Appendix M: Document Links and Recommended Reading

Article
08/31/2016

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012

Appendix M: Document Links and Recommended Reading

Document Links

The following table contains a list of links to external documents and their URLs so that readers of hard copies of this document can access this information. The links are listed in the order they appear in the document.

Links	URLs
10 Immutable Laws of Security Administration	https://technet.microsoft.com/library/cc722488.aspx
Microsoft Security Compliance Manager	https://technet.microsoft.com/library/cc677002.aspx
Gartner Symposium ITXPO	https://www.gartner.com/technology/symposium/orlando/
2012 Data Breach Investigations Report (DBIR)	https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Ten Immutable Laws of Security (Version 2.0)	https://technet.microsoft.com/security/hh278941.aspx
Using Heuristic Scanning	https://technet.microsoft.com/library/bb418939.aspx
Drive-by download	https://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx
Microsoft Support article 2526083	https://support.microsoft.com/kb/2526083
Microsoft Support article 814777	https://support.microsoft.com/kb/814777
Open Web Application Security Project (OWASP)	https://www.owasp.org/index.php/Main_Page
Microsoft Security Development Lifecycle	https://www.microsoft.com/security/sdl/default.aspx
Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques	https://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques_English.pdf
Determined Adversaries and Targeted Attacks	https://www.microsoft.com/download/details.aspx?id=34793
Solution for management of built-in Administrator account's password via GPO	https://code.msdn.microsoft.com/windowsdesktop/Solution-for-management-of-ae44e789
Microsoft Support article 817433	https://support.microsoft.com/?id=817433
Microsoft Support article 973840	https://support.microsoft.com/kb/973840
Administrator account is disabled by default	https://technet.microsoft.com/library/cc753450.aspx
The Administrator Accounts Security Planning Guide	https://technet.microsoft.com/library/cc162797.aspx
Microsoft Windows Security Resource Kit	https://www.microsoft.com/learning/en/us/book.aspx?ID=6815&locale=en-us
Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide	https://technet.microsoft.com/en-us/library/dd378897(WS.10).aspx
Windows Server Update Services	https://technet.microsoft.com/windowsserver/bb332157
Personal Virtual Desktops	https://technet.microsoft.com/library/dd759174.aspx
Read-Only Domain Controller Planning and Deployment Guide	https://technet.microsoft.com/library/cc771744(WS.10).aspx
Running Domain Controllers in Hyper-V	https://technet.microsoft.com/library/dd363553(v=ws.10).aspx
Hyper-V Security Guide	https://www.microsoft.com/download/details.aspx?id=16650
Ask the Directory Services Team	https://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx
How to configure a firewall for domains and trusts	https://support.microsoft.com/kb/179442
2009 Verizon Data Breach Report	https://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
2012 Verizon Data Breach report	https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Introducing Auditing Changes in Windows 2008	https://blogs.technet.com/b/askds/archive/2007/10/19/introducing-auditing-changes-in-windows-2008.aspx
Cool Auditing Tricks in Vista and 2008	https://blogs.technet.com/b/askds/archive/2007/11/16/cool-auditing-tricks-in-vista-and-2008.aspx
Global Object Access Auditing is Magic	https://blogs.technet.com/b/askds/archive/2011/03/10/global-object-access-auditing-is-magic.aspx
One-Stop Shop for Auditing in Windows Server 2008 and Windows Vista	https://blogs.technet.com/b/askds/archive/2008/03/27/one-stop-shop-for-auditing-in-windows-server-2008-and-windows-vista.aspx
AD DS Auditing Step-by-Step Guide	https://technet.microsoft.com/library/a9c25483-89e2-4202-881c-ea8e02b4b2a5.aspx
Getting the Effective Audit Policy in Windows 7 and 2008 R2	https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Sample script	https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Audit Option Type	https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Advanced Security Auditing in Windows 7 and Windows Server 2008 R2	https://social.technet.microsoft.com/wiki/contents/articles/advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx
Auditing and Compliance in Windows Server 2008	https://technet.microsoft.com/magazine/2008.03.auditing.aspx
How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 Server domain	https://support.microsoft.com/kb/921469
Advanced Security Audit Policy Step-by-Step Guide	https://technet.microsoft.com/library/dd408940(WS.10).aspx
Threats and Countermeasures Guide	https://technet.microsoft.com/library/hh125921(v=ws.10).aspx
MaxTokenSize and Kerberos Token Bloat	https://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx
Authentication Mechanism Assurance	https://technet.microsoft.com/library/dd391847(v=WS.10).aspx
Microsoft Data Classification Toolkit	https://technet.microsoft.com/library/hh204743.aspx
Dynamic Access Control	https://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx
Absolute Software	https://www.absolute.com/en/landing/Google/absolute-software-google/computrace-and-absolute-manage?gclid=CPPh5P6v3rMCFQtxQgodFEQAnA
Absolute Manage	https://www.absolute.com/landing/Google/absolute-manage-google/it-asset-management-software
Absolute Manage MDM	https://www.absolute.com/landing/Google/MDM-google/mobile-device-management
SolarWinds	https://www.solarwinds.com/eminentware-products.aspx
EminentWare WSUS Extension Pack	https://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-WSUS-Extension-Pack-005-Datasheet2.pdf
EminentWare System Center Configuration Manager Extension Pack	https://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-Extension-Pack-for-CM-Datasheet-006-Revised.pdf
GFI Software	https://www.gfi.com/?adv=952&loc=58&gclid=CLq9y5603rMCFal7QgodMFkAyA
GFI LanGuard	https://www.gfi.com/network-security-vulnerability-scanner/?adv=952&loc=60&gclid=CP2t-7i03rMCFQuCQgodNkAA7g
Secunia	https://secunia.com/
Secunia Corporate Software Inspector (CSI)	https://secunia.com/products/corporate/csi/
Vulnerability Intelligence Manager	https://secunia.com/vulnerability_intelligence/
eEye Digital Security	https://www.wideeyesecurity.com/?gclid=CK6b0sm13rMCFad_QgodhScAiw
Retina CS Management	https://www.wideeyesecurity.com/products.asp
Lumension	https://www.lumension.com/?rpLeadSourceId=5009&gclid=CKuai_e13rMCFal7QgodMFkAyA
Lumension Vulnerability Management	https://www.lumension.com/Solutions/Vulnerability-Management.aspx
Threats and Countermeasures Guide: User Rights	https://technet.microsoft.com/library/hh125917(v=ws.10).aspx
Threats and Vulnerabilities Mitigation	https://technet.microsoft.com/library/cc755181(v=ws.10).aspx
User Rights	https://technet.microsoft.com/library/dd349804(v=WS.10).aspx
Access Credential Manager as a trusted caller	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_2
Access this computer from the network	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_1
Act as part of the operating system	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_3
Add workstations to domain	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_4
Adjust memory quotas for a process	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_5
Allow log on locally	https://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_6
Allow log on through Terminal Services	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_7
Back up files and directories	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_8
Bypass traverse checking	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_9
Change the system time	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_10
Change the time zone	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_11
Create a pagefile	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_12
Create a token object	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_13
Create global objects	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_14
Create permanent shared objects	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_15
Create symbolic links	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_16
Debug programs	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_17
Deny access to this computer from the network	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18
Deny log on as a batch job	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18a
Deny log on as a service	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_19
Deny log on locally	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_20
Deny log on through Terminal Services	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_21
Enable computer and user accounts to be trusted for delegation	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_22
Force shutdown from a remote system	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_23
Generate security audits	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_24
Impersonate a client after authentication	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_25
Increase a process working set	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_26
Increase scheduling priority	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_27
Load and unload device drivers	https://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_28
Lock pages in memory	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_29
Log on as a batch job	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_30
Log on as a service	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_31
Manage auditing and security log	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_32
Modify an object label	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_33
Modify firmware environment values	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_34
Perform volume maintenance tasks	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_35
Profile single process	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_36
Profile system performance	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_37
Remove computer from docking station	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_38
Replace a process level token	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_39
Restore files and directories	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_40
Shut down the system	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_41
Synchronize directory service data	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_42
Take ownership of files or other objects	https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_43
Access Control	https://msdn.microsoft.com/library/aa374860(v=VS.85).aspx
Microsoft Support article 251343	https://support.microsoft.com/kb/251343
rootDSE Modify Operations	https://msdn.microsoft.com/library/cc223297.aspx
AD DS Backup and Recovery Step-by-Step Guide	https://technet.microsoft.com/library/cc771290(v=ws.10).aspx
Windows Configurations for Kerberos Supported Encryption Type	https://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx
UAC Processes and Interactions	https://technet.microsoft.com/library/dd835561(v=WS.10).aspx#1
EmpowerID	https://www.empowerid.com/products/authorizationservices
Role-based access control (RBAC)	https://pic.dhe.ibm.com/infocenter/aix/v7r1/index.jsp?topic=%2Fcom.ibm.aix.security%2Fdoc%2Fsecurity%2Fdomain_rbac.htm
The RBAC model	https://docs.oracle.com/cd/E19082-01/819-3321/6n5i4b7ap/index.html
Active Directory-centric access control	https://www.centrify.com/solutions/it-security-access-control.asp
Cyber-Ark’s Privileged Identity Management (PIM) Suite	https://www.cyber-ark.com/digital-vault-products/pim-suite/index.asp
Quest One	https://www.quest.com/landing/?id=7370&gclid=CJnNgNyr3rMCFYp_QgodXFwA3w
Enterprise Random Password Manager (ERPM)	https://www.liebsoft.com/Random_Password_Manager/
NetIQ Privileged User Manager	https://www.netiq.com/products/privileged-user-manager/
CA IdentityMinder™	https://awards.scmagazine.com/ca-technologies-ca-identity-manager
Description of security events in Windows Vista and in Windows Server 2008	https://support.microsoft.com/kb/947226
Description of security events in Windows 7 and in Windows Server 2008 R2	https://support.microsoft.com/kb/977519
Security Audit Events for Windows 7	https://www.microsoft.com/download/details.aspx?id=21561
Windows Server 2008 R2 and Windows 8 and Windows Server 2012 Security Event Details	https://www.microsoft.com/download/details.aspx?id=35753
Georgia Tech’s Emerging Cyber Threats for 2013 report	https://www.gtsecuritysummit.com/report.html
Microsoft Security Intelligence Report	https://www.microsoft.com/security/sir/default.aspx
Australian Government Defense Signals Directory Top 35 Mitigation Strategies	https://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
Cloud Computing Security Benefits	https://www.microsoft.com/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspx
Applying the Principle of Least Privilege to User Accounts on Windows	https://www.microsoft.com/download/details.aspx?id=4868
The Administrator Accounts Security Planning Guide	https://www.microsoft.com/download/details.aspx?id=19406
Best Practice Guide for Securing Active Directory Installations for Windows Server 2003	https://www.microsoft.com/download/details.aspx?id=16755
Best Practices for Delegating Active Directory Administration for Windows Server 2003	https://www.microsoft.com/en-us/download/details.aspx?id=21678
Microsoft Support Lifecycle	https://support.microsoft.com/common/international.aspx?RDPATH=%2flifecycle%2fdefault.aspx
Active Directory Technical Specification	https://msdn.microsoft.com/library/cc223122(v=prot.20).aspx
Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: “Access is denied”	https://support.microsoft.com/kb/932455
Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide	https://technet.microsoft.com/library/dd378897(WS.10).aspx
Strict KDC Validation	https://www.microsoft.com/download/details.aspx?id=6382

Copyright Information

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This white paper is for informational purposes only. Microsoft makes no warranties, express or implied, in this document.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, Active Directory, BitLocker, Hyper-V, Internet Explorer, Windows Vista, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Appendix M: Document Links and Recommended Reading