附錄 m:文件的連結,並建議朗讀Appendix M: Document Links and Recommended Reading

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

下表包含清單連結到外部文件,以及他們的 Url,讓助讀程式的複本,本文件可存取此資訊。The following table contains a list of links to external documents and their URLs so that readers of hard copies of this document can access this information. 連結會列出它們會出現在 [文件的順序。The links are listed in the order they appear in the document.

連結Links UrlURLs
10 變的法律的安全性管理10 Immutable Laws of Security Administration http://technet.microsoft.com/library/cc722488.aspxhttp://technet.microsoft.com/library/cc722488.aspx
Microsoft Security Compliance ManagerMicrosoft Security Compliance Manager http://technet.microsoft.com/library/cc677002.aspxhttp://technet.microsoft.com/library/cc677002.aspx
Gartner 討論會 ITXPOGartner Symposium ITXPO http://www.gartner.com/technology/symposium/orlando/http://www.gartner.com/technology/symposium/orlando/
2012 資料違反調查報告 (DBIR)2012 Data Breach Investigations Report (DBIR) http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdfhttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
安全性 (2.0 版) 的 10 定律Ten Immutable Laws of Security (Version 2.0) http://technet.microsoft.com/security/hh278941.aspxhttp://technet.microsoft.com/security/hh278941.aspx
使用探索掃描Using Heuristic Scanning http://technet.microsoft.com/library/bb418939.aspxhttp://technet.microsoft.com/library/bb418939.aspx
磁碟機,下載Drive-by download http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspxhttp://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx
Microsoft 的支援文章 2526083Microsoft Support article 2526083 http://support.microsoft.com/kb/2526083http://support.microsoft.com/kb/2526083
Microsoft 的支援文章 814777Microsoft Support article 814777 http://support.microsoft.com/kb/814777http://support.microsoft.com/kb/814777
打開 Web 應用程式安全性專案 (OWASP)Open Web Application Security Project (OWASP) https://www.owasp.org/index.php/Main_Pagehttps://www.owasp.org/index.php/Main_Page
Microsoft Security 開發階段Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl/default.aspxhttp://www.microsoft.com/security/sdl/default.aspx
降低 Pass--Hash (PtH) 攻擊和其他認證竊取技術Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating Pass--Hash (PtH) 攻擊和其他認證竊取 Techniques_English.pdfhttp://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques_English.pdf
確定的對手和目標的攻擊Determined Adversaries and Targeted Attacks http://www.microsoft.com/download/details.aspx?id=34793http://www.microsoft.com/download/details.aspx?id=34793
管理建的密碼,透過 GPO 方案Solution for management of built-in Administrator account's password via GPO http://code.msdn.microsoft.com/windowsdesktop/Solution-for-management-of-ae44e789http://code.msdn.microsoft.com/windowsdesktop/Solution-for-management-of-ae44e789
Microsoft 的支援文章 817433Microsoft Support article 817433 http://support.microsoft.com/?id=817433http://support.microsoft.com/?id=817433
Microsoft 的支援文章 973840Microsoft Support article 973840 http://support.microsoft.com/kb/973840http://support.microsoft.com/kb/973840
預設停用管理員Administrator account is disabled by default http://technet.microsoft.com/library/cc753450.aspxhttp://technet.microsoft.com/library/cc753450.aspx
系統管理員帳號安全性規劃指南The Administrator Accounts Security Planning Guide http://technet.microsoft.com/library/cc162797.aspxhttp://technet.microsoft.com/library/cc162797.aspx
Microsoft Windows 安全性資源套件Microsoft Windows Security Resource Kit http://www.microsoft.com/learning/en/us/book.aspx?ID=6815&locale=en-ushttp://www.microsoft.com/learning/en/us/book.aspx?ID=6815&locale=en-us
在 Windows Server 2008 R2 逐步 AD ds 驗證機制保證Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide http://technet.microsoft.com/en-us/library/dd378897 (WS.10).aspxhttp://technet.microsoft.com/en-us/library/dd378897(WS.10).aspx
Windows Server Update ServicesWindows Server Update Services http://technet.microsoft.com/windowsserver/bb332157http://technet.microsoft.com/windowsserver/bb332157
個人 Virtual 桌面Personal Virtual Desktops http://technet.microsoft.com/library/dd759174.aspxhttp://technet.microsoft.com/library/dd759174.aspx
唯讀模式網域控制站的計畫和部署指南Read-Only Domain Controller Planning and Deployment Guide http://technet.microsoft.com/library/cc771744 (WS.10).aspxhttp://technet.microsoft.com/library/cc771744(WS.10).aspx
執行 HYPER-V 網域控制站Running Domain Controllers in Hyper-V http://technet.microsoft.com/library/dd363553 (v=ws.10).aspxhttp://technet.microsoft.com/library/dd363553(v=ws.10).aspx
HYPER-V 安全性指南Hyper-V Security Guide http://www.microsoft.com/download/details.aspx?id=16650http://www.microsoft.com/download/details.aspx?id=16650
要求服務 Directory 小組Ask the Directory Services Team http://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspxhttp://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx
如何設定針對網域和信任防火牆How to configure a firewall for domains and trusts http://support.microsoft.com/kb/179442http://support.microsoft.com/kb/179442
2009 Verizon 資料違反報告2009 Verizon Data Breach Report http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdfhttp://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
2012 Verizon 資料違約報告2012 Verizon Data Breach report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdfhttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
引進 Windows 2008 稽核變更Introducing Auditing Changes in Windows 2008 http://blogs.technet.com/b/askds/archive/2007/10/19/introducing-auditing-changes-in-windows-2008.aspxhttp://blogs.technet.com/b/askds/archive/2007/10/19/introducing-auditing-changes-in-windows-2008.aspx
很棒稽核 Vista 與 2008年技巧Cool Auditing Tricks in Vista and 2008 http://blogs.technet.com/b/askds/archive/2007/11/16/cool-auditing-tricks-in-vista-and-2008.aspxhttp://blogs.technet.com/b/askds/archive/2007/11/16/cool-auditing-tricks-in-vista-and-2008.aspx
稽核全球物件存取是魔力Global Object Access Auditing is Magic http://blogs.technet.com/b/askds/archive/2011/03/10/global-object-access-auditing-is-magic.aspxhttp://blogs.technet.com/b/askds/archive/2011/03/10/global-object-access-auditing-is-magic.aspx
Windows Server 2008 和 Windows Vista 中稽核一次購買One-Stop Shop for Auditing in Windows Server 2008 and Windows Vista http://blogs.technet.com/b/askds/archive/2008/03/27/one-stop-shop-for-auditing-in-windows-server-2008-and-windows-vista.aspxhttp://blogs.technet.com/b/askds/archive/2008/03/27/one-stop-shop-for-auditing-in-windows-server-2008-and-windows-vista.aspx
AD DS 稽核逐步AD DS Auditing Step-by-Step Guide http://technet.microsoft.com/library/a9c25483-89e2-4202-881c-ea8e02b4b2a5.aspxhttp://technet.microsoft.com/library/a9c25483-89e2-4202-881c-ea8e02b4b2a5.aspx
Windows 7 和 2008 R2 會生效稽核原則Getting the Effective Audit Policy in Windows 7 and 2008 R2 http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdfhttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
範例指令碼Sample script http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdfhttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
稽核選項類型Audit Option Type http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdfhttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
進階的安全性稽核 windows 7 和 Windows Server 2008 R2Advanced Security Auditing in Windows 7 and Windows Server 2008 R2 http://social.technet.microsoft.com/wiki/contents/articles/advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspxhttp://social.technet.microsoft.com/wiki/contents/articles/advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx
稽核和 Windows Server 2008 的相容性Auditing and Compliance in Windows Server 2008 http://technet.microsoft.com/magazine/2008.03.auditing.aspxhttp://technet.microsoft.com/magazine/2008.03.auditing.aspx
如何使用群組原則設定詳細的安全性稽核網域 Windows Server 2008、 Windows Server 2003 網域,或 Windows 2000 Server 網域中的 Windows vista 和 Windows Server 2008 電腦的設定How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 Server domain http://support.microsoft.com/kb/921469http://support.microsoft.com/kb/921469
進階安全性稽核原則 Step-by-Step 指南Advanced Security Audit Policy Step-by-Step Guide http://technet.microsoft.com/library/dd408940 (WS.10).aspxhttp://technet.microsoft.com/library/dd408940(WS.10).aspx
威脅和措施指南Threats and Countermeasures Guide http://technet.microsoft.com/library/hh125921 (v=ws.10).aspxhttp://technet.microsoft.com/library/hh125921(v=ws.10).aspx
MaxTokenSize 以及 Kerberos 權杖膨脹MaxTokenSize and Kerberos Token Bloat http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspxhttp://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx
驗證機制保證Authentication Mechanism Assurance http://technet.microsoft.com/library/dd391847 (v=WS.10).aspxhttp://technet.microsoft.com/library/dd391847(v=WS.10).aspx
Microsoft 資料分類工具組Microsoft Data Classification Toolkit http://technet.microsoft.com/library/hh204743.aspxhttp://technet.microsoft.com/library/hh204743.aspx
動態存取控制Dynamic Access Control http://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspxhttp://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx
絕對軟體Absolute Software http://www.absolute.com/en/landing/Google/absolute-software-google/computrace-and-absolute-manage?gclid=CPPh5P6v3rMCFQtxQgodFEQAnAhttp://www.absolute.com/en/landing/Google/absolute-software-google/computrace-and-absolute-manage?gclid=CPPh5P6v3rMCFQtxQgodFEQAnA
絕對值管理Absolute Manage http://www.absolute.com/landing/Google/absolute-manage-google/it-asset-management-softwarehttp://www.absolute.com/landing/Google/absolute-manage-google/it-asset-management-software
絕對值管理 MDMAbsolute Manage MDM http://www.absolute.com/landing/Google/MDM-google/mobile-device-managementhttp://www.absolute.com/landing/Google/MDM-google/mobile-device-management
SolarWindsSolarWinds http://www.solarwinds.com/eminentware-products.aspxhttp://www.solarwinds.com/eminentware-products.aspx
EminentWare WSUS 副檔名套件EminentWare WSUS Extension Pack http://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-WSUS-Extension-Pack-005-Datasheet2.pdfhttp://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-WSUS-Extension-Pack-005-Datasheet2.pdf
EminentWare System Center Configuration Manager 副檔名套件EminentWare System Center Configuration Manager Extension Pack http://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-Extension-Pack-for-CM-Datasheet-006-Revised.pdfhttp://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-Extension-Pack-for-CM-Datasheet-006-Revised.pdf
GFI 軟體GFI Software http://www.gfi.com/?adv=952&loc=58&gclid=CLq9y5603rMCFal7QgodMFkAyAhttp://www.gfi.com/?adv=952&loc=58&gclid=CLq9y5603rMCFal7QgodMFkAyA
GFI LanGuardGFI LanGuard http://www.gfi.com/network-security-vulnerability-scanner/?adv=952&loc=60&gclid=CP2t-7i03rMCFQuCQgodNkAA7ghttp://www.gfi.com/network-security-vulnerability-scanner/?adv=952&loc=60&gclid=CP2t-7i03rMCFQuCQgodNkAA7g
SecuniaSecunia http://secunia.com/http://secunia.com/
Secunia 公司的軟體 Inspector (CSI)Secunia Corporate Software Inspector (CSI) http://secunia.com/products/corporate/csi/http://secunia.com/products/corporate/csi/
弱點 Intelligence 管理員Vulnerability Intelligence Manager http://secunia.com/vulnerability_intelligence/http://secunia.com/vulnerability_intelligence/
eEye 數位安全性eEye Digital Security http://www.wideeyesecurity.com/?gclid=CK6b0sm13rMCFad_QgodhScAiwhttp://www.wideeyesecurity.com/?gclid=CK6b0sm13rMCFad_QgodhScAiw
視網膜 CS 管理Retina CS Management http://www.wideeyesecurity.com/products.asphttp://www.wideeyesecurity.com/products.asp
LumensionLumension http://www.lumension.com/?rpLeadSourceId=5009&gclid=CKuai_e13rMCFal7QgodMFkAyAhttp://www.lumension.com/?rpLeadSourceId=5009&gclid=CKuai_e13rMCFal7QgodMFkAyA
Lumension 弱點管理Lumension Vulnerability Management http://www.lumension.com/Solutions/Vulnerability-Management.aspxhttp://www.lumension.com/Solutions/Vulnerability-Management.aspx
威脅和措施快速入門: 使用者權限Threats and Countermeasures Guide: User Rights http://technet.microsoft.com/library/hh125917 (v=ws.10).aspxhttp://technet.microsoft.com/library/hh125917(v=ws.10).aspx
威脅和弱點防護Threats and Vulnerabilities Mitigation http://technet.microsoft.com/library/cc755181 (v=ws.10).aspxhttp://technet.microsoft.com/library/cc755181(v=ws.10).aspx
使用者權限User Rights http://technet.microsoft.com/library/dd349804 (v=WS.10).aspxhttp://technet.microsoft.com/library/dd349804(v=WS.10).aspx
存取認證管理員做受信任的本機號碼Access Credential Manager as a trusted caller http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_2http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_2
從網路存取此電腦Access this computer from the network http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_1http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_1
做為作業系統的一部分Act as part of the operating system http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_3http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_3
加入網域工作站Add workstations to domain http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_4http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_4
調整記憶體配額處理程序Adjust memory quotas for a process http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_5http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_5
在本機允許登入Allow log on locally http://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_6http://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_6
允許透過車票服務登入Allow log on through Terminal Services http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_7http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_7
備份的檔案和目錄Back up files and directories http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_8http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_8
略過周遊檢查Bypass traverse checking http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_9http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_9
變更系統時間Change the system time http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_10http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_10
變更時區Change the time zone http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_11http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_11
建立分頁檔Create a pagefile http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_12http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_12
建立權杖物件Create a token object http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_13http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_13
建立通用物件Create global objects http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_14http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_14
建立永久共用的物件Create permanent shared objects http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_15http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_15
建立符號的連結Create symbolic links http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_16http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_16
程式進行偵錯Debug programs http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_17http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_17
拒絕從網路存取此電腦Deny access to this computer from the network http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_18http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18
拒絕以分批登入Deny log on as a batch job http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_18ahttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18a
拒絕登入即服務Deny log on as a service http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_19http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_19
在本機拒絕登入Deny log on locally http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_20http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_20
透過車票服務拒絕登入Deny log on through Terminal Services http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_21http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_21
讓電腦和使用者帳號受信任的委派Enable computer and user accounts to be trusted for delegation http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_22http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_22
從遠端系統推動關機Force shutdown from a remote system http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_23http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_23
產生安全性稽核Generate security audits http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_24http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_24
驗證後模擬 clientImpersonate a client after authentication http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_25http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_25
增加程序運作設定Increase a process working set http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_26http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_26
增加排定優先順序Increase scheduling priority http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_27http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_27
載入,而且釋放裝置驅動程式Load and unload device drivers http://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_28http://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_28
在記憶體中的鎖定頁面Lock pages in memory http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_29http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_29
分批身分登入Log on as a batch job http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_30http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_30
登入即服務Log on as a service http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_31http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_31
管理稽核及安全的登入Manage auditing and security log http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_32http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_32
修改物件標籤Modify an object label http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_33http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_33
修改 firmware 環境值Modify firmware environment values http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_34http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_34
執行音量維護工作Perform volume maintenance tasks http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_35http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_35
設定檔單一程序Profile single process http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_36http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_36
設定檔的系統效能Profile system performance http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_37http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_37
連接基座移除電腦Remove computer from docking station http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_38http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_38
取代程序層級Replace a process level token http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_39http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_39
還原的檔案和目錄Restore files and directories http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_40http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_40
關機Shut down the system http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_41http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_41
同步處理 directory 服務的資料Synchronize directory service data http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_42http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_42
取得檔案或其他物件的擁有權Take ownership of files or other objects http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6 (v=ws.10)#BKMK_43http://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_43
存取控制Access Control http://msdn.microsoft.com/library/aa374860 (v=VS.85).aspxhttp://msdn.microsoft.com/library/aa374860(v=VS.85).aspx
Microsoft 的支援文章 251343Microsoft Support article 251343 http://support.microsoft.com/kb/251343http://support.microsoft.com/kb/251343
進行 rootDSE 修改作業rootDSE Modify Operations http://msdn.microsoft.com/library/cc223297.aspxhttp://msdn.microsoft.com/library/cc223297.aspx
AD DS 備份與還原逐步AD DS Backup and Recovery Step-by-Step Guide http://technet.microsoft.com/library/cc771290 (v=ws.10).aspxhttp://technet.microsoft.com/library/cc771290(v=ws.10).aspx
Windows 設定中的 Kerberos 支援加密類型Windows Configurations for Kerberos Supported Encryption Type http://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspxhttp://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx
UAC 處理程序與互動UAC Processes and Interactions http://technet.microsoft.com/library/dd835561 (v=WS.10).aspx#1http://technet.microsoft.com/library/dd835561(v=WS.10).aspx#1
EmpowerIDEmpowerID http://www.empowerid.com/products/authorizationserviceshttp://www.empowerid.com/products/authorizationservices
以角色為基礎的存取控制 (RBAC)Role-based access control (RBAC) http://pic.dhe.ibm.com/infocenter/aix/v7r1/index.jsp?topic=%2Fcom.ibm.aix.security%2Fdoc%2Fsecurity%2Fdomain_rbac.htmhttp://pic.dhe.ibm.com/infocenter/aix/v7r1/index.jsp?topic=%2Fcom.ibm.aix.security%2Fdoc%2Fsecurity%2Fdomain_rbac.htm
RBAC 模型The RBAC model http://docs.oracle.com/cd/E19082-01/819-3321/6n5i4b7ap/index.htmlhttp://docs.oracle.com/cd/E19082-01/819-3321/6n5i4b7ap/index.html
Active Directory 中心存取控制Active Directory-centric access control http://www.centrify.com/solutions/it-security-access-control.asphttp://www.centrify.com/solutions/it-security-access-control.asp
充滿網路-標記的權限的身分 (PIM) 管理組件Cyber-Ark's Privileged Identity Management (PIM) Suite http://www.cyber-ark.com/digital-vault-products/pim-suite/index.asphttp://www.cyber-ark.com/digital-vault-products/pim-suite/index.asp
個任務Quest One http://www.quest.com/landing/?id=7370&gclid=CJnNgNyr3rMCFYp_QgodXFwA3whttp://www.quest.com/landing/?id=7370&gclid=CJnNgNyr3rMCFYp_QgodXFwA3w
企業隨機密碼管理員 (ERPM)Enterprise Random Password Manager (ERPM) http://www.liebsoft.com/Random_Password_Manager/http://www.liebsoft.com/Random_Password_Manager/
使用者 NetIQ 權限管理員]NetIQ Privileged User Manager https://www.netiq.com/products/privileged-user-manager/https://www.netiq.com/products/privileged-user-manager/
CA IdentityMinder 嗎?CA IdentityMinder? http://awards.scmagazine.com/ca-technologies-ca-identity-managerhttp://awards.scmagazine.com/ca-technologies-ca-identity-manager
Windows Server 2008 和 Windows Vista 中的安全性事件的描述Description of security events in Windows Vista and in Windows Server 2008 http://support.microsoft.com/kb/947226http://support.microsoft.com/kb/947226
在 Windows 7 和 Windows Server 2008 R2 的安全性事件的描述Description of security events in Windows 7 and in Windows Server 2008 R2 http://support.microsoft.com/kb/977519http://support.microsoft.com/kb/977519
安全性稽核事件適用於 Windows 7Security Audit Events for Windows 7 http://www.microsoft.com/download/details.aspx?id=21561http://www.microsoft.com/download/details.aspx?id=21561
Windows Server 2008 R2 和 Windows 8 和 Windows Server 2012 安全性事件的詳細資料Windows Server 2008 R2 and Windows 8 and Windows Server 2012 Security Event Details http://www.microsoft.com/download/details.aspx?id=35753http://www.microsoft.com/download/details.aspx?id=35753
2013 報告的喬治亞科技新興充滿網路威脅Georgia Tech's Emerging Cyber Threats for 2013 report http://www.gtsecuritysummit.com/report.htmlhttp://www.gtsecuritysummit.com/report.html
Microsoft 安全性 Intelligence 報告Microsoft Security Intelligence Report http://www.microsoft.com/security/sir/default.aspxhttp://www.microsoft.com/security/sir/default.aspx
澳大利亞政府防禦訊號 Directory 頂端 35 降低策略Australian Government Defense Signals Directory Top 35 Mitigation Strategies http://www.dsd.gov.au/infosec/top35mitigationstrategies.htmhttp://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
雲端運算安全性優點Cloud Computing Security Benefits http://www.microsoft.com/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspxhttp://www.microsoft.com/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspx
帳號,Windows 上套用原則的權限Applying the Principle of Least Privilege to User Accounts on Windows http://www.microsoft.com/download/details.aspx?id=4868http://www.microsoft.com/download/details.aspx?id=4868
系統管理員帳號安全性規劃指南The Administrator Accounts Security Planning Guide http://www.microsoft.com/download/details.aspx?id=19406http://www.microsoft.com/download/details.aspx?id=19406
最佳做法指南保護 Active Directory 安裝適用於 Windows Server 2003Best Practice Guide for Securing Active Directory Installations for Windows Server 2003 http://www.microsoft.com/download/details.aspx?id=16755http://www.microsoft.com/download/details.aspx?id=16755
Active Directory 的管理委派的最佳做法適用於 Windows Server 2003Best Practices for Delegating Active Directory Administration for Windows Server 2003 http://www.microsoft.com/en-us/download/details.aspx?id=21678http://www.microsoft.com/en-us/download/details.aspx?id=21678
Microsoft 支援服務週期Microsoft Support Lifecycle http://support.microsoft.com/common/international.aspx?RDPATH=%2flifecycle%2fdefault.aspxhttp://support.microsoft.com/common/international.aspx?RDPATH=%2flifecycle%2fdefault.aspx
Active Directory 技術規格Active Directory Technical Specification http://msdn.microsoft.com/library/cc223122 (v=prot.20).aspxhttp://msdn.microsoft.com/library/cc223122(v=prot.20).aspx
嘗試將電腦加入 Windows Server 2003 根據或 Windows Server 2008 的網域控制站的已委派的控制項非系統管理員使用者的錯誤訊息: 「 存取]Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: "Access is denied" http://support.microsoft.com/kb/932455http://support.microsoft.com/kb/932455
在 Windows Server 2008 R2 逐步 AD ds 驗證機制保證Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide http://technet.microsoft.com/library/dd378897 (WS.10).aspxhttp://technet.microsoft.com/library/dd378897(WS.10).aspx
嚴格 KDC 驗證Strict KDC Validation http://www.microsoft.com/download/details.aspx?id=6382http://www.microsoft.com/download/details.aspx?id=6382

下表包含可協助您在提升 Active Directory 系統的安全性建議朗讀的清單。The following table contains a list of recommended reading that will assist you in enhancing the security of your Active Directory systems.

||
|---|
|建議朗讀Recommended Reading|
|喬治亞科技新興充滿網路威脅的 2014年報告的畫面Georgia Tech's Emerging Cyber Threats for 2014 Report|
|Microsoft 安全性 Intelligence 報告Microsoft Security Intelligence Report|
|降低 Pass--Hash (PTH) 攻擊和其他認證竊取技術Mitigating Pass-the-Hash (PTH) Attacks and Other Credential Theft Techniques|
|澳大利亞政府防禦訊號 Directory 頂端 35 降低策略Australian Government Defense Signals Directory Top 35 Mitigation Strategies|
|2012 資料違反調查報告層 (美國 Verizon、 密碼服務)2012 Data Breach Investigations Report - (Verizon, US Secret Service)|
|2009 資料違反調查報告2009 Data Breach Investigations Report|
|雲端運算安全性優點Cloud Computing Security Benefits|
|帳號,Windows 上套用原則的權限Applying the Principle of Least Privilege to User Accounts on Windows|
|系統管理員帳號安全性規劃指南The Administrator Accounts Security Planning Guide|
|最佳做法指南保護 Active Directory 安裝適用於 Windows Server 2003Best Practice Guide for Securing Active Directory Installations for Windows Server 2003|
|Active Directory 的管理委派的最佳做法適用於 Windows Server 2003Best Practices for Delegating Active Directory Administration for Windows Server 2003|
|Microsoft 支援服務週期Microsoft Support Lifecycle|
|Active Directory 技術規格-dSHeuristics 資訊Active Directory Technical Specification - dSHeuristics information|
|嘗試將電腦加入 Windows Server 2003 根據或 Windows Server 2008 的網域控制站的已委派的控制項非系統管理員使用者的錯誤訊息: 「 存取]Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: "Access is denied"|
|保護 Active Directory Installations.doc 的最佳做法指南Best Practice Guide for Securing Active Directory Installations.doc|
|HYPER-V 安全性指南Hyper-V Security Guide|
|在 Windows Server 2008 R2 逐步 AD ds 驗證機制保證Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide.|
|嚴格 KDC 驗證Strict KDC Validation|

本文件中所包含的資訊表示目前檢視的 Microsoft Corporation 的發行日期討論問題。The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Microsoft 必須變更市場條件回應,因為它不應解譯為承諾的一部分,並且 Microsoft 並 Microsoft 不保證的發行日期之後所提供資訊之正確性。Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

此白皮書是僅供參考之用。This white paper is for informational purposes only. Microsoft 不做任何明確或隱含本文件。Microsoft makes no warranties, express or implied, in this document.

6microsoft 承諾遵守所有適用的著作權法負責的使用者。Complying with all applicable copyright laws is the responsibility of the user. 限制著作權,而本文件未部分可能會重現、 儲存,引入擷取系統,或任何形式方式 (電子,機械、 某種、 錄音,或其他方式),或傳送的 Microsoft Corporation 書面任何用途。Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft 可能就、 專利、 商標,著作權或其他本文件中的診斷作業權限。Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. 除非明示合約 microsoft 書面本文件不會不提供任何授權專利、 商標,著作權,或其他診斷作業。Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft Active Directory、 BitLocker HYPER-V、 Internet Explorer、 Windows Vista、 Windows 和 Windows Server 的且已的商標或美國及/或其他國家/地區中 Microsoft Corporation 的商標。Microsoft, Active Directory, BitLocker, Hyper-V, Internet Explorer, Windows Vista, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. 所有其他商標為的擁有者。All other trademarks are property of their respective owners.

範例公司組織,你、 網域名稱、 電子郵件地址、 連絡人、 的地點,以及事件是虛構。The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. 不任何公司的實際、 組織、 product、 網域名稱、 電子郵件地址、 商標、 連絡人、 的地方,事件是或應該推斷。No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

?? 2013 Microsoft Corporation。2013 Microsoft Corporation. 所有,並保留一切權利。All rights reserved.