In setting up my development system, I noted a huge change in the default security setup for Internet Information Server (IIS) 6.0: It is now appropriately paranoid. For starters, IIS 6.0 is not installed during the initial configuration, because this would leave unnecessary listening ports running on the system if IIS were not required for a particular application. Microsoft has adopted a long-honored firewall-programming strategy--that which is not specifically allowed is denied--which is a complete about-face from the lax default security settings in IIS 5.0.
Using Windows Server 2003's Manage Your Server wizard, I installed and then removed Active Directory, DNS, POP3, and SMTP several times from my development system. Such moves would have been a kiss of death for NT 4.0, with its option-pack approach. Windows 2000 would have fared better than NT 4.0, but it would have required a manual, potentially error-prone process. When my shakeup was complete, Server 2003 was running perfectly. I left it running as my primary Web server, and six months later the event logs are still clean and the system has not had to be rebooted.
I installed two more machines so I could test specific productivity features. They too continue to run beautifully, despite my best attempts to do them in with ADSI (Active Directory Service Interfaces), the new Group Policy Management Console, and several of the new scripting tools. Speaking as an occasional Microsoft critic, I am duly impressed.
AD Improvements
The largest single consideration in migrating to Windows Server 2003 is the cost of going to Active Directory. Do the improvements in AD save money and make the migration easier? Not exactly: The changes are only marginal. The single greatest hurdle to adopting AD is the tremendous amount of training required for the technical staff. This being the case, I don't see a significant change in the cost of retraining the IT staff--even if Server 2003 provides better migration tools.