As of the SP1 release, Windows Server 2003 now supports access-based enumeration of file shares. Basically, files and folders to which users lack access will not be visible within file shares. No more double-clicking shared resources only to be greeted with “Access denied.” This is quite a nice feature, and one which is long overdue.

http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx

Also, the new release of Windows Server 2003 R2 appears to have a number of new features that were not included in SP1 (and that probably will not be featured in SP2). As far as I can figure out, R2 is related to 2003 SP1 as NT4 Option Pack was related to NT4.

http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx

One of the first tasks that has been assigned to me is the installation and configuration of a pair of network load-balanced Terminal Servers running Windows Server 2003. The department has already cobbled together documentation on how to build servers within the locally developed and recognized best practices, and I am loath to deviate from these in my first month of employment. I got up to the point of joining the first TS node (”TS1″) to the AD domain pretty smoothly. When I attempted to move TS1 out of its workgroup and into the domain, I was prompted for a password (which is a good thing, and is to be expected). When I attempted to use my domain admin account in the form “DOMAIN\account”, I was rudely greeted with an “unknown username or bad password” error. When I tried to provide my credentials in the form of “account@domain.university.edu”, I received the unfamiliar “Element not found” message.

After poking around for a few hours, I came up with the following fix:

1. The administrative account being used to join the server to the domain must be allowed logon rights on the server being added. This must be done on the domain controller.
2. NTLM v2 authentication must be enabled in the Local Security Policy of the new server. Go to Administrative Tools / Local Security Policy and navigate to Security Settings / Local Policies / Security Options. In the right-hand pane, locate the policy named Network security : LAN Manager authentication level and change its value to Send NTLMv2 response only. (Note: I am unsure what other repercussions might be caused by changing this setting.)

These steps might not work for you, as they were likely necessary in my environment due to networking and domain configuration particulars.