The service pack offers security improvements, including Security Configuration Wizard (SCW), which provides a role-based guide for administrators on how to reduce the risk of attacks.
"With SCW you can disable unused services easily and quick- ly, block unnecessary ports, modify registry values, and configure audit settings," said Microsoft.
Another security tool, VPN Quarantine, is designed to limit network access for machines on virtual private networks that do not have security updates. Microsoft has also improved monitoring in Internet Information Server, its web server software that runs on Windows 2003.
The functions enable administrators to monitor and audit Internet Information Services (IIS) configuration settings using an XML-based, hierarchical store of configuration information for IIS 6.0. This allows network administrators to see which user accessed the metabase in case it becomes corrupted, Microsoft said.
Post-Setup Security Updates is another improvement designed to block incoming traffic to newly installed servers until the latest patches to Windows Server 2003 are applied.
Graham Titterington, principal analyst at Ovum, said VPN Quarantine would give users a better way to secure their networks. "People did not have a technique to quarantine a network," he said. "It would have been a manual process." With VPN a device can be prevented from accessing certain parts of the network until it has been fully patched.