Commentary: How Windows Server 2003 rates

Windows Server 2003 fills a lot of gaps left by Windows 2000 Server, and it usually works well. But Microsoft hasn't fixed everything--and Larry Seltzer thinks some things may never be fixed.

commentary In any large software project the end result comes up many features short of the wish list. If you're lucky the product catches up to the wish list by the next version, and that is what seems to be the case with Windows 2000 Server and Windows Server 2003.

As good a product as Windows 2000 Server is, Windows Server 2003 fills a lot of gaps left by Windows 2000 Server and fixes some mistakes, and it usually works well. But Microsoft hasn't fixed everything that's wrong with Windows 2000, and it's beginning to look as if some things may never be fixed.

There are a few significant improvements. Clusters, for example, are much easier to administer. IIS6 seems like a complete rewrite and should, in theory, be more resistant to attack and to ill-behaved software. There's also the new version of the server OS, the Web Edition, which appears to be aimed at appliances, since it will only be available through OEMs. But it's the hundreds of little things that I really like. I call them little things, but for an administrator who works with them every day they can be important.

The first thing you notice is the change in the Start menu and desktop. As with Windows XP, the Start menu is bigger and more complicated and the desktop is Spartan. But the Start menu is better than XP's. In fact, its layout looks so much like what I do to my desktops that I thought my user profile had somehow been loaded on the system. Reversing the profoundly stupid decision in Windows 2000 to bury Windows Explorer and the command prompt two menu levels down, they are prominent on the Start Menu in Windows Server 2003.

Also prominent is the new, vastly improved "manage your server" applet. The Windows 2000 version ("configure your server") was a famously annoying and useless wizard that helped you run tools that could be run more conveniently in other ways. The new version is a pleasure to use and makes it simple to set up a server for a particular role (file server, terminal server, media server, etc.) and manage it for that purpose. (Unfortunately, it's targeted at small- and medium-sized businesses, not enterprises.)

And Microsoft has continued to improve my favorite feature, Terminal Services, which has reverted back to its more natural NT4-era name, Terminal Server. Instead of the Windows 2000-style, two-user Administrator mode, Windows Server 2003 adds Windows XP-style remote access to the console session, but for two users.

Active Directory is both more powerful and more complicated in Windows Server 2003. There are almost 800 new group policies, which made it essential for Microsoft to improve the administrative tools. The new Resultant Set of Policies (RSoP) tool would have been useful without the new policies, which is why FullArmor has been shipping it for Windows 2000 Server for years as part of its Fazam package. RSoP lets you simulate changes to group policies and see the impact without actually committing the policy changes to the directory.

This and other capabilities are built into the new Group Policy Management Console, which is supposed to be a consolidated management tool for group policies. The GPMC is currently in beta 2 and behind the general Windows Server 2003 schedule, but is expected to be available when Windows Server 2003 ships. It's a free download and you can currently download beta 2 from the link above.

You don't need Windows Server 2003, let alone a Windows Server 2003 domain, to use the tool. It seems to work well enough on my own Windows 2000 domain. If you use it on a Windows Server 2003 domain you can take advantage of RSoP (called Group Policy Modeling in the GPMC) and of WMI filters (queries that are evaluated to be either true or false against the WMI repository of the target computer). But on Windows 2000 Server you can still do lots of handy things like back up and restore group policy objects (GPOs), and even restore them elsewhere in the forest.

Perhaps the most famous limitation in Active Directory remains unaddressed in Windows Server 2003. Group policies may only be applied to organizational units (OUs), and OUs can contain computers or users, but no groups. But GPOs are frequently used to apply what are essentially security policies (e.g., preventing users from installing software) which you would want to manage on a group-by-group basis. It leads to some convoluted organization and extra work. For instance, Microsoft actually recommends that if you want to apply a GPO to a group, just enumerate all the group members in an OU, which means you'd be creating a separate copy of the group to track.

This problem has been well known since the Windows NT5 betas back in 1998. I can only assume there's a good reason for it, although I haven't yet heard what it is. Novell's eDirectory, the obvious competition back when Active Directory was designed, doesn't have this limitation.

Some of the more advanced improvements in Windows Server 2003 Active Directory (for instance, cross-forest trusts and the ability to rename domains) require a pure Windows Server 2003 domain as opposed to one in "mixed mode" along with Windows 2000 domain controllers. I don't expect a whole lot of enterprises (except Microsoft's in-house IT) to be running pure Windows .Net domains anytime soon, so these capabilities will elude most of us for a while.

But in the big picture, Windows Server 2003 seems a lot like "Windows 2000.5." Most of what Microsoft lists as the "Top 10 benefits of Windows Server 2003" could be as easily said about Windows 2000. The little things don't make good marketing, even if they do make a better product.

Is Windows Server 2003 missing any features on your Windows wish list? TalkBack below or e-mail us with your thoughts.