A. Like Windows XP SP2, Windows 2003 SP1 is effectively a security release; most of the core OS files have been built with better memory protection to help minimize exposure to exploits, which is why the service pack download is so large (340MB; 406MB after it's extracted). In addition to the rebuilt core OS files, the service pack contains several other new security-related features:
- Windows Firewall is now included and is enabled by default for new installations. It's not enabled by default when you apply SP1 to an existing Windows 2003 installation or when you upgrade a Windows 2000 system to Windows 2003 with SP1 slipstreamed into it. During the slipstreamed installation of Windows 2003 with SP1, a stateful filtering process protects the system during the actual OS installation. SP1 provides command-line support for the firewall.
- With new installations or upgrades from Windows NT 4.0 (but not from Windows 2003 without SP1 or Windows 2000), the first time an Administrator logs on, the Post-Setup Security Updates (PSSU) dialog box appears, prompting the administrator to apply the most recent security updates from Windows Update, as the figure shows. Until the administrator applies the security updates, the firewall remains enabled. The intent of PSSU is to secure the server as soon as possible after the upgrade to SP1.
- Microsoft Internet Explorer (IE) enhancements include a centralized information bar to alert users of conditions they might want to act on and a pop-up blocker.
- Security Configuration Wizard (SCW), which isn't installed by default (because it's a new component), although its help file is installed by default. SCW helps you lock down your server through a combination of policy, IP Security (IPSec), firewall, auditing, Microsoft IIS, and registry permissions.
- Network Access Quarantine Control components (rqs.exe and rqc.exe) are now included as part of the core OS.
- SP1 includes Windows Media Player (WMP) 10.