

Network Access Quarantine Control is designed to prevent computers with unsafe configurations from connecting to a private network. Now this should be interesting. Once I set this up and test it out, I will provide a much more technical view of the service but for now, here is what it does. Network Access Quarantine Control is a feature of both the Routing and Remote Access Service and Internet Authentication Service that delays normal remote access to a private network until the configuration of the remote access computer has been examined and validated by an administrator-provided script

Point-to-Point Protocol over Ethernet Client for Broadband Internet Connections. Using PPPoE and a broadband Internet connection such as DSL or cable modem, users can gain individual authenticated access to high-speed data networks. In previous versions of Windows, users had to install separate software that was supplied by the ISP. Now, this support is built in to the operating system.

Automatic Alternate Configuration for Multiple Networks Connectivity
Alternate configuration allows you to manually configure static TCP/IP settings that are configured when the computer is a Dynamic Host Configuration Protocol (DHCP) client and no DHCP server is found when the computer starts. For computers running Windows 2000, Windows 98, and Windows Millennium Edition, if the computer is configured as a DHCP client and does not find a DHCP server, Automatic Private IP Addressing (APIPA) automatically assigns a unique address from the 169.254.0.0/16 address space. Although APIPA allows TCP/IP to start, it does not assign a default gateway address, a Domain Name System (DNS) server IP address, or other settings essential for communication on an intranet or the Internet. Alternate configuration is useful in situations where the computer is used on more than one network and one of those networks does not have a DHCP server and an APIPA addressing configuration is not desired.
For example, a user has a laptop computer that is used at their office and at home. While at the office, the computer uses a DHCP-allocated TCP/IP configuration. While at home, where there is no DHCP server present, the laptop computer automatically uses the alternate configuration, which provides easy access to home network computers and the Internet. With alternate configuration, you do not have to manually reconfigure TCP/IP settings when the laptop computer is connected to either the office or home network.
You can configure the TCP/IP alternate configuration on the Alternate Configuration tab from the properties of the Internet Protocol (TCP/IP) protocol in the properties of a LAN connection in the Network Connections folder.

DISSAPOINTMENTS
==============================
ICF - Internet Connection Firewall. Don't look for anything new here other than it has a slightly different method of getting to it than W2K has. This is the same POS that XP currently runs. I think I'll move on :)

TCP/IP Protocol Cannot be Removed. The TCP/IP protocol, named the Internet Protocol (TCP/IP) in the properties of a connection in the Network Connections folder, is installed by default and cannot be removed. In the past, one step to troubleshoot a possible TCP/IP configuration problem has been to remove the TCP/IP protocol and reinstall it. This is no longer possible in the Windows Server 2003 family. Instead, you can use a new netsh command to reset the TCP/IP configuration to installation defaults. This is kinda piss poor if you ask me. What is funny is that XP also has this little "enhancement" but you really don't see it discussed too much.


Well there are many more things to talk about but I will save those for later sections. Also, I'd like to note that all of the networking feature enhancements can be found on the Microsoft site at this URL:

http://www.microsoft.com/windowsserv...orkingOver.doc

I have snipped parts of this doc in the interest of preventing carpal tunnel syndrome when preparing this post. Again W2K3, in my opinion, is not very impressive thus far but I still have a *long* list of things to test and attempt to break. I also know that many of the touted new services have been available in XP for a while.

Stay tuned, there is much more to follow. That is, if you guys want me to post what I find.

--TH13

Nice writing.
Hence that this has the pt 1 on top of it I reckon we can expect more on this.
Like IIS 6.0 (HTTP.SYS, Health monitoring, Bandwidth throttling), the new COM+, App Compatability wizzard UDDI etc.
I would definatly like to read some more on w2k3 and your findings.
:bigsmile:

Yes,

There will be many parts as I have to do a writeup on general enhancements and then a technical one that outlines increased benefits (if any exist to justify a rollout) and then finally (my personal favorite) vulnerability assessment. My very first target will be the shiney new HTTP.SYS component of IIS. ;) Hmmm, seems that MS is following Apache's lead here.

Oh yes, one other REALLY annoying feature "enhancement" is that you have to give Win2003 a reason why you want to shutdown/reboot. It gives you a bunch of canned responses to provide to the Shutdown Event Tracker, or you can choose 'other' and type in a comment. Get ready for the fun stuff that admins will be logging in this field! :) Well the good news is that it can be disabled.

Sounds good. Let us know what your opinions are.

Its good to see that IPX/SPX is finaly gone (novell stoped useing it in version 5) it should have been pulled with the release of 2k. Did they leave HFS support in NTFS? and did test it in an AD 1 enviroment, how did it do with 2k servers also running?