Another security problem plaguing business everywhere is the proliferation of the Universal Serial Bus drive. No matter how secure you set your permissions on your file servers, no matter how good your document destruction capabilities are, and no matter what sort of internal controls you have on "eyes-only" documentation, a user can simply pop a thumb drive into any open USB port and copy data, completely bypassing your physical security.

These drives often contain very sensitive information that ideally should never leave the corporate campus, but they're just often found on lost keychains, inside computer bags left unattended in an airport lounge or in some equally dangerous location. The problem is significant enough that some business have taken to disabling USB ports by pouring hot glue into the actual ports. Effective, certainly, but also messy.

In Longhorn Server, an administrator will have the ability to block all new device installs, including USB thumb drives, external hard drives and other new devices. You can simply deploy a machine and allow no new devices to be installed. You'll also be able to set exceptions based on device class or device ID -- for example, to allow keyboards and mice to be added, but nothing else. Or you can allow specific device IDs, in case you've approved a certain brand of product to be installed, but no others. This is all configurable via Group Policy, and these policies are set at the computer level.

Windows Firewall with Advanced Security

The Windows Firewall version included with Windows Server 2003 Service Pack 1 was exactly the same as that included in Windows XP SP2. Microsoft bundled that firewall with Service Pack 1 as a stopgap measure -- deploy this firewall now so you will be protected, the company said, and we will work to improve the firewall in the next version of Windows.