共用方式為


Alphabetical list of features

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Alphabetical list of features

This is a partial list of the extensive set of features included in the Windows Server 2003 family. For links to more information about the features in this release, see New Features.

  • Active Directory

  • Asynchronous transfer mode

  • Automated System Recovery

  • Certificate Services

  • Clustering

  • Compatibility Mode

  • Component Services

  • Connection Manager

  • DHCP with DNS and Active Directory

  • Disk Management

  • Disk quota support

  • E-mail services (POP3, SMTP)

  • Encrypting File System

  • Group Policy (part of Active Directory)

  • Indexing Service

  • Internet Authentication Service

  • Internet Connection Sharing

  • Internet Information Services 6.0

  • Internet protocol security support

  • Kerberos V5 protocol support

  • Layer Two Tunneling protocol support

  • Lightweight Directory Access protocol support

  • Message Queuing

  • Microsoft Management Console

  • Network address translation

  • Network Load Balancing clusters

  • Operating system migration, support, and integration

  • Plug and Play

  • Public key infrastructure and smart card infrastructure

  • Quality of Service

  • Recovery Console

  • Remote Assistance

  • Remote Desktop for Administration

  • Remote Installation Services

  • Remote Storage

  • Removable Storage

  • Routing and Remote Access

  • Safe Mode

  • Security Configuration Wizard

  • Server clusters (Windows Server 2003, Enterprise Edition and Windows Server 2003, Datacenter Edition only)

  • Smart card infrastructure

  • Software restriction policies

  • TAPI 3.1

  • Terminal Server

  • Universal Description, Discovery, and Integration Services

  • Virtual private networking

  • Windows Firewall

  • Windows Media Services

  • Windows Script Host

  • Windows Update

  • Winsock Direct

Active Directory

Active Directory is the directory service for Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. It stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information. For more information, see Active Directory.

Asynchronous transfer mode

Asynchronous transfer mode (ATM) is a high-speed, connection-oriented protocol designed to transport multiple types of traffic across a network. It is applicable to both local area networks (LANs) and wide area networks (WANs). Using ATM, your network can simultaneously transport a wide variety of network traffic: voice, data, image, and video.

Automated System Recovery

Automated System Recovery (ASR) helps you recover your system in the event that your hard disk fails or your system is seriously damaged. You can easily prepare the necessary backup materials for ASR through wizards that are part of Backup. By using ASR in combination with standard backups (data and application backups), you can restore a system to the state it was in when you backed it up. For more information about ASR, see Automated System Recovery (ASR) overview. For more information about other system recovery options, see Disaster Recovery.

Certificate Services

Using Certificate Services and certificate management tools, you can deploy your own public key infrastructure (PKI). With a PKI, you can implement standards-based technologies, such as smart card logon capabilities, client authentication (through Secure Sockets Layer (SSL) and Transport Layer Security (TLS)), secure e-mail, digital signatures, and secure connectivity (using Internet protocol security (IPSec)). Using Certificate Services, you can set up and manage certification authorities (CAs) that issue and revoke X.509 v3 certificates. This means that you do not have to depend on commercial client authentication services, although you can integrate commercial client authentication into your PKI if you choose. For more information, see Certificate Services.

Clustering

A cluster is a group of independent computers that work together to run a common set of applications and provide the image of a single system to the client and application. For more information, see "Network Load Balancing clusters" or "server clusters" in this list.

Server clusters are available only on Windows Server 2003, Enterprise Edition and Windows Server 2003, Datacenter Edition.

Compatibility Mode

A new Compatibility Mode feature ensures out-of-box compatibility for many popular applications. Compatibility Mode technology provides an environment that more closely reflects the behavior of Windows 95, Windows 98, Windows NT 4.0, or Windows 2000 operating systems. These modes resolve several of the most common issues that prevent older applications from working correctly. Applications that experience problems after migration might benefit from being started in one of these compatibility environments. Advanced users can also take advantage of this technology to create solutions for their own applications.

Component Services

Component Services is a set of services based on extensions of Component Object Model (COM) and on Microsoft Transaction Server (an earlier release of a component-based transaction processing system). Component Services provides threading and security, transaction management, object pooling, queued components, and application administration and packaging.

To see the complete Help documentation for COM+ applications and Component Services, click Start, point to All programs, point to Administrative Tools, and then click Component Services. In Component Services, click Help, and then click Help Topics.

Connection Manager

Connection Manager provides support for local and remote connections to your service by using a network of access points, such as those available worldwide through Internet service providers (ISP). For more information, see Connection Manager Administration Kit.

DHCP with DNS and Active Directory

Dynamic Host Configuration protocol (DHCP) works with DNS and Active Directory on Internet protocol (IP) networks, helping to free you from assigning and tracking static IP addresses. DHCP dynamically assigns IP addresses to computers or other resources that are connected to an IP network. For more information, see Network Services.

Disk Management

Disk Management is a graphical tool for managing disk storage that includes such features as:

  • Support for dynamic volumes, working outside the restriction of four partitions per disk.

  • Online disk management (fewer restarts).

  • Local and remote drive management.

  • Volume Mount Points, which you can use to connect, or mount, a local drive at any empty folder on a local NTFS-formatted volume.

For more information, see Disk Management.

Disk quota support

You can use disk quotas on volumes that are formatted with the NTFS file system to monitor and limit the amount of disk space that is available to individual users. You can define the responses that result when users exceed your specified thresholds. For more information, see Disk Quotas.

E-mail services (POP3, SMTP)

The POP3 (Post Office protocol 3) service provides e-mail transfer and retrieval services. Administrators can use the POP3 service to store and manage e-mail accounts on the mail server. Simple Mail Transfer protocol (SMTP) supports the transfer of e-mail between servers. For more information, see POP3 Service and Simple Mail Transfer Protocol (SMTP) service.

Encrypting File System

Encrypting File System (EFS) complements other access controls and provides an additional level of protection for your data. EFS runs as an integrated system service, making it easy to manage, difficult to attack, and transparent to the user. For more information, see Encrypting File System.

Group Policy (part of Active Directory)

You can use policy to define the settings and allowed actions for users and computers. In contrast with local policy, you can use Group Policy to set policies that apply across a given site, domain, or organizational unit in Active Directory. Policy-based management simplifies such tasks as system update operation, application installation, user profiles, and desktop-system lockdown. For more information, see Group Policy (pre-GPMC).

Indexing Service

Indexing Service provides a fast, easy, and secure way for users to search for information locally or on the network. Users can search in files in different formats and languages, either through the Search command on the Start menu or through Hypertext Markup Language (HTML) pages that they view in a browser.

Internet Authentication Service

Internet Authentication Service (IAS) provides a central point for managing authentication, authorization, accounting, and auditing of dial-up or virtual private network (VPN) users. IAS uses the Internet Engineering Task Force (IETF) protocol called Remote Authentication Dial-In User Service (RADIUS). For more information, see Internet Authentication Service.

This feature is not included on computers running the Microsoft® Windows Server® 2003, Web Edition, operating system. For more information, see Overview of Windows Server 2003, Web Edition. In Windows Server 2003, Standard Edition, you can configure IAS with a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. For more information about these limits, see Internet Authentication Service.

Internet Connection Sharing

With the Internet Connection Sharing (ICS) feature of Network Connections, you can connect your home network or small office network to the Internet. For example, you might have a home network that connects to the Internet through a dial-up connection. By enabling Internet Connection Sharing on the computer that uses the dial-up connection, you can provide network address translation, addressing, and name resolution services for all the computers on your network. For more information, see Internet Connection Sharing and network address translation.

Internet Connection Sharing and Network Bridge are not included in Windows Server 2003, Web Edition; Windows Server 2003, Datacenter Edition; and the Itanium-based versions of the original release of the Windows Server 2003 operating systems.

Internet Information Services 6.0

Internet Information Services (IIS) 6.0 is a full-featured Web server that provides the foundation for the Windows Server 2003 family and existing Web applications and Web services. IIS 6.0 offers dedicated application mode, which runs all application code in an isolated environment. IIS 6.0 also supports Web gardens, in which a set of equivalent processes on a computer each receive a share of the requests that are normally served by a single process, achieving better multiprocessor scalability.

Note

  • By default, IIS is not installed with new installations of Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. You can add it by using the Configure Your Server Wizard or by using Add or Remove programs.

Internet protocol security support

You can use Internet protocol security (IPSec) to secure communications within an intranet and to create secure virtual private network (VPN) solutions across the Internet. IPSec was designed by the Internet Engineering Task Force (IETF), and it is an industry standard for encrypting TCP/IP traffic. For more information, see Internet Protocol Security (IPSec).

Kerberos V5 protocol support

Kerberos V5 is a mature, industry-standard network authentication protocol. With Kerberos V5 support, a fast, single logon process gives users the access they need to enterprise resources, as well as to other environments that support this protocol. Support for Kerberos V5 includes additional benefits, such as mutual authentication (client and server must both provide authentication) and delegated authentication (the user's credentials are tracked end to end). For more information, see Kerberos V5 authentication.

Layer Two Tunneling protocol support

Layer Two Tunneling protocol (L2TP) is a more secure version of Point-to-Point Tunneling protocol (PPTP), and it is used for tunneling, address assignment, and authentication. For more information, see Layer Two Tunneling Protocol.

Lightweight Directory Access protocol support

Lightweight Directory Access protocol (LDAP), an industry standard, is the primary access protocol for Active Directory. LDAP version 3 was defined by the Internet Engineering Task Force (IETF). For more information, see Directory access protocol.

Message Queuing

The Message Queuing feature helps developers build and deploy applications that run more reliably over networks, including the Internet. These applications can interoperate with applications running on different platforms, such as mainframe computers and UNIX-based systems. For more information, see Using Message Queuing.

Microsoft Management Console

You can use Microsoft Management Console (MMC) to arrange administrative tools and processes within a single interface. You can also delegate tasks to specific users by creating preconfigured MMC consoles for them. The consoles provide the users with the tools that you select. For more information, see Microsoft Management Console.

Network address translation

Network address translation (NAT) hides internally managed IP addresses from external networks by translating private internal addresses to public external addresses. This reduces IP address registration costs by letting you use private IP addresses internally, with translation to a small number of registered IP addresses externally. It also hides the internal network structure, reducing the risk of attacks against internal systems. For more information, see Understanding Network Address Translation.

Network Load Balancing clusters

Previously known as Windows NT Load Balancing Service (WLBS), Network Load Balancing distributes incoming TCP/IP traffic among multiple servers. Your clustered applications, especially Web server applications, can handle more traffic and provide higher availability and faster response times. For more information, see Network Load Balancing Clusters.

Operating system migration, support, and integration

The Windows Server 2003 family of products integrates seamlessly with existing systems, and it contains support for earlier Windows operating systems, as well as other popular operating systems. The following support is included:

  • Interoperability with Windows NT Server 3.51 and 4.0.

  • Support for clients that run a variety of operating systems, including Windows 3.x, Windows 95, Windows 98, Windows 2000, and Windows NT Workstation 4.0.

  • UNIX interoperability, provided through an add-on pack called Windows Services for UNIX. Telnet services (for remote access and administration) are included in the Windows Server 2003 family, as well as in the add-on pack.

  • Mainframe and midrange connectivity, using S/390 and AS/400 transaction and queuing gateways through Host Integration Server 2000.

  • File Server for Macintosh, which allows Macintosh clients to use the TCP/IP protocol (AFP over IP) to share files and to access shares on a server running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; or Windows Server 2003, Datacenter Edition. For more information, see Services for Macintosh.

    This feature is not included on computers running the Microsoft® Windows Server® 2003, Web Edition, operating system. For more information, see Overview of Windows Server 2003, Web Edition.

Plug and Play

With Plug and Play, a combination of hardware and software support, the server can recognize and adapt to hardware configuration changes automatically, without your intervention and without restarting. For more information, see Plug and Play overview.

Public key infrastructure and smart card infrastructure

Using Certificate Services and certificate management tools, you can deploy your own public key infrastructure (PKI). With a PKI, you can implement standards-based technologies, such as smart card logon capabilities, client authentication (through Secure Sockets Layer (SSL) and Transport Layer Security (TLS)), secure e-mail, digital signatures, and secure connectivity (using Internet protocol security (IPSec)). Using Certificate Services, you can set up and manage certification authorities (CAs) that issue and revoke X.509 v3 certificates. This means that you do not have to depend on commercial client authentication services, although you can integrate commercial client authentication into your PKI if you choose. For more information, see Certificate Services and Smart Cards.

Quality of Service

Quality of Service (QoS)-based services and protocols provide a guaranteed, end-to-end, express delivery system for information across the network. For more information, see Quality of Service (QoS).

Recovery Console

With Recovery Console, you can start a command-line console on a system on which a software problem (such as a problem with drivers or files) is preventing the system from starting. From Recovery Console, you can use basic commands to try to recover the system. For more information, see Recovery Console overview.

Remote Assistance

You can use Remote Assistance to remotely administer a computer. If you have an invitation, Remote Assistance is a convenient way for you to connect to a remote computer from a computer running Windows XP or any product in the Windows Server 2003 family. After you are connected, you can view the remote computer's screen and chat in real time. If the person requesting assistance allows you to, you can even use the mouse and keyboard to work on the remote computer. For more information, see Windows interface administrative tool reference A-Z: Remote Assistance.

This feature is not available on the Itanium-based versions of the Windows operating systems.

Remote Desktop for Administration

With Remote Desktop for Administration (formerly known as Terminal Services in Remote Administration mode), you can administer a computer from virtually any computer on your network. Based on Terminal Services technology, Remote Desktop for Administration is specifically designed for server management. For more information about this feature, see Remote Desktop for Administration.

Remote Installation Services

With Remote Installation Services (RIS), you can create installation images of operating systems or even of complete computer configurations, including desktop settings and applications. You can then make these images available to users at client computers. The client computers must support remote booting with the Pre-Boot eXecution Environment (PXE) ROM, or else they must be started with a remote-startup floppy disk. For more information, see Remote Installation Services.

This feature is not included on computers running the Microsoft® Windows Server® 2003, Web Edition, operating system. For more information, see Overview of Windows Server 2003, Web Edition.

Remote Storage

Remote Storage uses criteria that you specify to automatically copy little-used files to removable media. If hard-disk space drops below specified levels, Remote Storage removes the (cached) file content from the disk. If the file is needed later, the content is automatically recalled from storage. For more information, see Remote Storage.

Remote Storage is not available on Windows Server 2003, Web Edition or on Windows Server 2003, Standard Edition. For more information about Windows Server 2003, Web Edition, see Overview of Windows Server 2003, Web Edition.

Removable Storage

Removable Storage makes it easy to track your removable storage media (tapes and optical discs) and to manage the hardware libraries, such as changers and jukeboxes, that contain them. Because removable optical discs and tapes are less expensive per megabyte (MB) than hard disks, Removable Storage and Remote Storage can decrease your costs. For more information, see Removable Storage.

Routing and Remote Access

Routing and Remote Access replaces the Routing and Remote Access Service (RRAS) and Remote Access Service (RAS) features from Windows NT 4.0. Routing and Remote Access is a single, integrated service that terminates connections from either dial-up or virtual private network (VPN) clients or that provides routing (IP, IPX, and Services for Macintosh), or both. With Routing and Remote Access, your server can function as a remote access server, a VPN server, a gateway, or a branch-office router. For more information, see Routing and Remote Access.

Safe Mode

With Safe Mode, you can start the Windows operating system with a minimal set of drivers and services and then view a log showing the sequence of events at startup. By using Safe Mode, you can diagnose problems with drivers and other components that might be preventing normal startup. For more information, see Startup options.

Security Configuration Wizard

The Security Configuration Wizard reduces the attack surface of computers that are running Windows Server 2003 with Service Pack 1 (SP1). The wizard asks the user a series of questions designed to determine the functional requirements of the server. Any functionality that is not required by the roles being performed by the server is then disabled. In addition to being a fundamental security best practice, reducing the attack surface increases the diversity of your Windows landscape, and reduces the number of systems that need to be immediately updated if a security issue arises. For more information, see Windows Server TechCenter.

Server clusters (Windows Server 2003, Enterprise Edition and Windows Server 2003, Datacenter Edition only)

Server clusters provide high availability, scalability, and manageability for important resources and applications. Multiple servers (nodes) in a cluster remain in constant communication. If one of the nodes in a cluster is unavailable as a result of failure or maintenance, another node immediately begins providing service (a process known as failover). Users who access the cluster are constantly connected to server-based resources.

With Windows Server 2003, Enterprise Edition and Windows Server 2003, Datacenter Edition, you can configure server clusters in one of three available cluster models, depending on your requirements. For more information, see Server Clusters.

Smart card infrastructure

Using Certificate Services and certificate management tools, you can deploy your own public key infrastructure (PKI). With a PKI, you can implement standards-based technologies, such as smart card logon capabilities, client authentication (through Secure Sockets Layer (SSL) and Transport Layer Security (TLS)), secure e-mail, digital signatures, and secure connectivity (using Internet protocol security (IPSec)). For more information, see Certificate Services and Smart Cards.

Software restriction policies

With software restriction policies, you can protect your computer environment from untrusted code by identifying and specifying which applications are allowed to run. For more information, see Software Restriction Policies.

TAPI 3.1

TAPI 3.1 unifies Internet protocol (IP) and traditional telephony to enable developers to create computer telephony applications that work as effectively over the Internet or an intranet as they do over the traditional telephone network. For more information, see Telephony.

Terminal Server

By using Terminal Server, a user can access programs running on the server from a variety of older devices. For example, a user can access a virtual Windows XP Professional desktop and x86-based Windows applications from hardware that cannot run the software locally. Terminal Server provides this capability for both Windows client devices and other client devices. (Other devices require add-on software by Citrix Systems.) For a more detailed description, see Terminal Server features.

This feature is not included on computers running the Microsoft® Windows Server® 2003, Web Edition, operating system. For more information, see Overview of Windows Server 2003, Web Edition. Note that Remote Desktop for Administration is available on Windows Server 2003, Web Edition.

Universal Description, Discovery, and Integration Services

Universal Description, Discovery, and Integration (UDDI) is an industry specification for publishing and locating information about Web services. Some products in the Windows Server 2003 family include UDDI Services, a Web service that provides UDDI capabilities for use within an enterprise or across organizations. For more information, see UDDI Services overview.

UDDI Services is not included with Windows Server 2003, Web Edition. In addition, Windows Server 2003, Standard Edition, supports only stand-alone installations of UDDI Services. Distributed installation support is available with Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition. In a stand-alone installation of UDDI Services, both the UDDI Web server component and the UDDI database component are installed onto a single server. In a distributed installation, UDDI components are distributed across multiple servers.

For more information about Windows Server 2003, Web Edition, see Overview of Windows Server 2003, Web Edition.

Virtual private networking

You can give users ready access to your organization's network even when they are out of the office--and reduce the cost of this access--by implementing a virtual private network (VPN). The VPN connection creates a secure tunnel across the Internet into the private network.

There are two types of VPN technology in the Windows Server 2003 family:

  • Point-to-Point Tunneling protocol (PPTP), which employs user-level Point-to-Point protocol (PPP) authentication methods and Microsoft Point-to-Point Encryption (MPPE) for data encryption.

  • Layer Two Tunneling protocol (L2TP) with Internet protocol security (IPSec). L2TP employs user-level PPP authentication methods and computer-level certificates with IPSec for data encryption.

On Windows Server 2003, Web Edition, and Windows Server 2003, Standard Edition, you can create up to 1,000 Point-to-Point Tunneling protocol (PPTP) ports, and you can create up to 1,000 Layer Two Tunneling protocol (L2TP) ports. However, Windows Server 2003, Web Edition, can accept only one virtual private network (VPN) connection at a time. Windows Server 2003, Standard Edition, can accept up to 1,000 concurrent VPN connections. If 1,000 VPN clients are connected, further connection attempts are denied until the number of connections falls below 1,000.

For more information about virtual private networking, see Virtual Private Networks.

Windows Firewall

Windows Firewall is a host firewall technology. As a host firewall, Windows Firewall runs on each of your clients and servers. It provides protection from network attacks that pass through your perimeter network or originate inside your organization, such as Trojan horse attacks, port scanning attacks, and worms. Like many firewall technologies, Windows Firewall is a stateful firewall. As such, Windows Firewall inspects and filters all Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) traffic. Unsolicited incoming traffic is dropped unless it is a response to a request by the host (solicited traffic), or it is specifically allowed (excepted traffic). You can specify excepted traffic according to port number, application name, or service name by configuring Windows Firewall settings. With the exception of some Internet Control Message Protocol (ICMP) messages, Windows Firewall allows all outgoing traffic.

Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

For more information, see Windows Server TechCenter.

Windows Media Services

Windows Media Services provides support for the distribution of streaming audio and video over corporate intranets and the internet. In Windows Server 2003, Enterprise Edition or Windows Server 2003, Datacenter Edition, Windows Media Services delivers advanced streaming functionality, such as multicasting, wireless network support, internet authentication, server plug-ins, and Cache/proxy APIs.

Windows Media Services is not included with Windows Server 2003, Web Edition, or the Itanium-based versions of Windows Server 2003.

Windows Script Host

By using Windows Script Host (WSH), you can automate such actions as creating a shortcut and connecting to and disconnecting from a network server. WSH is language independent: you can write scripts in common scripting languages, such as Microsoft Visual Basic, Scripting Edition, and JScript. For more information, see Windows Script Host.

Windows Update

Windows Update is an online extension of Windows that detects and replaces outdated Windows system files with the most recent versions. Windows Update can significantly increase computer system stability over a long period. It can also reduce the load on administrators and support staff charged with maintaining a productive operating environment. Windows Update requires an internet connection. For more information, see Windows Update.

Winsock Direct

Winsock Direct, now available on all server editions, enables applications that use Winsock to perform faster and with less overhead when they communicate across a system area network (SAN). If there is a SAN in place, Winsock Direct has the effect of streamlining communications between distributed components.