Appendix M: Document Links and Recommended Reading

Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

The following table contains a list of links to external documents and their URLs so that readers of hard copies of this document can access this information. The links are listed in the order they appear in the document.

Links URLs
10 Immutable Laws of Security Administration http://technet.microsoft.com/library/cc722488.aspx
Microsoft Security Compliance Manager http://technet.microsoft.com/library/cc677002.aspx
Gartner Symposium ITXPO http://www.gartner.com/technology/symposium/orlando/
2012 Data Breach Investigations Report (DBIR) http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Ten Immutable Laws of Security (Version 2.0) http://technet.microsoft.com/security/hh278941.aspx
Using Heuristic Scanning http://technet.microsoft.com/library/bb418939.aspx
Drive-by download http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx
Microsoft Support article 2526083 http://support.microsoft.com/kb/2526083
Microsoft Support article 814777 http://support.microsoft.com/kb/814777
Open Web Application Security Project (OWASP) https://www.owasp.org/index.php/Main_Page
Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl/default.aspx
Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques_English.pdf
Determined Adversaries and Targeted Attacks http://www.microsoft.com/download/details.aspx?id=34793
Solution for management of built-in Administrator account's password via GPO http://code.msdn.microsoft.com/windowsdesktop/Solution-for-management-of-ae44e789
Microsoft Support article 817433 http://support.microsoft.com/?id=817433
Microsoft Support article 973840 http://support.microsoft.com/kb/973840
Administrator account is disabled by default http://technet.microsoft.com/library/cc753450.aspx
The Administrator Accounts Security Planning Guide http://technet.microsoft.com/library/cc162797.aspx
Microsoft Windows Security Resource Kit http://www.microsoft.com/learning/en/us/book.aspx?ID=6815&locale=en-us
Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide http://technet.microsoft.com/en-us/library/dd378897(WS.10).aspx
Windows Server Update Services http://technet.microsoft.com/windowsserver/bb332157
Personal Virtual Desktops http://technet.microsoft.com/library/dd759174.aspx
Read-Only Domain Controller Planning and Deployment Guide http://technet.microsoft.com/library/cc771744(WS.10).aspx
Running Domain Controllers in Hyper-V http://technet.microsoft.com/library/dd363553(v=ws.10).aspx
Hyper-V Security Guide http://www.microsoft.com/download/details.aspx?id=16650
Ask the Directory Services Team http://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx
How to configure a firewall for domains and trusts http://support.microsoft.com/kb/179442
2009 Verizon Data Breach Report http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
2012 Verizon Data Breach report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Introducing Auditing Changes in Windows 2008 http://blogs.technet.com/b/askds/archive/2007/10/19/introducing-auditing-changes-in-windows-2008.aspx
Cool Auditing Tricks in Vista and 2008 http://blogs.technet.com/b/askds/archive/2007/11/16/cool-auditing-tricks-in-vista-and-2008.aspx
Global Object Access Auditing is Magic http://blogs.technet.com/b/askds/archive/2011/03/10/global-object-access-auditing-is-magic.aspx
One-Stop Shop for Auditing in Windows Server 2008 and Windows Vista http://blogs.technet.com/b/askds/archive/2008/03/27/one-stop-shop-for-auditing-in-windows-server-2008-and-windows-vista.aspx
AD DS Auditing Step-by-Step Guide http://technet.microsoft.com/library/a9c25483-89e2-4202-881c-ea8e02b4b2a5.aspx
Getting the Effective Audit Policy in Windows 7 and 2008 R2 http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Sample script http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Audit Option Type http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Advanced Security Auditing in Windows 7 and Windows Server 2008 R2 http://social.technet.microsoft.com/wiki/contents/articles/advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx
Auditing and Compliance in Windows Server 2008 http://technet.microsoft.com/magazine/2008.03.auditing.aspx
How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 Server domain http://support.microsoft.com/kb/921469
Advanced Security Audit Policy Step-by-Step Guide http://technet.microsoft.com/library/dd408940(WS.10).aspx
Threats and Countermeasures Guide http://technet.microsoft.com/library/hh125921(v=ws.10).aspx
MaxTokenSize and Kerberos Token Bloat http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx
Authentication Mechanism Assurance http://technet.microsoft.com/library/dd391847(v=WS.10).aspx
Microsoft Data Classification Toolkit http://technet.microsoft.com/library/hh204743.aspx
Dynamic Access Control http://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx
Absolute Software http://www.absolute.com/en/landing/Google/absolute-software-google/computrace-and-absolute-manage?gclid=CPPh5P6v3rMCFQtxQgodFEQAnA
Absolute Manage http://www.absolute.com/landing/Google/absolute-manage-google/it-asset-management-software
Absolute Manage MDM http://www.absolute.com/landing/Google/MDM-google/mobile-device-management
SolarWinds http://www.solarwinds.com/eminentware-products.aspx
EminentWare WSUS Extension Pack http://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-WSUS-Extension-Pack-005-Datasheet2.pdf
EminentWare System Center Configuration Manager Extension Pack http://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-Extension-Pack-for-CM-Datasheet-006-Revised.pdf
GFI Software http://www.gfi.com/?adv=952&loc=58&gclid=CLq9y5603rMCFal7QgodMFkAyA
GFI LanGuard http://www.gfi.com/network-security-vulnerability-scanner/?adv=952&loc=60&gclid=CP2t-7i03rMCFQuCQgodNkAA7g
Secunia http://secunia.com/
Secunia Corporate Software Inspector (CSI) http://secunia.com/products/corporate/csi/
Vulnerability Intelligence Manager http://secunia.com/vulnerability_intelligence/
eEye Digital Security http://www.wideeyesecurity.com/?gclid=CK6b0sm13rMCFad_QgodhScAiw
Retina CS Management http://www.wideeyesecurity.com/products.asp
Lumension http://www.lumension.com/?rpLeadSourceId=5009&gclid=CKuai_e13rMCFal7QgodMFkAyA
Lumension Vulnerability Management http://www.lumension.com/Solutions/Vulnerability-Management.aspx
Threats and Countermeasures Guide: User Rights http://technet.microsoft.com/library/hh125917(v=ws.10).aspx
Threats and Vulnerabilities Mitigation http://technet.microsoft.com/library/cc755181(v=ws.10).aspx
User Rights http://technet.microsoft.com/library/dd349804(v=WS.10).aspx
Access Credential Manager as a trusted caller http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_2
Access this computer from the network http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_1
Act as part of the operating system http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_3
Add workstations to domain http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_4
Adjust memory quotas for a process http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_5
Allow log on locally http://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_6
Allow log on through Terminal Services http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_7
Back up files and directories http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_8
Bypass traverse checking http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_9
Change the system time http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_10
Change the time zone http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_11
Create a pagefile http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_12
Create a token object http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_13
Create global objects http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_14
Create permanent shared objects http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_15
Create symbolic links http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_16
Debug programs http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_17
Deny access to this computer from the network http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18
Deny log on as a batch job http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18a
Deny log on as a service http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_19
Deny log on locally http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_20
Deny log on through Terminal Services http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_21
Enable computer and user accounts to be trusted for delegation http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_22
Force shutdown from a remote system http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_23
Generate security audits http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_24
Impersonate a client after authentication http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_25
Increase a process working set http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_26
Increase scheduling priority http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_27
Load and unload device drivers http://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_28
Lock pages in memory http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_29
Log on as a batch job http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_30
Log on as a service http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_31
Manage auditing and security log http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_32
Modify an object label http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_33
Modify firmware environment values http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_34
Perform volume maintenance tasks http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_35
Profile single process http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_36
Profile system performance http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_37
Remove computer from docking station http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_38
Replace a process level token http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_39
Restore files and directories http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_40
Shut down the system http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_41
Synchronize directory service data http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_42
Take ownership of files or other objects http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_43
Access Control http://msdn.microsoft.com/library/aa374860(v=VS.85).aspx
Microsoft Support article 251343 http://support.microsoft.com/kb/251343
rootDSE Modify Operations http://msdn.microsoft.com/library/cc223297.aspx
AD DS Backup and Recovery Step-by-Step Guide http://technet.microsoft.com/library/cc771290(v=ws.10).aspx
Windows Configurations for Kerberos Supported Encryption Type http://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx
UAC Processes and Interactions http://technet.microsoft.com/library/dd835561(v=WS.10).aspx#1
EmpowerID http://www.empowerid.com/products/authorizationservices
Role-based access control (RBAC) http://pic.dhe.ibm.com/infocenter/aix/v7r1/index.jsp?topic=%2Fcom.ibm.aix.security%2Fdoc%2Fsecurity%2Fdomain_rbac.htm
The RBAC model http://docs.oracle.com/cd/E19082-01/819-3321/6n5i4b7ap/index.html
Active Directory-centric access control http://www.centrify.com/solutions/it-security-access-control.asp
Cyber-Ark's Privileged Identity Management (PIM) Suite http://www.cyber-ark.com/digital-vault-products/pim-suite/index.asp
Quest One http://www.quest.com/landing/?id=7370&gclid=CJnNgNyr3rMCFYp_QgodXFwA3w
Enterprise Random Password Manager (ERPM) http://www.liebsoft.com/Random_Password_Manager/
NetIQ Privileged User Manager https://www.netiq.com/products/privileged-user-manager/
CA IdentityMinder? http://awards.scmagazine.com/ca-technologies-ca-identity-manager
Description of security events in Windows Vista and in Windows Server 2008 http://support.microsoft.com/kb/947226
Description of security events in Windows 7 and in Windows Server 2008 R2 http://support.microsoft.com/kb/977519
Security Audit Events for Windows 7 http://www.microsoft.com/download/details.aspx?id=21561
Windows Server 2008 R2 and Windows 8 and Windows Server 2012 Security Event Details http://www.microsoft.com/download/details.aspx?id=35753
Georgia Tech's Emerging Cyber Threats for 2013 report http://www.gtsecuritysummit.com/report.html
Microsoft Security Intelligence Report http://www.microsoft.com/security/sir/default.aspx
Australian Government Defense Signals Directory Top 35 Mitigation Strategies http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
Cloud Computing Security Benefits http://www.microsoft.com/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspx
Applying the Principle of Least Privilege to User Accounts on Windows http://www.microsoft.com/download/details.aspx?id=4868
The Administrator Accounts Security Planning Guide http://www.microsoft.com/download/details.aspx?id=19406
Best Practice Guide for Securing Active Directory Installations for Windows Server 2003 http://www.microsoft.com/download/details.aspx?id=16755
Best Practices for Delegating Active Directory Administration for Windows Server 2003 http://www.microsoft.com/en-us/download/details.aspx?id=21678
Microsoft Support Lifecycle http://support.microsoft.com/common/international.aspx?RDPATH=%2flifecycle%2fdefault.aspx
Active Directory Technical Specification http://msdn.microsoft.com/library/cc223122(v=prot.20).aspx
Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: "Access is denied" http://support.microsoft.com/kb/932455
Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide http://technet.microsoft.com/library/dd378897(WS.10).aspx
Strict KDC Validation http://www.microsoft.com/download/details.aspx?id=6382

The following table contains a list of recommended reading that will assist you in enhancing the security of your Active Directory systems.

||
|---|
|Recommended Reading|
|Georgia Tech's Emerging Cyber Threats for 2014 Report|
|Microsoft Security Intelligence Report|
|Mitigating Pass-the-Hash (PTH) Attacks and Other Credential Theft Techniques|
|Australian Government Defense Signals Directory Top 35 Mitigation Strategies|
|2012 Data Breach Investigations Report - (Verizon, US Secret Service)|
|2009 Data Breach Investigations Report|
|Cloud Computing Security Benefits|
|Applying the Principle of Least Privilege to User Accounts on Windows|
|The Administrator Accounts Security Planning Guide|
|Best Practice Guide for Securing Active Directory Installations for Windows Server 2003|
|Best Practices for Delegating Active Directory Administration for Windows Server 2003|
|Microsoft Support Lifecycle|
|Active Directory Technical Specification - dSHeuristics information|
|Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: "Access is denied"|
|Best Practice Guide for Securing Active Directory Installations.doc|
|Hyper-V Security Guide|
|Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide.|
|Strict KDC Validation|

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This white paper is for informational purposes only. Microsoft makes no warranties, express or implied, in this document.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, Active Directory, BitLocker, Hyper-V, Internet Explorer, Windows Vista, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

? 2013 Microsoft Corporation. All rights reserved.