Windows 2003 Server worth switching to

It’s been a few months since Windows 2003 Serverwent active in the real world. Before its release, those of us in the consultancy field were part of the ubiquitous moaning about the additional workload and learning curve — something we do every time a new Redmond OS comes along. But the past few months have given us ample time to complete several real-world installations at client sites, as well as get a decent snapshot of life managing the new Windows. On the whole, I’m becoming a convert.

The question, “Is it worth the upgrade?” really doesn’t apply. Windows 2003 boils down to a better overall OS than Windows 2000, so for fresh installations it’s a no-brainer. For those looking to upgrade from Windows 2000, I’ve yet to run into a client who makes that decision based on functionality and not based on cost vs. ROI. For our part, clients with 3-year-old Windows 2000 servers are looking to upgrade next year, and the OS will certainly be Windows Server 2003. Those who bought new Windows 2000 servers last year won’t be upgrading for at least two more years, regardless of added functionality in the new operating system.

From our perspective, Windows 2003 Server has enough new management features to make upgrading as well as surmounting the learning curve worthwhile endeavors. For network managers, Windows 2003 Server offers several new benefits that have truly impacted my daily life. One key feature is its capability of offering a more granular permission system for network management. This is always a headache during network design with an existing IT department.

Prior to Windows 2003, you could assign management permissions to groups such as Local Administrators or Server Operators, but the level of these permissions was pretty much static. This meant even junior system administrators had to have the same rights as senior administrators or they were effectively helpless. Combined with Windows XP, Windows 2003 Server now has a new group called Network Configuration Operators. These guys can perform most daily “fireman”-type tasks, such as changing local or remote network properties, disabling or enabling network connections, and renewing or altering DHCP settings. Even better, these are only default abilities. The Network Configuration Operators group and its abilities are still governed by group policy settings, so you can configure this group to give them exactly the tools you want them to have. Administrators get what they need, CIOs keep control.

And although it took a little while to find them, I’m also happy with Windows 2003’s improved network troubleshooting tools. The IP Security Monitor, for example, now has a GUI interface with which to manage IPSec policies and associations. There’s a command line utility, called iasparse.exe, that parses logs gleaned from IAS and RAS, then converts them into a fairly neat format. You can print these, but they’re more useful simply as handy reference materials. Dhcploc.exe is a cool utility designed to find unauthorized DHCP servers anywhere on the network, useful when some yahoo decides to plug a Linksys access point/router into his office wall.

Some of the tools with which we’re already familiar have additional functionality under 2003. NetStat, for instance, now has an –o switch. This provides an ID of each process using the port as well as providing port numbers and relevant protocol information. What’s neat here is that you can easily cross-reference the NetStat port information with which executables are running by looking at Task Manager. Similarly, updated versions of NetDiag, DCDiag and RepAdmin all provide more detailed information than they did under Windows 2000.

Before living with Windows 2003 Server, we regarded it mostly as an unavoidable evil — like taxes or hearing John Tesh CDs during the holidays. But since we’ve gotten to know the OS a little better in the wild, we’ve warmed up to it considerably. For those who are waffling about whether to upgrade now or later, we’ve begun pushing our clients for now. The tools above are one reason, but Microsoft’s determination to leverage the platform with new back-end products is another. Better to migrate now and build on top of stable platforms later than run the gamut all at once. Plus, it really is a pretty sweet platform.