Windows Server 2003 & Windows XP x64 Service Pack 2

Technical Overview

Windows Server 2003 Service Pack 2 (SP2) delivers on Microsoft’s Trustworthy Computing initiative and illustrates Microsoft’s commitment to continually create software products with enhanced security, increased reliability, and simplified administration. Windows Server 2003 SP2 builds upon the impressive track record of the award-winning Windows Server 2003 operating system by introducing numerous refinements in addition to supplying cumulative system updates. Deploying SP2 will help enterprises across all industries and segments enhance security, increase reliability, and simplify administration through guided attack surface reduction.

On This Page

	Service Pack Overview
	Service Pack Primer
	Technical Overview
	Installing Windows Server 2003 Service Pack 2 Standalone Version
	Summary
	Related Links

Service Pack Overview

Microsoft is committed to creating software solutions that enhance the security, reliability, and productivity of enterprise IT resources. In today’s business environment, IT security is paramount—businesses and consumers share an increasing amount of sensitive data and rely upon the communication of data for work and business. While robust IT security is intrinsically valuable, a well-secured infrastructure can also improve server reliability to meet the ever increasing demands of commerce and industry. Furthernore, the reliability improvements resulting from a properly secured infrastructure adds to administrator productivity. Windows Server 2003 SP2 is a collection of updates and security enhancements to the Windows Server 2003 operating system that meets all three of these needs by addressing the primary challenge in ongoing customer security: update management.

Windows Server 2003 Service Pack 2 is available either as a standalone update for installation on an existing server running Windows Server 2003 or as an integrated installation with the operating system. The integrated version of Windows Server 2003 SP2 ships with two CDs; one containing Windows Server 2003 with SP1 integrated, and the other containing the Windows Server 2003 Release 2 components. The standalone Service Pack 2 update is available as a download on Microsoft Download Center and Windows Update. Alternatively, the standalone update may be ordered on CD.

For information about how to upgrade your specific server operating system to SP2, refer to the Supported Scenarios table.

SP2 contains the latest collection of updates to help improve the security, reliability, and performance of the following operating systems:

• Windows Server 2003 All Editions (32-bit x86)

• Windows Server 2003 Itanium-based Editions

• Windows Server 2003 x64 Editions

• Windows Server 2003 R2 Editions

• Windows Server 2003 Storage Server R2 Edition

• Windows Server 2003 Compute Cluster Edition

• Windows Server 2003 for Small Business Servers R2 Edition

• Windows XP Professional x64 Edition

Note
Windows Server 2003 Service Pack 2 supersedes Windows Server 2003 R2 (based on SP1) and should be installed on all to achieve the greatest levels of security and functionality. Windows Server 2003 R2 provides additional server functionality for simplified branch server management, improved identity and access management, and reduced storage management costs.

Service Pack Primer

As part of the effort to continually improve Microsoft software, updates and fixes are created and released for recognized issues. To simplify server deployment, many of these fixes are combined into a single package, called a service pack, which is made available for installation. Service packs are cumulative, meaning that each new service pack contains all the fixes that are included with previous service packs and any new fixes.

Traditionally, service packs are simply a means of distributing product updates. While they deliver incremental feature additions, they typically contain updates to improve system reliability, security, stability and program compatibility. In line with this definition, Windows Server 2003 Service Pack 2 includes updates for improving customer experience with the product while containing a minimal set of value-added features to increase system performance and improve functionality.

What Is in Service Pack 2?

Service Pack 2 provides convenient, comprehensive access to the latest updates, enhancements, and new features for Windows Server 2003. Each of these components allows customers to better leverage the enhanced security, reliability, and performance of Windows Server 2003.

Updates

Update management is one of the great challenges of computer security. Despite the challenges of update management, updates will continue to play a vital role in securing enterprise IT until security technology can anticipate every attack strategy and compensate for every vulnerability. Frequent updating is key to keeping up with security problems as they are discovered. By cumulatively bundling these updates together in Service Pack 2, Microsoft provides customers with the latest protection for Windows Server 2003.

In addition to the all previously released Security Bulletin Updates, Service Pack 2 installs all individual hotfixes released since Windows Server 2003 RTM and several key customer requested features and enhancements.

New Features:

• Scalable Networking Pack (SNP)

• XMLLite

Enhancements to Existing Features

The enhancements to Windows Server 2003 Service Pack 2 include:

• Windows Deployment Services (WDS)

• Enabling ‘Firewall Per Port’ Authentication

• Microsoft Management Console 3.0 (MMC 3.0)

• Wireless Protected Access 2 (WPA2)

• iCACLS tool

• Expanded Windows Server 2003 Datacenter SKUs

• Release of MUI Packs to insure greater compatibility between base and MUI language

• Performance Improvements for SQL Servers

• Enhanced discoverability options in MSConfig

• Improved IPsec filter management

• Performance Improvements under Windows Virtualization

• Increased default storage for Message Queuing

• Improvements to DCDIAG Domain Name Service tests

• New Events for Cluster Service Accounts

Each of these key updates, enhancements, and new features provided with Windows Server 2003 SP2 will be covered in greater detail in the following sections.

In addition, Windows Server 2003 Service Pack 2 supports 9 new localized languages for the Windows Server 2003 x64 SKUs.

Why Should Organizations Deploy Service Pack 2?

Service Pack 2 is a no-cost means for enterprises to enhance Windows Server 2003. Service Pack 2 addresses known vulnerabilities in Windows Server 2003 and adds to its capabilities to meet the complementary features to enhance its security, reliability, and performance. While Windows Server 2003 Service Pack 1 introduced some major changes requiring significant application testing and introduced a few compatibility issues, Service Pack 2 is considered a standard Microsoft Service Pack that aims to introduce minimal feature/functionality changes to the system while improving the overall experience of the user with Windows Server 2003 OS.

This service pack contains all previously released Security Bulletin Updates, installs all individual hotfixes released since Windows Server 2003 RTM, and provides fixes to increase reliability, robustness, and security. Service Pack 2 also contains several key customer requested features.

Windows Server 2003 Service Pack 2 is especially important for organizations planning on testing and deploying Windows Vista and Windows Server “Longhorn.” SP2 contains important enhancements to support the deployment and management of Windows Vista and Windows Server 2003 SP2.

System Requirements

In general, system requirements for Windows Server 2003 with Service Pack 2 are the same as the general Windows Server 2003 system requirements listed below.

Supported Scenarios

The Windows Server 2003 Service Pack 2 CD set contains three CDs that support most upgrade scenarios.

Windows Server 2003 Integrated with Service Pack 2

Windows Server 2003 Release 2 CD2

Windows Server 2003 Service Pack 2 Standalone Update

 

The following table lists the supported update paths to Windows Server 2003 Service Pack 2.

Base OS/SP	Migration to OS/SP
	Windows Server 2003 RTM	Windows Server 2003 SP1	Windows Server 2003 R2	Windows Server 2003 R2 SP2
Windows 2000 SP4	Windows Server 2003 RTM Upgrade	Windows Server 2003 Integrated w/SP1	Windows Server 2003 Integrated w/SP1 and
Windows Server 2003 RTM		Windows Server 2003 Service Pack 1 Standalone Update	Windows Server 2003 SP1 Update and	OR OR R2 RTM and
Windows Server 2003 SP1
Windows Server 2003 R2

 

Base OS/SP	Migration to OS/SP
	Windows XP Pro (x64) RTM	Windows XP Pro (x64) SP2
Windows XP Pro (x86)1
Windows XP Pro (x64)

1	Windows Server 2003 Service Pack 2 can also update x64 versions of Windows XP Professional. Microsoft offers a separate service pack for Windows XP x86.

Support Matrix

*Korean Fair Trade Commission Edition see knowledge base article KB923408; http://support.microsoft.com/kb/923408

Release Distribution Matrix

Technical Overview

Windows Server 2003 Service Pack 2 is a combination of security updates, functionality updates, and new features. Service Pack 2 contains all the Windows Server 2003 security bulletin updates and individual hotfixes released since the initial RTM version of the operating system. The subsequent sections explore the new features of Service Pack 2 and enhancements to existing features in greater technical detail.

New Features Included with Service Pack 2

Microsoft is taking the opportunity afforded by the release of Service Pack 2 to introduce new functionality to Windows Server 2003.

Scalable Networking Pack

Organizations have seen rapid growth of traffic on internal and external networks. The traffic growth is spurred, at least in part, by network-based business applications, network-based storage and backup solutions, and ever increasing use of rich-media, including video conferencing, audio and/or video presentations, and a spectrum of other high-value solutions.

Deployment of Fast Ethernet, Gigabit Ethernet, and multi-Gigabit Ethernet, expands available bandwidth to accommodate the growth in network traffic, but the faster the network, the greater the load on the servers that must interact with it. This provides a growing challenge to support faster networking.

Microsoft Windows Server 2003 SP2 includes the Scalable Networking Pack which helps resolve the challenge of supporting the growth of network traffic without overloading CPU resources. The Scalable Networking Pack accomplishes this by providing support for networking technologies focused on eliminating operating system bottlenecks associated with network packet processing. The enhancements included in this easy to install package are:

• TCP Chimney Offload. TCP Chimney Offload provides automated, stateful offload of Transmission Control Protocol (TCP) traffic processing to a specialized network adapter implementing a TCP Offload Engine (TOE). For long lived connections with large-sized packet payloads, like those associated with file server, backup and storage workloads and other content-heavy applications, TCP Chimney Offload greatly reduces CPU overhead by delegating network packet processing tasks, including packet segmentation and reassembly to the network adapter. By using TCP Chimney Offload, you can free up CPU cycles for other application tasks, such as supporting more users sessions or processing application requests with lower latency.

• Receive-side Scaling. Receive-side Scaling enables the processing of inbound (received) networking traffic to be shared across multiple CPUs by leveraging new network interface hardware enhancements. Receive-side Scaling can dynamically balance the inbound network traffic load as either system load, or network conditions vary. Any application that has significant inbound networking traffic and runs on a multiprocessor host, such as a Web or a file server, can benefit from Receive-side Scaling.

• NetDMA. NetDMA enables memory management efficiencies through direct memory access (DMA) offload on servers equipped with supportive technology, such as Intel’s I/O Acceleration Technology (I/OAT).

The Microsoft Windows Server 2003 Scalable Networking Pack helps IT Professionals balance the needs of their customers with the capabilities of their existing infrastructure investments. The Scalable Networking Pack enables these IT Professionals to more confidently meet internal customer demands without having to re-architect network topology, change server configurations, or make time-consuming changes to existing applications and services.

The Scalable Networking Pack gives IT Professionals flexibility in selecting the technologies that best fit their needs—and from the hardware vendors that they are already familiar with. As part of Microsoft’s Scalable Networking initiative, the Scalable Networking Pack lays the architectural foundation for future network scalability and performance innovations on Windows Server 2003, Windows Vista, and Windows Server “Longhorn.”

XmlLite

The XmlLite library allows developers to build high-performance XML-based applications, providing a high degree of interoperability with other applications that adhere to the XML 1.0 standard. The primary goals of XmlLite are ease of use, performance, and standards compliance.

XmlLite works with any Windows language that can use dynamic link libraries (DLLs), but Microsoft recommends C++. XmlLite contains all necessary support files for use with C++, but if you want to use it with other languages, some additional work may be required.

Microsoft delivers several XML parsers:

• XmlLite (native)

• MSXML (SAX2) (native)

• System.XML.XmlReader (managed)

The following Document Object Model (DOM) implementations have built-in parsers:

• MSXML (DOM)

• System.XML (XmlDocument)

XML can be used as a format for storing documents, such as Microsoft Office Word documents, and can also be used to encode data for marshalling method calls across machine boundaries (SOAP). Businesses can use XML for sending and receiving purchase orders and invoices. Web technologies can use XML to send data between the Web server and the client's Web browser. Database servers can return the data from queries in XML for further processing by other applications. Because it is such a flexible format, you can use XML in a vast variety of scenarios.

Usage scenarios can be generally divided into two categories:

• Some scenarios work with XML documents that come from external sources, and it is not known whether the XML documents are valid. In these scenarios, verification of validity is important. Typically, developers use XSD schemas or Document Type Definitions (DTDs) to verify validity. Performance may be a concern, but the overriding concern is that the application reading the XML receives a valid document. Saving and loading documents from and to a variety of applications is a usage scenario that falls in this category.

• Some software systems use XML as a data store or a means for communication. In these scenarios, the developer knows that the XML document is valid, perhaps because another part of the system (which is under the control of the same developer or organization) generated the XML. The question of document validity is not an overriding concern. One example of this approach is where the software system runs on a server farm, and XML is used to communicate between various servers and processes. Another example might be one where a relatively complicated application has to store and retrieve a large amount of information. The developer completely controls the format of the XML document.

Since XmlLite focuses on performance, it is most appropriate in the second scenario. XmlLite enables developers to write efficient (fast) code to read and write XML documents. In most scenarios, XmlLite parses faster than either the DOM in MSXML or SAX2 in MSXML.

Enhancements to Existing Windows Server 2003 Functionality

Windows Deployment Services (WDS)

Windows Server 2003 SP2 includes the updated and redesigned version of Remote Installation Services (RIS), now called Windows Deployment Services to help prepare organizations for the introduction of Windows Vista and Windows “Longhorn.” WDS provides for the storage, management, and deployment of images using the new Windows Image format, WIM.

Windows Deployment Services provides several enhancements to the RIS feature set. These changes include the following:

• Native support for Windows PE as a boot operating system

• Native support for the Windows Imaging (WIM) file format

• An extensible and better- performing PXE server component

• A new client boot menu for selecting boot operating systems

Windows Deployment Services reduces total cost of ownership (TCO) and complexity of deployments by providing an end-to-end solution to deploy Windows operating systems to bare metal computers. WDS supports mixed environments including Microsoft Windows XP and Windows Server 2003.

To help describe the level of functionality associated with the different possible configurations of Windows Deployment Services resulting from clean installs and RIS upgrades, the server operation and administration experience fall into one of three classifications, known as server modes.

The Legacy Windows Deployment Services mode is functionally equivalent to that of Remote Installation Services; it is Windows Deployment Services binaries with RIS functionality. In this mode, only OSChooser will be present as the boot operating system. Therefore, only RISETUP and RIPREP images are supported. From a manageability standpoint, the new Windows Deployment Services Management tools will not be in use; instead, legacy RIS utilities will be the only way to manage the server. Legacy Windows Deployment Services mode can only exist on Windows Server 2003.

• Boot environment = OSChooser

• Image Types: RISETUP and RIPREP

• Administration experience = RIS toolset

Windows Deployment Services Mixed-mode describes a server state where both OSChooser and Windows PE boot images are available. In this mode, access to the old image types of RISETUP and RIPREP will be possible through OSChooser. In addition, you can access the new WIM format through a Windows PE boot image (Windows Server "Longhorn" Windows PE boot image with the Windows Deployment Services client). From the client perspective, a boot menu will allow for selection into RIS or into Windows Server "Longhorn" Windows PE. From a manageability standpoint, an administrator can use legacy management tools to manage RISETUP and RIPREP images and use the new Windows Deployment Services management tools to manage all facets of the server as well as the WIM images. Windows Deployment Services Mixed mode can only exist on Windows Server 2003.

• Boot environment = OSChooser & Windows PE

• Image Types: WIM, RISETUP, and RIPREP

• Administration experience = RIS toolset and WDS MGMT

Windows Deployment Services Native mode describes a Windows Deployment Services Server with only Windows PE boot images. In this mode, OSChooser will not be present and WIM images are the only supported image type to be deployed to clients. Management of the server will occur from within the new Windows Deployment Services management utilities. Windows Deployment Services Native mode can exist on both Windows Server 2003 and Windows Server "Longhorn.” On Windows Server "Longhorn,” this is the only supported Windows Deployment Services Server mode.

• Boot environment = Windows PE

• Image Types: WIM

• Administration experience = WDS MGMT

The transition between server modes provides a clear migration path between the existing RIS functionality and the new dedicated Windows Deployment Services-only functionality that will exist in Windows Server "Longhorn.”

The move from pure RIS functionality to Windows Deployment Services in Legacy mode (Windows Deployment Services binaries but with RIS-like functionality) occurs when an existing RIS server is upgraded to Windows Deployment Services bits. From this point, use of the Windows Deployment Services management tools (such as MMC or CLI) to initialize the server will result in a transition into Windows Deployment Services Mixed mode. The switch to native mode is completed when legacy image types are converted to WIM format and the OSChooser functionality is disabled (through the /forceNative command).

Microsoft Management Console 3.0 (MMC 3.0)

Microsoft Management Console 3.0 (MMC 3.0) is a framework that unifies and simplifies day-to-day system management tasks on Windows by providing common navigation, menus, toolbars, and workflow across diverse tools. You can use MMC tools (called snap-ins) to administer networks, computers, services, applications and other system components. MMC does not perform administrative functions, but hosts a variety of Windows and non-Microsoft snap-ins that do.

Microsoft Management Console 3.0 reduces the cost of administering Windows-based applications by providing an easy-to-learn, consistent, and integrated console that hosts a variety of Windows and non-Microsoft administrative tools. For IT administrators, MMC 3.0 has better performance, reliability, and discoverability of context-sensitive actions. For developers, MMC 3.0 reduces the cost associated with developing snap-ins by requiring less code and design time to develop snap-ins.

MMC 3.0 provides a framework for writing .NET-based snap-ins for managing applications. The .NET programming model simplifies snap-in development. As such, the writing of a snap-in in MMC 3.0 requires the authoring of significantly fewer lines of code. Fewer and more structured lines of code can contribute to simplified maintenance and easier debugging of snap-ins.

The following table lists some of the improvements that make MMC 3.0 a richer development experience in comparison with its predecessor, MMC 2.0.

Wireless Protected Access 2 (WPA2)

Microsoft released the Wireless Protected Access 2 update for Windows XP Service Pack 2 in April 2005. Service Pack 2 adds this functionality mainly for use with Windows XP x64 editions. Wireless Protected Access 2 enhances the wireless client software with support for the new Wi-Fi Alliance certification for wireless security. WPA2 makes it easier to connect to secure public spaces that are equipped with wireless Internet access, known as “Wi-Fi hotspots.”

WPA2 is a product certification that is available through the Wi-Fi Alliance that certifies that wireless equipment is compatible with the IEEE 802.11i standard. The WPA2 product certification formally replaces Wired Equivalent Privacy (WEP) and the other security features of the original IEEE 802.11 standard. WPA2 certification supports the additional mandatory security features of the IEEE 802.11i standard that are not already included for products that support WPA.

The Windows Server 2003 Service Pack 2 implementation of WPA2 supports the following features of the IEEE WPA2 standard:

• WPA2 Enterprise using IEEE 802.1X authentication and WPA2 Personal using a pre-shared key (PSK).

• The Advanced Encryption Standard (AES) using the Counter Mode-Cipher Block Chaining (CBC)-Message Authentication Code (MAC) Protocol (CCMP) that provides data confidentiality, data origin authentication, and data integrity for wireless frames.

• The optional use of Pairwise Master Key (PMK) caching and opportunistic PMK caching. In PMK caching, wireless clients and wireless access points cache the results of 802.1X authentications. Therefore, access is much faster when a wireless client roams back to a wireless access point to which the client already authenticated.

• The optional use of pre-authentication. In pre-authentication, a WPA2 wireless client can perform an 802.1X authentication with other wireless access points in its range when it is still connected to its current wireless access point.

Improved version of CACLS Tool

ICACLS is an upgrade of the CACLS tool in Windows Server 2003 SP2 that you can use to reset the account control lists (ACL) on files from Recovery Console, and to back up ACLs. Unlike CACLS, ICACLS correctly propagates changes to and creation of inherited ACLs. Additional information on the uses and commands for ICACLS can be accessed by running “icacls /?” at the command prompt.

Additional Enhancements to the Existing Features

Support for New Releases

Localized Language Support

Service Pack 2 contains 9 new localized language support for Windows Server 2003 x64 SKUs. Without SP2, Windows Server 2003 only supports English and Japanese. New languages for Windows Server 2003 x64 include German, French, Korean, Chinese Traditional, Chinese Simplified, Spanish, Italian, Russian and, Portuguese (Brazilian). These language packs are not available for Windows XP Professional x64 Edition which will continue to be supported in only English and Japanese.

Expanded Windows Server 2003 Datacenter SKUs

With Windows Server 2003 Service Pack 2, three additional SKUs are available to Volume License customers. The Datacenter SKUs are:

• Windows Server 2003 R2, Datacenter Edition with SP2

• Windows Server 2003 R2, Datacenter x64 Edition with SP2

• Windows Server 2003, Datacenter Edition with SP2 for Itanium-based Systems

Installing Windows Server 2003 Service Pack 2 Standalone Version

This section provides information about the pre-installation tasks recommended before installation and a walk-through of the screens that appear during the setup of Windows Server 2003 Service Pack 2.

Note: This procedure only applies to installing the standalone version of SP2 to existing windows Server 2003 Installations. For more detailed instructions on various deployment methods, refer to the release notes on the installation CD.

Pre-installation Tasks

1. Read the release notes for SP2. Information about Service Pack 2 is available for review prior to installation. The release notes describe known issues with your version of SP2. You can find the release notes in knowledge base article 914961.

2. Check the disc space requirements. The following are the approximate storage requirements for the installation of SP2.

   	Hard Disk Space that is required if you install Windows Server 2003 SP2 from a shared folder on the network (SPCD):	Hard Disk space that is required if you install Windows Server 2003 SP2 from the Windows 2003 SP2 CD (Signed SPCD)
   Service Pack	600MB	1750MB
   Working Space	256MB	256MB
   Total Hard Disk Space Required	1200MB	2900MB

3. Back up your servers. Your backup should include all data and configuration information that is necessary for that computer to function. It is important to perform a backup of configuration information for servers, especially those that provide network infrastructure, such as Dynamic Host Configuration Protocol (DHCP). When you perform the backup, be sure to include the boot and system partitions and the System State. Another way to back up configuration information is to create a full system backup set for Automated System Recovery.

4. Disconnect UPS devices. If you have an uninterruptible power supply (UPS) connected to your target computer, disconnect the connecting serial cable before running Setup. Setup automatically attempts to detect devices connected to serial ports, and UPS equipment can cause problems with the detection process.

5. Disable your antivirus software. If you are not connected to a network or the Internet and you want to minimize the installation time, you can disable your antivirus software. Be sure to enable the antivirus software after you install SP2.

6. Uninstall any pre-release or beta versions of Windows Server 2003 SP2.

7. Close all open programs.

Installation

The Software Update Installation Wizard for Windows Server 2003 Service Pack 2 guides customers through the installation process using familiar, easy-to-follow steps. The following images show this installation process as it appears to users.

After accepting the license agreement, setup creates a backup of system files so you can uninstall the service pack if necessary.

Software Update Installation Wizard displays its progress through the installation process. At this stage the installation wizard inspects the server configuration and installs files. Restart is required upon completion of installation. The installation wizard completes by giving customers the option to restart their computer later, if needed.

Summary

Windows Server 2003 Service Pack 2 is a deliverable on Microsoft’s Trustworthy Computing initiative for the Windows Server 2003 operating system. SP2 illustrates Microsoft’s commitment to continually creating software products with enhanced security, increased reliability and simplified administration. Service Pack 2 delivers the cumulative system updates in one simple package and it introduces numerous refinements and new functionality including the Microsoft Management Console 3.0, Windows Deployment Services, and Wireless Protected Access 2. Customers performing new installations and those with existing deployments of Windows Server 2003 will benefit from these new features.

Related Links

See the following resources for further information:

Supporting information also can be found for:

• Microsoft .NET at http://www.microsoft.com/net

• Windows XP Professional Operating System at http://www.microsoft.com/windowsxp/pro

• Microsoft .NET Enterprise Servers at http://www.microsoft.com/servers

• MSDN at http://www.microsoft.com/msdn

• TechNet at www.microsoft.com/technet

For the latest information about Windows Server 2003, see the Windows Server 2003 Web site at http://www.microsoft.com/windowsserver2003. Among the resources on the site are numerous technical articles describing technologies and features in Windows Server 2003. Link directly to the Technical Overviews page at http://www.microsoft.com/windowsserver2003/techinfo/overview.