Securing Windows Server 2008

Microsoft hails the latest version of its flagship server operating system, Windows Server 2008, as "the most secure Windows Server ever". However, to fully achieve this lofty status, system administrators and security professionals must install, configure, monitor, log, and troubleshoot a dizzying array of new features and tools designed to keep the bad guys out and maintain the integrity of their network servers. This is no small task considering the market saturation of Windows Server and the rate at which it is attacked by malicious hackers. According to IDC, Windows Server runs 38% of all network servers. This market prominence also places Windows Server at the top of the SANS top 20 Security Attach Targets. The first five attack targets listed in the SANS top 20 for operating systems are related to Windows Server. This doesn't mean that Windows is inherently less secure than other operating systems; it's simply a numbers game. More machines running Windows Server. More targets for attackers to hack. As a result of being at the top of the "most used" and "most hacked" lists, Microsoft has released a truly powerful suite of security tools for system administrators to deploy with Windows Server 2008. This book is the comprehensive guide needed by system administrators and security professionals to master seemingly overwhelming arsenal of new security tools including: 1. Network Access Protection, which gives administrators the power to isolate computers that don't comply with established security policies. The ability to enforce security requirements is a powerful means of protecting the network. 2. Enhanced solutions for intelligent rules and policies creation to increase control and protection over networking functions, allowing administrators to have a policy-driven network. 3. Protection of data to ensure it can only be accessed by users with the correct security context, and to make it available when hardware failures occur. 4. Protection against malicious software with User Account Control with a new authentication architecture. 5. Increased control over your user settings with Expanded Group Policy. ...to name just a handful of the new security features. In short, Windows Server 2008 contains by far the most powerful and complex suite of security tools ever released in a Microsoft Server product. Securing Windows Server 2008 provides system administrators and security professionals with the knowledge they need to harness this power. * Describes new technologies and features in Windows Server 2008, such as improvements to networking and remote access features, centralized server role management, and an improved file system. * Outlines steps for installing only the necessary components and subsystems of Windows Server 2008 in your environment. No GUI needed. * Describes Windows Server 2008?s security innovations, such as Network Access Protection, Federated Rights Management, and Read-Only Domain Controller * Includes coverage of monitoring, securing, and troubleshooting Windows Server 2008 * Covers Microsoft's Hyper-V virtualization technology, which is offered as an add-on to four of the eight versions of Windows Server 2008 and as a stand-alone product

Microsoft hails the latest version of its flagship server operating system, Windows Server 2008, as "the most secure Windows Server ever". However, to fully achieve this lofty status, system administrators and security professionals must install, configure, monitor, log, and troubleshoot a dizzying array of new features and tools designed to keep the bad guys out and maintain the integrity of their network servers. This is no small task considering the market saturation of Windows Server and the rate at which it is attacked by malicious hackers. According to IDC, Windows Server runs 38% of all network servers. This market prominence also places Windows Server at the top of the SANS top 20 Security Attach Targets. The first five attack targets listed in the SANS top 20 for operating systems are related to Windows Server. This doesn't mean that Windows is inherently less secure than other operating systems; it's simply a numbers game. More machines running Windows Server. More targets for attackers to hack. As a result of being at the top of the "most used" and "most hacked" lists, Microsoft has released a truly powerful suite of security tools for system administrators to deploy with Windows Server 2008. This book is the comprehensive guide needed by system administrators and security professionals to master seemingly overwhelming arsenal of new security tools including: 1. Network Access Protection, which gives administrators the power to isolate computers that don't comply with established security policies. The ability to enforce security requirements is a powerful means of protecting the network. 2. Enhanced solutions for intelligent rules and policies creation to increase control and protection over networking functions, allowing administrators to have a policy-driven network. 3. Protection of data to ensure it can only be accessed by users with the correct security context, and to make it available when hardware failures occur. 4. Protection against malicious software with User Account Control with a new authentication architecture. 5. Increased control over your user settings with Expanded Group Policy. ... to name just a handful of the new security features. In short, Windows Server 2008 contains by far the most powerful and complex suite of security tools ever released in a Microsoft Server product. Securing Windows Server 2008 provides system administrators and security professionals with the knowledge they need to harness this power. ...

Get in-depth guidance for designing and implementing certificate-based security solutions—straight from PKI expert Brian Komar. No need to buy or outsource costly PKI services when you can use the robust PKI and certificate-based security services already built into Windows Server 2008! This in-depth reference teaches you how to design and implement even the most demanding certificate-based security solutions for wireless networking, smart card authentication, VPNs, secure email, Web SSL, EFS, and code-signing applications using Windows Server PKI and certificate services. A principal PKI consultant to Microsoft, Brian shows you how to incorporate best practices, avoid common design and implementation mistakes, help minimize risk, and optimize security administration.

This practical guide has exactly what you need to work with Windows Server 2008. Inside, you'll find step-by-step procedures for using all of the major components, along with discussions on complex concepts such as Active Directory replication, DFS namespaces and replication, network access protection, the Server Core edition, Windows PowerShell, server clustering, and more. All of this with a more compact presentation and a tighter focus on tasks than you'll find in bulkier references. Windows Server 2008: The Definitive Guide takes a refreshing approach. You won't find the history of Windows NT, or discussions on the way things used to work. Instead, you get only the information you need to use this server. If you're a beginning or intermediate system administrator, you learn how the system works, and how to administer machines running it. The expert administrators among you discover new concepts and components outside of your realm of expertise. Simply put, this is the most thorough reference available for Windows Server 2008, with complete guides to: Installing the server in a variety of different environments File services and the Windows permission structure How the domain name system (DNS) works Active Directory, including its logical and physical structure, hierarchical components, scalability, and replication Group Policy's structure and operation Managing security policy with predefined templates and customized policy plans Architectural improvements, new features, and daily administration of IIS 7 Terminal Services from both the administrator's user's point of view Networking architecture including DNS, DHCP, VPN, RADIUS server, IAS, and IPSec Windows clustering services --- applications, grouping machines, capacity and network planning, user account management Windows PowerShell scripting and command-line technology With Windows Server 2008: The Definitive Guide, you to come away with a firm understanding of what's happening under the hood, but without the sense that you're taking a graduate course in OS theory. If you intend to work with this server, this is the only book you need.

This version of the Server Bible will be the largest yet, catering to what is certainly the most advanced operating system introduced by Microsoft. The book will cater to the needs of the server administration community and will be designed to be a critical reference. The book will extensively cover the most notable new feature of Windows Server known as the "Server Core." Server Core is a significantly scaled-back installation where no graphical shell (explorer.exe) is installed, and all configuration and maintenance is done entirely through the command-line windows, or by connecting to the machine remotely using Microsoft Management Console. Server Core will also not include the .NET Framework, Internet Explorer or many other features not related to core server features. A Server Core machine can be configured for four basic roles: Domain controller, DNS Server, DHCP Server, and file server. Chapters on setup and installation will also cover the new componentized operating system Image-based setup and deployment tools, using WIM. In addition to the already extensive Active Directory support this book will now fully cover the "Read-Only Domain Controller" operation mode in Active Directory, intended for use in branch office scenarios where a domain controller may reside in a low physical security environment, was introduced in Windows Server 2003 R2 and will be extended in the 2008 version. Chapters covering policy-based networking, branch management and enhanced end user collaboration will be extended. Windows Server 2008 will also ship Internet Information Services 7 and the current chapters on IIS will thus be extended. Coverage of Windows SharePoint Services 3.0 will also be introduced into this part of the book. We will also include coverage of the improved hot patching technology, which is a feature that allows non-kernel patches to occur without the need for a reboot. A significantly upgraded Terminal Services component, supporting RDP 6.0. will be covered in the chapter on terminal services. The most notable improvement is the ability to share a single application over a Remote Desktop connection, instead of the entire desktop. This will be added to an already extended chapter on this remote access technology. In addition to these new features the book will also carry over existing features brought over from (SP1/R2) of Server 2003. These include covering of new security features of the operating system, Group Policy management, change control and service level, and administration practices.

Windows Server 2008 R2 Unleashed is the most comprehensive and realistic guide to planning, design, prototyping, implementation, migration, administration, and support. Based on the authors’ unsurpassed experience working with Windows Server 2008 R2 since its earliest alpha releases, it offers indispensable guidance drawn from hundreds of production environments. Microsoft MVP Rand Morimoto and his colleagues systematically introduce Windows Server 2008 R2 to IT professionals, identifying R2’s most crucial enhancements and walking through every step of installation and configuration. Next, they present comprehensive coverage of every area of Windows Server 2008 R2, including Active Directory, networking services, security, R2 migration from Windows Server 2003 and 2008, administration, fault tolerance, optimization and troubleshooting, core application services, and more. The authors thoroughly address major Windows Server 2008 R2 enhancements and present extensive coverage of R2 innovations ranging from Hyper-V virtualization to DirectAccess and the enhancements in Failover Clustering. Every chapter contains tips, tricks, and best practices learned from actual deployments: practical information for using Windows Server 2008 R2 to solve real business problems. Detailed information on how to... Plan and migrate from Windows Server 2003/2008 to Windows Server 2008 R2 and use R2’s new server migration tools Manage Active Directory with Active Directory Administrative Center, Best Practice Analyzer, and PowerShell scripts Use R2’s updated security tools and templates to lock down servers, clients, and networks Maximize availability with Windows Server 2008 R2 clustering, fault tolerance, and replication Streamline client management with new Group Policy ADMX settings and management tools Improve remote access using DirectAccess, Remote Desktop Services (formerly Terminal Services), and Virtual Desktop Infrastructure Implement Hyper-V virtualization including the built-in Live Migration technology Leverage add-ons such as Windows SharePoint Services, Windows Media Services, and IIS 7.5

“This book is an invaluable one-stop reference for deploying, configuring, and managing Windows Server 2008. It’s filled with John’s unique and hard-earned nuggets of advice, helpful scripts, and shortcuts that will save you time and money.” --Mark Russinovich The Start-to-Finish, Comprehensive Windows Server 2008 Book for Every Working Administrator and Architect To make the most of Windows Server 2008 in production environments, you need a deep understanding of its technical details. However, accurate and reliable information is scarce, and even most skilled Windows professionals don’t know Windows Server 2008 as well as they should. The Complete Guide to Windows Server 2008brings together more than 1,500 pages of practical Windows Server 2008 insight and in-depth knowledge that you can't find anywhere else, all based on final code. John Savill—one of the world’s most visible and trusted experts on Windows Server technology—specializes in helping real companies use Windows Server 2008 to run their businesses. His access to Microsoft’s product team as a Microsoft MVP and one of 50 elite “Windows Server 2008 Delta Force Rangers” benefited this book’s accuracy and value. Coverage includes Deployment planning, implementing, and managing new features, including Windows Server Core and Hyper-V virtualization Choosing the right installation and upgrade options for your environment Securing Windows Server 2008: authentication, authorization, BitLocker, certification services, and more Implementing TCP/IP, advanced network services, remote access, and thin-client Terminal Services Active Directory in depth, including Federated Services, Lightweight Directory Services, and Rights Management Providing high availability through Network Load Balancing and failover clustering Using Windows Deployment Services to quickly deploy multiple servers Supporting complex distributed environments with the Distributed File System Automating server management with PowerShell and the command prompt Integrating Windows Server 2008 with UNIX, Linux, and legacy NetWare servers Troubleshooting Windows Server 2008 and Vista environments, including an intuitive “how to” index to quickly locate answers to commonly asked questions www.savilltech.com/completeguidetowindows2008

Microsoft Windows Server 2008 R2: The Administrators Essential Reference introduces the Windows Server 2008 R2, which is Microsofts flagship server operating systems latest release. The book explores its features; describes differences between the available editions; and discusses its deployment. After introducing Windows Server 2008 R2, the book explains its installation and configuration processes followed by its networking. It also examines different features, such as the active directory, internet information services 7.5, Hyper-V, and PowerShell V2. It discusses securing Windows Server 2008 R2 files and its print services, remote desktop services, high-availability and recovery features, and monitoring and troubleshooting; in addition, their delta changes are discussed in the final chapter. The book also explores the features that influence both Windows Server 2008 R2 and Windows 7. These features allow the server operating system to work with Windows 7. One feature is the BranchCache, which offers users who open files across a Wide Area Network a better end-user experience by caching copy in the branch office when a document or intranet Web site is opened for the first time. Another feature is DirectAccess, which is the new remote connectivity solution for Windows networks. Features information on how to plan, deploy, and administrate Windows Server 2008 R2 using best practice guidance Provides in-depth coverage of Hyper-V, DirectAccess, Remote Desktop Services, Active Directory, and BranchCache Includes Delta Changes to allow experienced administrators to quickly gain insight to changes between Windows Server 2008 and Windows Server 2008 R2