Table of contents
TOC
Collapse the table of content
Expand the table of content

Appendix M: Document Links and Recommended Reading

Bill Mathers|Last Updated: 2/10/2017
|
4 Contributors

Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

The following table contains a list of links to external documents and their URLs so that readers of hard copies of this document can access this information. The links are listed in the order they appear in the document.

LinksURLs
10 Immutable Laws of Security Administrationhttp://technet.microsoft.com/library/cc722488.aspx
Microsoft Security Compliance Managerhttp://technet.microsoft.com/library/cc677002.aspx
Gartner Symposium ITXPOhttp://www.gartner.com/technology/symposium/orlando/
2012 Data Breach Investigations Report (DBIR)http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Ten Immutable Laws of Security (Version 2.0)http://technet.microsoft.com/security/hh278941.aspx
Using Heuristic Scanninghttp://technet.microsoft.com/library/bb418939.aspx
Drive-by downloadhttp://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx
Microsoft Support article 2526083http://support.microsoft.com/kb/2526083
Microsoft Support article 814777http://support.microsoft.com/kb/814777
Open Web Application Security Project (OWASP)https://www.owasp.org/index.php/Main_Page
Microsoft Security Development Lifecyclehttp://www.microsoft.com/security/sdl/default.aspx
Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniqueshttp://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques_English.pdf
Determined Adversaries and Targeted Attackshttp://www.microsoft.com/download/details.aspx?id=34793
Solution for management of built-in Administrator account's password via GPOhttp://code.msdn.microsoft.com/windowsdesktop/Solution-for-management-of-ae44e789
Microsoft Support article 817433http://support.microsoft.com/?id=817433
Microsoft Support article 973840http://support.microsoft.com/kb/973840
Administrator account is disabled by defaulthttp://technet.microsoft.com/library/cc753450.aspx
The Administrator Accounts Security Planning Guidehttp://technet.microsoft.com/library/cc162797.aspx
Microsoft Windows Security Resource Kithttp://www.microsoft.com/learning/en/us/book.aspx?ID=6815&locale=en-us
Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guidehttp://technet.microsoft.com/en-us/library/dd378897(WS.10).aspx
Windows Server Update Serviceshttp://technet.microsoft.com/windowsserver/bb332157
Personal Virtual Desktopshttp://technet.microsoft.com/library/dd759174.aspx
Read-Only Domain Controller Planning and Deployment Guidehttp://technet.microsoft.com/library/cc771744(WS.10).aspx
Running Domain Controllers in Hyper-Vhttp://technet.microsoft.com/library/dd363553(v=ws.10).aspx
Hyper-V Security Guidehttp://www.microsoft.com/download/details.aspx?id=16650
Ask the Directory Services Teamhttp://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx
How to configure a firewall for domains and trustshttp://support.microsoft.com/kb/179442
2009 Verizon Data Breach Reporthttp://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
2012 Verizon Data Breach reporthttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Introducing Auditing Changes in Windows 2008http://blogs.technet.com/b/askds/archive/2007/10/19/introducing-auditing-changes-in-windows-2008.aspx
Cool Auditing Tricks in Vista and 2008http://blogs.technet.com/b/askds/archive/2007/11/16/cool-auditing-tricks-in-vista-and-2008.aspx
Global Object Access Auditing is Magichttp://blogs.technet.com/b/askds/archive/2011/03/10/global-object-access-auditing-is-magic.aspx
One-Stop Shop for Auditing in Windows Server 2008 and Windows Vistahttp://blogs.technet.com/b/askds/archive/2008/03/27/one-stop-shop-for-auditing-in-windows-server-2008-and-windows-vista.aspx
AD DS Auditing Step-by-Step Guidehttp://technet.microsoft.com/library/a9c25483-89e2-4202-881c-ea8e02b4b2a5.aspx
Getting the Effective Audit Policy in Windows 7 and 2008 R2http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Sample scripthttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Audit Option Typehttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Advanced Security Auditing in Windows 7 and Windows Server 2008 R2http://social.technet.microsoft.com/wiki/contents/articles/advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx
Auditing and Compliance in Windows Server 2008http://technet.microsoft.com/magazine/2008.03.auditing.aspx
How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 Server domainhttp://support.microsoft.com/kb/921469
Advanced Security Audit Policy Step-by-Step Guidehttp://technet.microsoft.com/library/dd408940(WS.10).aspx
Threats and Countermeasures Guidehttp://technet.microsoft.com/library/hh125921(v=ws.10).aspx
MaxTokenSize and Kerberos Token Bloathttp://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx
Authentication Mechanism Assurancehttp://technet.microsoft.com/library/dd391847(v=WS.10).aspx
Microsoft Data Classification Toolkithttp://technet.microsoft.com/library/hh204743.aspx
Dynamic Access Controlhttp://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx
Absolute Softwarehttp://www.absolute.com/en/landing/Google/absolute-software-google/computrace-and-absolute-manage?gclid=CPPh5P6v3rMCFQtxQgodFEQAnA
Absolute Managehttp://www.absolute.com/landing/Google/absolute-manage-google/it-asset-management-software
Absolute Manage MDMhttp://www.absolute.com/landing/Google/MDM-google/mobile-device-management
SolarWindshttp://www.solarwinds.com/eminentware-products.aspx
EminentWare WSUS Extension Packhttp://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-WSUS-Extension-Pack-005-Datasheet2.pdf
EminentWare System Center Configuration Manager Extension Packhttp://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-Extension-Pack-for-CM-Datasheet-006-Revised.pdf
GFI Softwarehttp://www.gfi.com/?adv=952&loc=58&gclid=CLq9y5603rMCFal7QgodMFkAyA
GFI LanGuardhttp://www.gfi.com/network-security-vulnerability-scanner/?adv=952&loc=60&gclid=CP2t-7i03rMCFQuCQgodNkAA7g
Secuniahttp://secunia.com/
Secunia Corporate Software Inspector (CSI)http://secunia.com/products/corporate/csi/
Vulnerability Intelligence Managerhttp://secunia.com/vulnerability_intelligence/
eEye Digital Securityhttp://www.wideeyesecurity.com/?gclid=CK6b0sm13rMCFad_QgodhScAiw
Retina CS Managementhttp://www.wideeyesecurity.com/products.asp
Lumensionhttp://www.lumension.com/?rpLeadSourceId=5009&gclid=CKuai_e13rMCFal7QgodMFkAyA
Lumension Vulnerability Managementhttp://www.lumension.com/Solutions/Vulnerability-Management.aspx
Threats and Countermeasures Guide: User Rightshttp://technet.microsoft.com/library/hh125917(v=ws.10).aspx
Threats and Vulnerabilities Mitigationhttp://technet.microsoft.com/library/cc755181(v=ws.10).aspx
User Rightshttp://technet.microsoft.com/library/dd349804(v=WS.10).aspx
Access Credential Manager as a trusted callerhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_2
Access this computer from the networkhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_1
Act as part of the operating systemhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_3
Add workstations to domainhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_4
Adjust memory quotas for a processhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_5
Allow log on locallyhttp://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_6
Allow log on through Terminal Serviceshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_7
Back up files and directorieshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_8
Bypass traverse checkinghttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_9
Change the system timehttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_10
Change the time zonehttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_11
Create a pagefilehttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_12
Create a token objecthttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_13
Create global objectshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_14
Create permanent shared objectshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_15
Create symbolic linkshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_16
Debug programshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_17
Deny access to this computer from the networkhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18
Deny log on as a batch jobhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18a
Deny log on as a servicehttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_19
Deny log on locallyhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_20
Deny log on through Terminal Serviceshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_21
Enable computer and user accounts to be trusted for delegationhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_22
Force shutdown from a remote systemhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_23
Generate security auditshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_24
Impersonate a client after authenticationhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_25
Increase a process working sethttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_26
Increase scheduling priorityhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_27
Load and unload device drivershttp://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_28
Lock pages in memoryhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_29
Log on as a batch jobhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_30
Log on as a servicehttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_31
Manage auditing and security loghttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_32
Modify an object labelhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_33
Modify firmware environment valueshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_34
Perform volume maintenance taskshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_35
Profile single processhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_36
Profile system performancehttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_37
Remove computer from docking stationhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_38
Replace a process level tokenhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_39
Restore files and directorieshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_40
Shut down the systemhttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_41
Synchronize directory service datahttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_42
Take ownership of files or other objectshttp://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_43
Access Controlhttp://msdn.microsoft.com/library/aa374860(v=VS.85).aspx
Microsoft Support article 251343http://support.microsoft.com/kb/251343
rootDSE Modify Operationshttp://msdn.microsoft.com/library/cc223297.aspx
AD DS Backup and Recovery Step-by-Step Guidehttp://technet.microsoft.com/library/cc771290(v=ws.10).aspx
Windows Configurations for Kerberos Supported Encryption Typehttp://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx
UAC Processes and Interactionshttp://technet.microsoft.com/library/dd835561(v=WS.10).aspx#1
EmpowerIDhttp://www.empowerid.com/products/authorizationservices
Role-based access control (RBAC)http://pic.dhe.ibm.com/infocenter/aix/v7r1/index.jsp?topic=%2Fcom.ibm.aix.security%2Fdoc%2Fsecurity%2Fdomain_rbac.htm
The RBAC modelhttp://docs.oracle.com/cd/E19082-01/819-3321/6n5i4b7ap/index.html
Active Directory-centric access controlhttp://www.centrify.com/solutions/it-security-access-control.asp
Cyber-Ark's Privileged Identity Management (PIM) Suitehttp://www.cyber-ark.com/digital-vault-products/pim-suite/index.asp
Quest Onehttp://www.quest.com/landing/?id=7370&gclid=CJnNgNyr3rMCFYp_QgodXFwA3w
Enterprise Random Password Manager (ERPM)http://www.liebsoft.com/Random_Password_Manager/
NetIQ Privileged User Managerhttps://www.netiq.com/products/privileged-user-manager/
CA IdentityMinder?http://awards.scmagazine.com/ca-technologies-ca-identity-manager
Description of security events in Windows Vista and in Windows Server 2008http://support.microsoft.com/kb/947226
Description of security events in Windows 7 and in Windows Server 2008 R2http://support.microsoft.com/kb/977519
Security Audit Events for Windows 7http://www.microsoft.com/download/details.aspx?id=21561
Windows Server 2008 R2 and Windows 8 and Windows Server 2012 Security Event Detailshttp://www.microsoft.com/download/details.aspx?id=35753
Georgia Tech's Emerging Cyber Threats for 2013 reporthttp://www.gtsecuritysummit.com/report.html
Microsoft Security Intelligence Reporthttp://www.microsoft.com/security/sir/default.aspx
Australian Government Defense Signals Directory Top 35 Mitigation Strategieshttp://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
Cloud Computing Security Benefitshttp://www.microsoft.com/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspx
Applying the Principle of Least Privilege to User Accounts on Windowshttp://www.microsoft.com/download/details.aspx?id=4868
The Administrator Accounts Security Planning Guidehttp://www.microsoft.com/download/details.aspx?id=19406
Best Practice Guide for Securing Active Directory Installations for Windows Server 2003http://www.microsoft.com/download/details.aspx?id=16755
Best Practices for Delegating Active Directory Administration for Windows Server 2003http://www.microsoft.com/en-us/download/details.aspx?id=21678
Microsoft Support Lifecyclehttp://support.microsoft.com/common/international.aspx?RDPATH=%2flifecycle%2fdefault.aspx
Active Directory Technical Specificationhttp://msdn.microsoft.com/library/cc223122(v=prot.20).aspx
Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: "Access is denied"http://support.microsoft.com/kb/932455
Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guidehttp://technet.microsoft.com/library/dd378897(WS.10).aspx
Strict KDC Validationhttp://www.microsoft.com/download/details.aspx?id=6382

The following table contains a list of recommended reading that will assist you in enhancing the security of your Active Directory systems.

||
|-|
|Recommended Reading|
|Georgia Tech's Emerging Cyber Threats for 2014 Report|
|Microsoft Security Intelligence Report|
|Mitigating Pass-the-Hash (PTH) Attacks and Other Credential Theft Techniques|
|Australian Government Defense Signals Directory Top 35 Mitigation Strategies|
|2012 Data Breach Investigations Report - (Verizon, US Secret Service)|
|2009 Data Breach Investigations Report|
|Cloud Computing Security Benefits|
|Applying the Principle of Least Privilege to User Accounts on Windows|
|The Administrator Accounts Security Planning Guide|
|Best Practice Guide for Securing Active Directory Installations for Windows Server 2003|
|Best Practices for Delegating Active Directory Administration for Windows Server 2003|
|Microsoft Support Lifecycle|
|Active Directory Technical Specification - dSHeuristics information|
|Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: "Access is denied"|
|Best Practice Guide for Securing Active Directory Installations.doc|
|Hyper-V Security Guide|
|Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide.|
|Strict KDC Validation|

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This white paper is for informational purposes only. Microsoft makes no warranties, express or implied, in this document.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, Active Directory, BitLocker, Hyper-V, Internet Explorer, Windows Vista, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

? 2013 Microsoft Corporation. All rights reserved.

© 2017 Microsoft