Microsoft has released to manufacturing the security-focused update for its two-year-old Windows Server 2003 that will make it easier for companies to lock down their servers.

First announced by Microsoft CEO Steve Ballmer in late 2003, and originally slated for delivery in the second half of 2004,Windows Server 2003 Service Pack 1 became available for download on Wednesday from Microsoft's Web site, said Samm DiStasio, director of product management for Microsoft, who confirmed its imminent release earlier this month for CRN. Windows Server 2003 SP1 Is Almost Ready, Are ISVs?

Windows Server 2003 SP 1, the server complement to Windows XP SP 2, offers a new Security Configuration Wizard to help administrators and partners lock down servers more easily out of the box and based on the specific role of the server. The wizard can be used to configure the included Windows Firewall, which is turned off by default.

"We've issued tons of guidance on how to lock down the server but we wanted it hardened in the code and have a step through discovery process for tuning it depending on the role of the server," DiStasio said. "We're taking roles based lockdown to a new level so you can lock down for a web server that if is only being used for Web publishing you can lock down select ports and services and registries to get the exact lockdown you want."

Moreover, changes made to the remote procedure call (RPC) interfaces, the same hardening performed in Windows XP SP2, will reduce the attack surface to the server.

Microsoft also imposed DCOM restrictions to address other server exposure. Both measures will significantly reduce the chance of bugs, viruses and hackers from gaining entrance, Microsoft said.

The key benefits include the security configuration wizard, better RPC Security to prevent attacks and DCOM Security to prevent application viruses, said Rand Morimoto, CEO of Convergent Computing an Oakland, Calif.-based Microsoft Gold partner that has beta tested SP 1 for months.