Windows Deployment Services – is an updated and redesigned version of Remote Installation Services (RIS). WDS will be required to support the deployment of Windows Vista. WDS offers this functionality along with improved security surrounding image store, delegation of administration and better management story.
MMC 3.0 – supports richer functionality in snap-ins designed for the MMC 3.0 infrastructure. In addition it allows users to add or remove snap-ins and provides improved error handling via the MMC console. Microsoft Management Console 3.0 replaces its predecessor (v2.1) for Windows Server 2003 customers. This feature is installed by default upon Service Pack 2 installation. 
Wi-Fi Protected Access 2 (WPA2) – enhances the wireless client software with support for the new Wi-Fi Alliance certification for wireless security. The update also makes it easier to connect to secure public spaces that are equipped with wireless Internet access. These locations are otherwise known as “Wi-Fi hotspots”. This feature is enabled by default upon Service Pack 2 installation.
Scalable Networking Pack – supports new hardware that allows TCP offloading capability (aka TOE) to the OS. These changes will scale Windows networking to multi-gigabit link rates and across multiple CPUs. This feature is turned OFF by default and can be enabled only when the specific hardware is present.
Enabling ‘Firewall per port’ Authentication – secures traffic between the Extranet environment and internal assets that are protected via IPsec domain isolation. This feature is enabled by default upon Service Pack 2 installation. 
Performance improvements for SQL Server – under intensive workloads . These improvements are installed by default upon Service Pack 2 installation.
Enhanced discoverability options in MSConfig – now contains an additional tab which provide a single launching point for common support tools that will ease the discoverability of common diagnostic functionality This improvement is turned on by default upon Service Pack 2 installation.
Improved IPSEC Filter Management – reduces the filter set that needs to be managed in a Server and Domain Isolation using IPSEC scenario from ~400 filters to just 2 filters. It also removes the need for ongoing filter maintenance due to infrastructure changes. This performance improvement is turned on by default upon Service Pack 2 installation.
Performance improvements under Windows Virtualization – improves the performance under high APIC access rate for Windows Server 2003 running as a multiprocessor guest operating system under Windows Virtualization. 
Clustering – a new event log event has been created to address certain situations in which the Cluster Service Account becomes excessively restricted by domain policy. The new event ID is 1239. The event text includes troubleshooting information. You can also refer to article 871236 in the Microsoft Knowledge Base ( for further information.

Data Access Components – XmlLite is new with Windows Server 2003 SP2. XmlLite is a fast, low-level, native XML parser with a small memory footprint.  For more information, including the Programmer’s Guide and API reference, see the MSDN Web site (

Distributed Systems – new options have been added to the Dcdiag.exe Domain Name Service (DNS) tests. These new options are /x and /xsl:xslfile.xsl or /xsl:xsltfile.xslt.  They generate XML tags when the tests are run with the /test:dns option. You can use this new output mechanism to more easily parse the verbose log that the DNS tests generate.

To direct the XML output file to XMLLog.xml, use the /x option. For example:

dcdiag /test:dns /v /e /x:XMLLog.xml

Note: The /x: option only works with the /test:dns option.

To add the processing instructions that reference the specified style sheet, use the /xsl:xslfile.xsl or /xsl:xsltfile.xslt option. For example:

dcdiag /test:dns /v /e /x:XMLLog.xml; /xsl:xslfile.xsl

dcdiag /test:dns /v /e /x:XMLLog.xml; /xsl:xsltfile.xslt

Note: The /xsl:xslfile.xsl or /xsl:xsltfile.xslt option only works with the /test:dns /x:XMLLog.xml option.

File Systems – Icacls.exe is an upgrade of the Cacls.exe tool in Windows Server 2003 SP2, and can be used to reset the account control lists (ACL) on files from Recovery Console, and to back up ACLs. Also, unlike Cacls.exe, Icacles.exe correctly propagates changes to and creation of inherited ACLs.

Microsoft Message Queuing – The default storage limit for message queuing has been changed to 1 gigabyte (GB). If you choose to have a storage limit of more than 1 GB, you can change the storage limit setting in Microsoft Management Console (MMC) on the General tab of Message Queuing Properties.

Networking and Communications – this version of Windows Server 2003 SP2 includes an update that allows you to simplify the creation and maintenance of Internet Protocol security (IPsec) policy. This update enables you to use an IPsec “Simple Policy.” For most environments, the installation of this update lets you reduce the number of IPsec filters that are required for a Server Isolation deployment or for a Domain Isolation deployment. You can reduce the number of IPsec filters from many hundreds of filters to only two filters. For more information about this update for Windows Server 2003, see article 914841 in the Microsoft Knowledge Base ( For more information about this update for Windows XP, see article 914842 in the Microsoft Knowledge Base (

·      Group Policy support for non-broadcasting networks and Wi-Fi Protected Access 2 (WPA2) settings has been added to the Windows wireless client in Windows Server 2003 SP2.  This update allows the Windows wireless client to accept additional wireless Group Policy configuration options. These new settings include support for WPA2 parameters and non-broadcast networks.

·      The Windows wireless client now supports WPA2, allowing you to take advantage of high levels of standards-based connection and encryption security. New security features include:

·      Non-broadcast network profiles are now marked with a flag to improve the security of the Windows wireless client.

·      Windows will not automatically connect to a peer-to-peer network, even if it has been automatically saved in the preferred network list. You must manually connect to a peer-to-peer network profile.

Windows Deployment Services – Starting with this version of Windows Server 2003 with SP2, Remote Installation Services is replaced by Windows Deployment Services. You can use Windows Deployment Services to set up new computers through a network-based installation without having to be physically present at each computer and without having to install directly from DVD media. For more information about Windows Deployment Services, see the Windows Deployment Services Update Step-by-Step Guide (