The mark of a great security administrator has been said to be the ability to successfully balance the security of propriety and personal data with the usability of the system in a way that maximizes the productivity of the organization – none of which is as easy as it may sound. Fortunately, in Windows Server 2003, many of the security features that were either optional or suspect in earlier Windows operating systems have become solid and effective, making it the most secure operating system Microsoft has ever produced, and thereby facilitating the job of the security administrator. That is, if you know how to configure it properly.
In Windows Server 2003, security extends well beyond user logon-based measures to all objects within the operating system. Files on the hard drive, entries in the registry, software components – all of these elements have a security aspect based on the identity of the user or process accessing them. Operating system components can access objects only with the appropriate permissions and credentials. As Mike Danseglio and Robbie Allen are quick to note in the Windows Server 2003 Cookbook, “This can be both a benefit and a detriment.”
Danseglio and Allen admit that enforcing security restrictions on every component of the operating system can seem daunting. Setting appropriate security permissions is a task that requires detailed knowledge of the subject and the interaction between the components being configured. Misconfiguration of these permissions can cause undesirable behavior ranging in severity from a minor and easily fixed problem to a complete and irreversible loss of functionality.
The Windows Server 2003 Cookbook provides recipes for more than 250 of the security tasks that an administrator is likely to deal with in a Windows Server 2003 network. Each recipe starts with a brief description of the task or problem, followed by one or more step-by-step solutions and a discussion of the expected results, along with caveats and alternative approaches. Up to five solutions are presented for each recipe – from menu-drive, command-line, and scripting solutions to Registry and Group Policy approaches – to give administrators flexibility in choosing how to perform any given task.
Recipes in the 21 chapters are sorted by task domain or system service – from TCP/IP to Group Policy – to make it easy to find answers quickly. Topics include:
- Encrypting File System (EFS)
- Active Directory and Group Policy
- IIS, DNS, and DHCP
- Patch management
- Security templates
- Auditing and event logs
The book assumes a basic knowledge of Windows Server 2003 and how it works, and that the reader performs security tasks as one of his or her primary job functions. Readers should also be familiar with basic security concepts and terminology. As Danseglio and Allen explain, “We wrote these recipes to get right to the technical details, so we do not expect a novice or someone unfamiliar with Windows to be totally comfortable with our writing style.” They advise readers, “You should read each recipe with the understanding that we’re just trying to get you from a problem state to a solution state as quickly and efficiently as possible.”
Windows Server 2003 Cookbook is an action-oriented reference that will shore up your security as a sys admin as well as that of your users.
[tags]group policy,windows server 2003 security cookbook,mike danseglio,robbie allen,security admin[/tags]