Overview of Windows Server 2003 Editions

The Windows Server 2003 family of operating systems consists of four

editions, each designed with the particular needs of a different type of
customer in mind. Although each edition is built on the same core architecture,
editions differ in terms of scalability, services offered, and supported hardware
platforms.

The four editions of Windows Server 2003 are:

■ Windows Server 2003, Standard Edition

■ Windows Server 2003, Enterprise Edition
■ Windows Server 2003, Datacenter Edition
■ Windows Server 2003, Web Edition
Windows Server 2003, Standard Edition

This product is aimed at small businesses and departmental use within larger
organizations. Some common uses of Windows Server 2003, Standard Edition,
include:

■File and printer sharing

■Secure Internet connectivity
■Centralized desktop application deployment
Windows Server 2003, Enterprise Edition

Is the replacement product for Windows 2000 Advanced Server. This edition of Windows
Server 2003 is built to meet the general-purpose needs of businesses of all sizes, and
especially those that require a higher degree of availability and scalability.

Enterprise Edition provides full support for Active Directory, including the ability to
function as a domain controller
Windows Server 2003, Datacenter Edition

Is the replacement product for Windows2000 Datacenter Server. This edition of

Windows Server 2003 is aimed at high-end data-processing environments consisting of
business- and mission-critical applications demanding the highest levels of reliability,
availability, and scalability.

Datacenter Edition provides full support for Active Directory, including the ability to
function as a domain controller

■ Provides symmetric multiprocessing (SMP) support for up to 32 CPUs on 32-

bitplatforms, with an absolute minimum of 8 CPUs

■ Supports a maximum of 64 gigabytes (GB) of RAM on 32-bit platforms

■ Supports clustering up to 8 nodes

■ 64-bit version supporting Intel Itanium platforms with up to 64 CPUs and 512 GB of
RAM Unlike the other editions of Windows Server 2003, the Datacenter Edition is always
preinstalled
Windows Server 2003, Web Edition

Represents an entirely new product in the Windows server line and is

not meant as a replacement for any previous edition. Instead, the Web
Edition is clearly aimed at Web service and hosting functions and does
not provide the complete functionality found in other Windows Server
2003 editions.

Web Edition can be made a member of an Active Directory domain, it

cannot be configured to function as a domain controller. Similarly,
Windows Server 2003, Web Edition, is not designed to act as a file or
print server; it is limited to 10 inbound server message block (SMB)
connections for the primary purpose of publishing content

■ Provides symmetric multiprocessing (SMP) support for up to 2CPUs

■ Supports a maximum of 2 gigabytes (GB) of RAM

It is not positioned as a file, print, or application server, client access

licenses (CALs) do not apply to Web Edition.
Windows Server 2003 Hardware Requirements
As with previous versions of Windows, Microsoft publishes both absolute minimum and
recommended minimum hardware specifications for the various Windows Server 2003
editions.
Summary

■ The Windows Server 2003 family consists of four different editions—

Standard Edition, Enterprise Edition, Datacenter Edition, and Web Edition.
Each edition has different hardware, service, and application support
capabilities to meet different business requirements.

■ Windows Server 2003 supports upgrades from both Windows 2000 Server
and Windows NT Server 4.0 editions. For upgrades from Windows NT 4.0,
Service Pack 5 or later must be installed or the upgrade will not be possible.

■ The Hardware Compatibility List (HCL) provides a list of hardware that has
been tested and is known to work with editions of Windows Server 2003. All
hardware installed in a server should be on this list to ensure maximum
compatibility and, ultimately, availability.
at http://www.microsoft.com/whdc/hcl/default.mspx.
■ The Microsoft Windows Upgrade Advisor is a diagnostic tool that should be
run on a server prior to installing Windows Server 2003. The tool provides
information relating to any hardware or software compatibility issues that
might exist.
<cdrom>:\i386\winnt32 /checkupgradeonly
New Features in Windows Server 2003

Enhanced Administration Features

The tool now provides the ability to select multiple objects simultaneously, and drag
and drop them to a new location such as a different container or organizational unit
(OU). By the same token, the common properties of multiple objects can also be
changed at once—

Active Directory Users And Computers now includes a new node named Saved
Queries
New Security Enhancements

Microsoft has ensured that the Windows Server 2003 platform is a step toward this
vision. Some ways in which Windows Server 2003 works toward providing better
security

Internet Information Services

This ensures that IIS is installed only on systems that actually require it and does not
unintentionally present a security risk on systems where it is not explicitly being used.

This approach helps to ensure that the upgrade does not present any initial security
risks, giving an administrator

features such as FrontPage Server Extensions, Active Server Pages, ASP.NET, the
Indexing Service, server-side includes (SSI), and Web Distributed Authoring and
Versioning (WebDAV) are disabled by default and must be individually enabled as
required.

Software Update Services

Microsoft has introduced a new free tool known as Software Update Services (SUS).
This server-based software is used to distribute security patches and critical updates in
environments that include Windows 2000, Windows XP, and Windows Server 2003
systems.
New Administrative Tools and Utilities

Group Policy Tools

Server Management Tools

Command-Line Tools

Automated System Recovery

Shadow Copies of Shared Folders

Summary

■ Windows Server 2003 provides a number of enhancements to

existing administrative tools, including drag-and-drop and
multiselect in Active Directory Users And Computers.

■ New security features in Windows Server 2003 include

changes to the default settings of Internet Information Services,
which is not installed by default. The Microsoft Software Update
Service (SUS) makes managing network security easier by
allowing an administrator to test and then automatically deploy
critical software updates and security patches to network clients.

■ Windows Server 2003 includes a variety of new administrative

tools and command-line utilities. Tools such as the Group Policy
Management Console and Resultant Set of Policy make it easier
to effectively manage, plan, and troubleshoot Group Policy
settings. New command-line utilities such as Dsadd.exe make it
possible to automate repetitive tasks and make it easy to
manage servers remotely, especially over slow connections.
■ Active Directory is the directory service of Windows Server 2003. A
directory stores information about network objects such as domains, OUs,
users, computers, and groups in a hierarchical manner. A directory service
makes this data available to network users and services.

Windows Server 2003 Active Directory consists of both logical and physical
components. The logical components of Active Directory include domains,
trees, forests, and organizational units. The physical components of Active
Directory include sites and domain controllers.

■ When planning an Active Directory implementation, companies need to

consider the domain structure to be used, how OUs will be organized, how
sites will be defined, and more. The needs of specific companies will
dictate the design.

■ Windows Server 2003 introduces a new feature known as universal

group membership caching, which provides greater flexibility in the
deployment of global catalog servers. While universal group membership
caching does not handle the same functions as a global catalog server, it
can make user logon faster and reduce replication across WAN links in
sites where deploying a global catalog server might not be feasible.
Key Terms
Global catalog server A domain controller that stores a read-only copy of
all Active Directory objects within a forest. Global catalog servers are used
to respond to directory-wide queries, authenticate users when a UPN is
used during logon, and hold universal group membership information.

Universal group membership caching A new feature in Windows Server

2003 that allows a domain controller to cache universal group membership
information, thus reducing the need for a global catalog server to be
contacted during the user authentication process.

Software Update Services A free server service used to centrally manage

and deploy security patches and critical updates to Windows 2000,
Windows XP, and Windows Server 2003 systems.

Automated System Recovery A new Windows Server 2003 service

designed to automate the restoration of the operating system and
configured settings in the event of a server failure. Automated System
Recovery does not restore user data as part of the process.

Functional level The level to which a Windows Server 2003 domain or forest
is con-figured based on whether Windows 2000 or Windows NT 4.0 domain
controllers are still in use. The functional level of a domain or forest affects the
ability to use certain new Active Directory features in Windows Server 2003.
basic input/output system (BIOS) On PC-compatible computers, the set of
essential software routines that test hardware at startup, start the operating system,
and support the transfer of data among hardware devices. The BIOS is stored in
read-only memory (ROM) so that it can be executed when the computer is turned on.

catalog An index of files in a backup set.

domain In Active Directory, a collection of computer, user, and group objects defined
by the administrator. These objects share a common directory database, security
policies, and security relationships with other domains. In DNS, a domain is any tree
or subtree within the DNS namespace. Although the names for DNS domains often
correspond to Active Directory domains, DNS domains should not be confused with
Active Directory domains.
certification authority (CA) An entity responsible for establishing and vouching for
the authenticity of public keys belonging to subjects (usually users or computers) or
other certification authorities. Activities of a CA can include binding public keys to
distinguished names through signed certificates, managing certificate serial
numbers, and handling certificate revocation.

common name (CN) The primary name of an object in a Lightweight Directory

Access Protocol (LDAP) directory, such as Active Directory. The CN must be unique
within the container or organizational unit (OU) in which the object exists.

Component Object Model (COM) An object-based programming model designed

to promote software interoperability; it allows two or more applications or
components to easily cooperate with one another, even if they were written by
different vendors, at different times, in different programming languages, or if they
are running on different computers running different operating systems.

Denial of Service (DoS) attack An attack in which an intruder exploits a weakness

or a design limitation of a network service to overload or halt the service so that the
service is not available for use.
DHCP service A service that enables a computer to function as a DHCP server and
configure DHCP-enabled clients on a network. DHCP runs on a server, enabling the
automatic, centralized management of IP addresses and other TCP/IP configuration
settings for network clients.

distinguished name (DN) A name that uniquely identified an object by using the relative
distinguished name for the object, plus the names of container objects and domains that
contain the object. The distinguished name identifies the object as well as its location in
a tree. Every object in Active Directory has a distinguished name. A typical distinguished
name might be: CN=MyName,CN=Users,DC=microsoft,DC=com. This identifies the
MyName user object in the microsoft.com domain.

Distributed File System (DFS) A service that allows system administrators to organize
distributed network shares into a logical namespace, enabling users to access files
without specifying their physical location and providing load sharing across network
shares.

dynamic-link library (DLL) A program module that contains executable code and data
that can be used by various programs. A program uses the DLL only when the program
is active, and the DLL is unloaded when the program closes.
File Transfer Protocol (FTP) An application layer TCP/IP protocol designed to per-form
file transfers and basic file management tasks on remote computers. FTP is a mainstay
of Internet communications. FTP is unique among TCP/IP protocols in that it uses two
simultaneous TCP connections. One, a control connection, remains open during the
entire life of the session between the FTP client and the FTP server. When the client
initiates a file transfer, a second connection is opened between the two computers to
carry the transferred data. This connection closes when the data transfer concludes.

flexible single master operations (FSMO) Active Directory operations that are not
permitted to occur at different places in the network at the same time.

File Replication Service (FRS) The service responsible for ensuring consistency of the
SYSVOL folder on domain controllers. FRS will replicate, or copy, any changes made to
a domain controller’s SYSVOL to all other domain controllers. FRS can also be used to
replicate folders in a Distributed File System (DFS).

fully qualified domain name (FQDN) An unambiguous DNS domain name that
indicates its location in the domain namespace with absolute certainty. Fully qualified
domain names differ from relative names in that they can be stated with a trailing period
(.)—for example, host.example.microsoft.com.—to qualify their position in relation to the
root of the name space.
globally unique identifier (GUID) A 128-bit number that is guaranteed to be unique.
GUIDs are assigned to objects when the objects are created. The GUID never changes,
even if you move or rename the object. Applications can store the GUID of an object and
use the GUID to retrieve that object regardless of its current distinguished name.

Group Policy Object (GPO) A collection of Group Policy settings. GPOs are essentially
the documents created by the Group Policy snap-in. GPOs are stored at the domain
level and affect users and computers contained in sites, domains, and organizational
units. In addition, each computer running Microsoft Windows Server 2003 has exactly
one group of settings stored locally, called the local GPO.

Group Policy The component within Active Directory that enables directory-based
change and configuration management of user and computer settings, including security
and user data. You use Group Policy to define configurations for groups of users and
computers. With Group Policy, you can specify policy settings for registry-based policies,
security, software installation, scripts, folder redirection, remote installation services, and
Internet Explorer maintenance.

Internet Information Services (IIS) Software services that support Web site creation,
configuration, and management, along with other Internet functions. Microsoft Internet
Information Services include Network News Transfer Protocol (NNTP), File Transfer
Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).
Lightweight Directory Access Protocol (LDAP) The primary access protocol for
Active Directory. LDAP version 3 is defined by a set of Proposed Standard documents in
Internet Engineering Task Force (IETF) RFC 2251.

master boot record (MBR) The first sector on a hard disk where the computer gets its
startup information. The MBR contains the partition table for the computer and a small
program called the master boot code.

master file table (MFT) A special system file on an NTFS volume that consists of a
database describing every file and subdirectory on the volume.

Message Digest 5 (MD5) A 128-bit hashing scheme developed by RSA Security Inc.
and used by various Point-to-Point (PPP) vendors for encrypted authentication.

Network Address Translation (NAT) A technology that enables a local-area net-work

(LAN) to use one set of Internet Protocol (IP) addresses for internal traffic and a second
set of addresses for external traffic.

Network Basic Input Output System (NetBIOS) An application programming interface

(API) that can be used by programs on a LAN. NetBIOS provides pro-grams with a
uniform set of commands for requesting the lower-level services required to manage
names, conduct sessions, and send datagrams between nodes on a network.
organizational unit (OU) An Active Directory container object used within a domain. An
OU is a logical container into which you can place users, groups, computers, and other
OUs. It can contain objects only from its parent domain. An OU is the smallest scope to
which you can apply a Group Policy or delegate authority.

primary domain controller (PDC) In a Windows NT domain, the server that

authenticates domain logons and maintains the security policy and master data-base for
a domain. In a Windows 2000 or Windows Server 2003 domain, running in mixed mode,
one of the domain controllers in each domain is identified as the PDC emulator master
for compatibility with down-level clients and servers.

Remote Access Server (RAS) Any computer running Microsoft Windows Server 2003
that is configured to accept remote access connections.

Security Accounts Manager (SAM) A Windows service used during the logon process.
SAM maintains user account information, including the list of groups to which a user
belongs.

security identifier (SID) A unique number that identifies a user, group, or computer
account. Every account on the network is issued a unique SID when the account is first
created. Internal processes in Windows refer to an account’s SID rather than the
account’s user or group name.
Simple Network Management Protocol (SNMP) A network protocol
used to man-age TCP/IP networks. In Windows, the SNMP service is
used to provide status information about a host on a TCP/IP network.

Windows Internet Name Service (WINS) A service supplied with

Microsoft Windows server operating systems that registers the
Network Basic Input/Output System (NetBIOS) names and Internet
Protocol (IP) addresses of the computers on a local area network
(LAN) and resolves NetBIOS names into IP addresses for its clients as
needed.