Appendix M: Document Links and Recommended Reading

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012

The following table contains a list of links to external documents and their URLs so that readers of hard copies of this document can access this information. The links are listed in the order they appear in the document.

Links

URLs

10 Immutable Laws of Security Administration

http://technet.microsoft.com/library/cc722488.aspx

Microsoft Security Compliance Manager

http://technet.microsoft.com/library/cc677002.aspx

Gartner Symposium ITXPO

http://www.gartner.com/technology/symposium/orlando/

2012 Data Breach Investigations Report (DBIR)

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Ten Immutable Laws of Security (Version 2.0)

http://technet.microsoft.com/security/hh278941.aspx

Using Heuristic Scanning

http://technet.microsoft.com/library/bb418939.aspx

Drive-by download

http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx

Microsoft Support article 2526083

http://support.microsoft.com/kb/2526083

Microsoft Support article 814777

http://support.microsoft.com/kb/814777

Open Web Application Security Project (OWASP)

https://www.owasp.org/index.php/Main_Page

Microsoft Security Development Lifecycle

http://www.microsoft.com/security/sdl/default.aspx

Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques

http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques_English.pdf

Determined Adversaries and Targeted Attacks

http://www.microsoft.com/download/details.aspx?id=34793

Solution for management of built-in Administrator account's password via GPO

http://code.msdn.microsoft.com/windowsdesktop/Solution-for-management-of-ae44e789

Microsoft Support article 817433

http://support.microsoft.com/?id=817433

Microsoft Support article 973840

http://support.microsoft.com/kb/973840

Administrator account is disabled by default

http://technet.microsoft.com/library/cc753450.aspx

The Administrator Accounts Security Planning Guide

http://technet.microsoft.com/library/cc162797.aspx

Microsoft Windows Security Resource Kit

http://www.microsoft.com/learning/en/us/book.aspx?ID=6815&locale=en-us

Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide

http://technet.microsoft.com/en-us/library/dd378897(WS.10).aspx

Windows Server Update Services

http://technet.microsoft.com/windowsserver/bb332157

Personal Virtual Desktops

http://technet.microsoft.com/library/dd759174.aspx

Read-Only Domain Controller Planning and Deployment Guide

http://technet.microsoft.com/library/cc771744(WS.10).aspx

Running Domain Controllers in Hyper-V

http://technet.microsoft.com/library/dd363553(v=ws.10).aspx

Hyper-V Security Guide

http://www.microsoft.com/download/details.aspx?id=16650

Ask the Directory Services Team

http://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx

How to configure a firewall for domains and trusts

http://support.microsoft.com/kb/179442

2009 Verizon Data Breach Report

http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

2012 Verizon Data Breach report

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Introducing Auditing Changes in Windows 2008

http://blogs.technet.com/b/askds/archive/2007/10/19/introducing-auditing-changes-in-windows-2008.aspx

Cool Auditing Tricks in Vista and 2008

http://blogs.technet.com/b/askds/archive/2007/11/16/cool-auditing-tricks-in-vista-and-2008.aspx

Global Object Access Auditing is Magic

http://blogs.technet.com/b/askds/archive/2011/03/10/global-object-access-auditing-is-magic.aspx

One-Stop Shop for Auditing in Windows Server 2008 and Windows Vista

http://blogs.technet.com/b/askds/archive/2008/03/27/one-stop-shop-for-auditing-in-windows-server-2008-and-windows-vista.aspx

AD DS Auditing Step-by-Step Guide

http://technet.microsoft.com/library/a9c25483-89e2-4202-881c-ea8e02b4b2a5.aspx

Getting the Effective Audit Policy in Windows 7 and 2008 R2

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Sample script

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Audit Option Type

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Advanced Security Auditing in Windows 7 and Windows Server 2008 R2

http://social.technet.microsoft.com/wiki/contents/articles/advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx

Auditing and Compliance in Windows Server 2008

http://technet.microsoft.com/magazine/2008.03.auditing.aspx

How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 Server domain

http://support.microsoft.com/kb/921469

Advanced Security Audit Policy Step-by-Step Guide

http://technet.microsoft.com/library/dd408940(WS.10).aspx

Threats and Countermeasures Guide

http://technet.microsoft.com/library/hh125921(v=ws.10).aspx

MaxTokenSize and Kerberos Token Bloat

http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx

Authentication Mechanism Assurance

http://technet.microsoft.com/library/dd391847(v=WS.10).aspx

Microsoft Data Classification Toolkit

http://technet.microsoft.com/library/hh204743.aspx

Dynamic Access Control

http://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx

Absolute Software

http://www.absolute.com/en/landing/Google/absolute-software-google/computrace-and-absolute-manage?gclid=CPPh5P6v3rMCFQtxQgodFEQAnA

Absolute Manage

http://www.absolute.com/landing/Google/absolute-manage-google/it-asset-management-software

Absolute Manage MDM

http://www.absolute.com/landing/Google/MDM-google/mobile-device-management

SolarWinds

http://www.solarwinds.com/eminentware-products.aspx

EminentWare WSUS Extension Pack

http://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-WSUS-Extension-Pack-005-Datasheet2.pdf

EminentWare System Center Configuration Manager Extension Pack

http://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-Extension-Pack-for-CM-Datasheet-006-Revised.pdf

GFI Software

http://www.gfi.com/?adv=952&loc=58&gclid=CLq9y5603rMCFal7QgodMFkAyA

GFI LanGuard

http://www.gfi.com/network-security-vulnerability-scanner/?adv=952&loc=60&gclid=CP2t-7i03rMCFQuCQgodNkAA7g

Secunia

http://secunia.com/

Secunia Corporate Software Inspector (CSI)

http://secunia.com/products/corporate/csi/

Vulnerability Intelligence Manager

http://secunia.com/vulnerability_intelligence/

eEye Digital Security

http://www.wideeyesecurity.com/?gclid=CK6b0sm13rMCFad_QgodhScAiw

Retina CS Management

http://www.wideeyesecurity.com/products.asp

Lumension

http://www.lumension.com/?rpLeadSourceId=5009&gclid=CKuai_e13rMCFal7QgodMFkAyA

Lumension Vulnerability Management

http://www.lumension.com/Solutions/Vulnerability-Management.aspx

Threats and Countermeasures Guide: User Rights

http://technet.microsoft.com/library/hh125917(v=ws.10).aspx

Threats and Vulnerabilities Mitigation

http://technet.microsoft.com/library/cc755181(v=ws.10).aspx

User Rights

http://technet.microsoft.com/library/dd349804(v=WS.10).aspx

Access Credential Manager as a trusted caller

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_2

Access this computer from the network

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_1

Act as part of the operating system

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_3

Add workstations to domain

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_4

Adjust memory quotas for a process

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_5

Allow log on locally

http://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_6

Allow log on through Terminal Services

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_7

Back up files and directories

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_8

Bypass traverse checking

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_9

Change the system time

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_10

Change the time zone

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_11

Create a pagefile

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_12

Create a token object

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_13

Create global objects

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_14

Create permanent shared objects

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_15

Create symbolic links

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_16

Debug programs

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_17

Deny access to this computer from the network

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18

Deny log on as a batch job

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18a

Deny log on as a service

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_19

Deny log on locally

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_20

Deny log on through Terminal Services

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_21

Enable computer and user accounts to be trusted for delegation

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_22

Force shutdown from a remote system

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_23

Generate security audits

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_24

Impersonate a client after authentication

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_25

Increase a process working set

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_26

Increase scheduling priority

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_27

Load and unload device drivers

http://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_28

Lock pages in memory

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_29

Log on as a batch job

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_30

Log on as a service

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_31

Manage auditing and security log

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_32

Modify an object label

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_33

Modify firmware environment values

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_34

Perform volume maintenance tasks

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_35

Profile single process

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_36

Profile system performance

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_37

Remove computer from docking station

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_38

Replace a process level token

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_39

Restore files and directories

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_40

Shut down the system

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_41

Synchronize directory service data

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_42

Take ownership of files or other objects

http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_43

Access Control

http://msdn.microsoft.com/library/aa374860(v=VS.85).aspx

Microsoft Support article 251343

http://support.microsoft.com/kb/251343

rootDSE Modify Operations

http://msdn.microsoft.com/library/cc223297.aspx

AD DS Backup and Recovery Step-by-Step Guide

http://technet.microsoft.com/library/cc771290(v=ws.10).aspx

Windows Configurations for Kerberos Supported Encryption Type

http://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx

UAC Processes and Interactions

http://technet.microsoft.com/library/dd835561(v=WS.10).aspx#1

EmpowerID

http://www.empowerid.com/products/authorizationservices

Role-based access control (RBAC)

http://pic.dhe.ibm.com/infocenter/aix/v7r1/index.jsp?topic=%2Fcom.ibm.aix.security%2Fdoc%2Fsecurity%2Fdomain_rbac.htm

The RBAC model

http://docs.oracle.com/cd/E19082-01/819-3321/6n5i4b7ap/index.html

Active Directory-centric access control

http://www.centrify.com/solutions/it-security-access-control.asp

Cyber-Ark’s Privileged Identity Management (PIM) Suite

http://www.cyber-ark.com/digital-vault-products/pim-suite/index.asp

Quest One

http://www.quest.com/landing/?id=7370&gclid=CJnNgNyr3rMCFYp_QgodXFwA3w

Enterprise Random Password Manager (ERPM)

http://www.liebsoft.com/Random_Password_Manager/

NetIQ Privileged User Manager

https://www.netiq.com/products/privileged-user-manager/

CA IdentityMinder™

http://awards.scmagazine.com/ca-technologies-ca-identity-manager

Description of security events in Windows Vista and in Windows Server 2008

http://support.microsoft.com/kb/947226

Description of security events in Windows 7 and in Windows Server 2008 R2

http://support.microsoft.com/kb/977519

Security Audit Events for Windows 7

http://www.microsoft.com/download/details.aspx?id=21561

Windows Server 2008 R2 and Windows 8 and Windows Server 2012 Security Event Details

http://www.microsoft.com/download/details.aspx?id=35753

Georgia Tech’s Emerging Cyber Threats for 2013 report

http://www.gtsecuritysummit.com/report.html

Microsoft Security Intelligence Report

http://www.microsoft.com/security/sir/default.aspx

Australian Government Defense Signals Directory Top 35 Mitigation Strategies

http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm

Cloud Computing Security Benefits

http://www.microsoft.com/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspx

Applying the Principle of Least Privilege to User Accounts on Windows

http://www.microsoft.com/download/details.aspx?id=4868

The Administrator Accounts Security Planning Guide

http://www.microsoft.com/download/details.aspx?id=19406

Best Practice Guide for Securing Active Directory Installations for Windows Server 2003

http://www.microsoft.com/download/details.aspx?id=16755

Best Practices for Delegating Active Directory Administration for Windows Server 2003

http://www.microsoft.com/en-us/download/details.aspx?id=21678

Microsoft Support Lifecycle

http://support.microsoft.com/common/international.aspx?RDPATH=%2flifecycle%2fdefault.aspx

Active Directory Technical Specification

http://msdn.microsoft.com/library/cc223122(v=prot.20).aspx

Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: “Access is denied”

http://support.microsoft.com/kb/932455

Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide

http://technet.microsoft.com/library/dd378897(WS.10).aspx

Strict KDC Validation

http://www.microsoft.com/download/details.aspx?id=6382

The following table contains a list of recommended reading that will assist you in enhancing the security of your Active Directory systems.

Recommended Reading

Georgia Tech’s Emerging Cyber Threats for 2014 Report

Microsoft Security Intelligence Report

Mitigating Pass-the-Hash (PTH) Attacks and Other Credential Theft Techniques

Australian Government Defense Signals Directory Top 35 Mitigation Strategies

2012 Data Breach Investigations Report - (Verizon, US Secret Service)

2009 Data Breach Investigations Report

Cloud Computing Security Benefits

Applying the Principle of Least Privilege to User Accounts on Windows

The Administrator Accounts Security Planning Guide

Best Practice Guide for Securing Active Directory Installations for Windows Server 2003

Best Practices for Delegating Active Directory Administration for Windows Server 2003

Microsoft Support Lifecycle

Active Directory Technical Specification - dSHeuristics information

Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: “Access is denied”

Best Practice Guide for Securing Active Directory Installations.doc

Hyper-V Security Guide

Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide.

Strict KDC Validation

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This white paper is for informational purposes only. Microsoft makes no warranties, express or implied, in this document.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, Active Directory, BitLocker, Hyper-V, Internet Explorer, Windows Vista, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

© 2013 Microsoft Corporation. All rights reserved.