The different of Win2000Server security and WinXP security ?

Posted on 2003-02-23
Medium Priority
Last Modified: 2013-12-04
I want to buy microsoft OS, but Iam confuse.
I had comparing Win2000 Prof with Win Xp ,and
the result is winXP give the best solution in security.
But I did'nt find the comparison page that telling me about win2000 server vs winXP.

What OS is the most SECURE for my server ?
Windows 2000 server or Windows XP ?
Why ?
Please advise me.
Question by:shanyuen
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2

Expert Comment

ID: 8005767
since when does winXP have a server version? are you referring to .net server?

Expert Comment

ID: 8006005
Well, there isn't an XP server and Windows server 2003 hasn't hit the stores yet.

But when it does come out, server 2003 will have a few more security options over Windows 2000 and have patched any holes 2000 might have at that point. Plus IIS 6, which comes with server 2003 should be far more secure than IIS 5.

So my answer (for now) is that Server 2003 will be more secure than Windwows 2000 server.


Expert Comment

ID: 8006096
i mostly agree with ghost hacker, but i want to add that along with the few added security features that 2003 sever is likely to have, and the addressing of some of the holes win2000 currently is known to have, there will also be a whole new list of holes, and bugs that will need to be addressed. in my opinion microsoft is good for releasing os's before they've been thoroughly tested enough. so although 2003 sever may have new features, unless you have a specific need that is specifically addressed by the upcoming version, hold out for awhile, and wait until other people have acted as guinea pigs for microsoft.
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.


Expert Comment

ID: 8034964
A basic and general overview of Windows security, from my eyes. I do agree with the above comments, but offer this in addition.
My company uses all of M$'s OS's currently, and find that they are all have LOT's of security risk's. These range from VERY big holes, to very small hole's or bugs. Fortunatly, M$ product's are very configurable, and frankly most people/admins don't take the time to follow best practices, which are often at the heart of the biggest risks/holes. The best practices that have served me and my company very well are the following:
Antivirus Software- scheduled daily scans, scheduled Virus DAT updates
Firewalls- and Daily review of their logs
Strong Password's- changed monthly- never repeating
Periodic Audits- using network scanners
DAILY Event log audits
Running the OS as a less privledged user, unless necessary.
NTFS File permission's-
3rd party encryption- PGP, Blowfish, 3DES etc...

I read everything I can find- I loved the Hacking Exposed series of books. I recommend them to everyone.
Here are some articles that I hope you will find useful in researching windows as an OS:

There are TONS more. All OS's require that you configure them to be more secure- "Security isn't a program, it's a process" at least that's my mantra.
Good Luck!


Author Comment

ID: 8038822
I still not understand. What is the different between win2000 server with winXP ?
I look at microsoft website and they just give me information about the different win2000 prof and winXP.
And they said WinXP has more powerful security then win2000 prof.
But if winXP compared with win2000 server ?
I can't find this at his site.
I know WinXP does'nt have server function, but how about local security setting ?
Microsoft said that winXP has more powerful tool in local security then win2000 prof.

Expert Comment

ID: 8038927
what are you going to be using your machine for? i don't understand what you don't understand. windows 2000 pro and windows xp are client/workstation operating systems. windows 2000 server is a server operating system.

they have different uses, and therefore are vulnerable in different ways.

the question you're asking is similar to asking the difference between an apple and an orange. they are similar in many ways, but they essentially they are different.

as far as security goes, it's not worth your time trying to figure out which operating system is more locked down. since they differ in functionality they will differ in security related specifics. i suppose one could assume that a server may be less secure by reason of its very nature. but more importantly, you should be thinking about which type of system will best meet your practical needs.


Expert Comment

ID: 8041374
Server 2k: http://www.microsoft.com/windows2000/server/evaluation/features/default.asp

Afew basic things, a 2000 server has IIS- a webpage application that SERVE's webpages. 2000 Server can also be a Domain Controller/AD. A domain controller/active directory is what client machines authenticate to. A server can house DNS and wins, and client machines would look to the server for that information. A name-server basically. Server's have the terminal service on them, meaning that a client machine, can terminal into them, and control the server remotely, without the use for 3rd party software.

XP: http://www.microsoft.com/windowsxp/pro/evaluation/features.asp
These are very basic differences-there are more- but most of those above Xp cannot do. Xp does have RDP, remote desktop, which is also a remote control application. I don't think IIS will work on XP, but apache or something can be. XP cannot be a Domain Contoler, or Active directory controller.

When it comes down to it, if we generalize servers:A server is a computer/device which provides information or services to computers on a network.

A Client Server network is one where one or more of the computers on the network (the servers) have specialized software devoted to the maintenance and security of the network itself.  It might be totally dedicated to the network, or it might also contain a website, contain the
authentication mechinism for the network. Client's would contact the servers through the netwrok, and get information such as "is it ok if i log on?".

I discussed the security of them above, I feel that server is less secure, mainly due to the IIS application, which equal's if not doubles the security risk's of win2k server.
XP is more secure out of the box, but both can be brought up to speed, and have equal security, or damn near. But not with M$ product alone, you'll need plenty of 3rd party app's and software to do that.


Expert Comment

ID: 8043891
fyi, iis will work on xp. but i agree with everything else neo has laid out for you, shanyuen. which goes back to what i said in my last post - it's hard to compare the two. they're going to be as secure as you make them. because they have somewhat different purposes, the security question is hard to answer definitively.

anyhow, let us know if you have any more questions.

Author Comment

ID: 8140897
Iam sorry if I confusing everyone. (My english is bad)
I did'nt mean to comparing win2000 server with winXP.
Of course win2000 server is different with winXP.

This is the list of un-enhanced or unavailable security features in Win2000 Prof
(compared with winXP) :
-Internet Connection Firewall
-Encrypting File System (EFS) with Multi-user Support
-Smart Card Support
-Group Policy (un-enhanced)
-Resultant Set of Policy (RSoP)
-Improved Help and Support Services
-Automatic Updates
-Windows Update Improvements
-Windows Management Instrumentation (WMI) -->Subset of features
-Troubleshooters (Partial subset of features)
-Credential Manager
-Offline Files and Folders (Without encryption support)
-Wireless Networking
-Network Location Awareness
-Peer-to-Peer Networking Support
-System Restore
-Device Driver Rollback

Then my truly question is :
are Win2000 server has the SAME/similiar security features with win2000 Prof ?
Not enhanced like XP although service pack 3 installed ?


Accepted Solution

Ghost_Hacker earned 150 total points
ID: 8142333
Yes it does.

As long as your talking about a standalone computer that isn't part of a domain, isn't a domain controller, doesn't provide any network resources or has installed any "Server" only services.

In other words a Win2k server used like a "desktop" system would be just as secure as a Win2k Pro system.

However, Windows 2000 server is more robust than Windows Pro when it comes to providing network services. (file and print, web ,SQL,Terminal services, etc,etc....)

Hope this helps you :-)

Expert Comment

ID: 9070868
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
OfficeMate Freezes on login or does not load after login credentials are input.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month10 days, 7 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question