Microsoft will launch Windows Server 2003 Thursday, offering improved security and faster file and web server performance compared with Windows 2000, according to tests carried out by vnunet.com's sister title, IT Week.

But Microsoft's security-by-default strategy and new advanced features will demand tough policy decisions.

Basic security is improved because most server features, including the IIS web server, are disabled when the operating system is installed. This reduces the impact of automated attacks such as the Nimda and Code Red worms.

However, the Windows File and Print Sharing service runs by default, which provides an obvious entry point for hackers attempting to break into the system.

"Microsoft's decision to do this could be deemed a mistake by some in the security community," said Russ Cooper, editor of the NTBugtraq mailing list.

Password complexity, encryption and account lock-out are also disabled. The minimum password length is set to zero, even when password complexity is enabled.

Changes to the domains and forests used to control user profiles in Windows Server 2003 pose another challenge. Previously, only users with the same domain roots could share forests, but this is no longer the case.

"There's more direct trust across forests so customers who want a joint-venture-type relationship can give each other access," said Juliet Andrew of consultancy Conchango.

"That could lead to a greater need for strict auditing of policy - for example in deleting users who no longer need access."

Lockdown settings require IT managers to think carefully about what they enable. Garry Martin, technical architect at Fujitsu Services, said, "There's a cost to locking down to the nth degree. It's a double-edged sword: you have to understand exactly what you want to achieve."

He added that WS 2003's advanced storage management features also create a steep learning curve.

But Conchango's Andrew said that the scale of changes in Windows Server 2003 mean the upgrade should not be daunting. "Windows 2000 was more of a paradigm shift because of Active Directory. This is more like Windows 2000 to XP," she said.

IT Week results show that the IIS 6.0 web server in Windows Server 2003 offers good scalability compared with Windows 2000, with a two-way server seeing a 50 percent performance boost compared with an equivalent single-processor system.

IIS 6.0 is also as much as 58 per cent faster than IIS 5.0 on the same hardware.