Resource Kit Done!

Last Friday the last of the Windows Server 2008 Security Resource Kit finally went to press! This was a project I had not really planned and so, to complete it in time, I brought in an amazing crew of co-authors. Together, we managed to put together 17 chapters on how to manage security in one of the most exciting products this year.

 The contributors to the Security Resource Kit are:

  • Jimmy Andersson - Principal Advisor at Q Advice AB and Microsoft Active Directory MVP
  • Susan Bradley - Small Business Server MVP
  • Darren Canavor - Software Architect in the Windows Security group at Microsoft
  • Kurt Dillard - Consultant, and former Program Manager in the Microsoft Solutions for Security group
  • Eric Fitzgerald - Currently on the Forefront team, and formerly program manager for the auditing sub-system in Windows
  • Roger Grimes - Consultant in the ACE team at Microsoft
  • Byron Hynes - Enterprise Technology Strategist at Microsoft
  • Alun Jones - Creator of WFTPD, and Microsoft Security MVP
  • Brian Komar - President of IdentIT, Inc and Microsoft Security MVP
  • Brian Lich - Senior Technical Writer at Microsoft
  • Darren Mar-Elia - Founder and CTO of SDM Software, and Microsoft Group Policy MVP

The book has 16 chapters plus a bonus chapter on Rights Management Services on the CD. The chapters in the book are:

  1. Subjects, Users, and Other Actors
  2. Authenticators and Authentication Protocols
  3. Objects: The Stuff You Want
  4. Understanding UAC
  5. Windows Firewall(s)
  6. Services
  7. Group Policy
  8. Auditing
  9. Designing Active Directory Domain Services for Security
  10. Implementing Active Directory Certificate Services
  11. Securing Server Roles
  12. Patch Management
  13. Managing Security Dependencies to Secure Your Network
  14. Securing the Branch Office
  15. Small Business Considerations
  16. Securing Server Applications

As with my Protect Your Windows Network book, there are some assorted goodies on the CD. The first one is a much improved version of the command line elevation tool that I wrote for Windows Vista Security. It now includes not just command line elevation capability, but I also added the ability to launch an elevated Windows Explorer window. The easiest way to do that is by right-clicking the folder and selecting "Elevate Explorer Here" as shown here:

The ability to elevate Windows Explorer was not included in Windows Vista, nor in Windows Server 2008, because Explorer is not really designed to be run in multiple instances in the same session. However, I find that it works quite well in spite of that, and it is extremely useful when you need to perform multiple file operations requiring elevation.

Note the little green dot in the window above. It shows me what privileges I am running with and is provided by Aaron Margosis' most excellent Privbar tool. I highly recommend using it with the Elevation Tools so you can keep track of which windows are elevated.

The Security Resource Kit CD also comes with 15 custom-written PowerShell scripts, and an electronic version of the entire book, as well as some assorted other pieces.

All in all, I am really happy with it. I hope you will like it too.

Published Thu, Feb 14 2008 9:40 PM by jesper
Filed under: , ,

Comments

# AdamV said on 15 February, 2008 07:58 AM

Thanks!

By strange circumstances and complete chance I spotted this new title about half an hour ago as being out soon, and bookmarked the page on my favourite online book retailer (The Register book shop). Now I know it's going to press I'll get my pre-order in and wait by the door for the postman.

Thanks to you and all the contributors for putting this book together, I'm really looking forward to getting to read it.

# Hansjörg said on 03 July, 2008 04:21 PM

Regarding elevated explorer: The explorer does not show that it is elevated though, like cmd does (was my idea in the Vista TAP :-).

That's why i usually install Total Commander as an alternative file handling tool.

Else you can easily forget that your are actually running and elevated explorer.exe and things that UAC takes care of are not being taken care of any more - bang you can create a mass.

# jesper said on 03 July, 2008 04:29 PM

Hansjörg: Yes, that is correct. It is why I use privbar to tell me what privilege level I am running with.

# Darren Canavor said on 08 February, 2009 06:28 PM

Small correction Jesper...

When writing the UAC chapter. I was a Technology Architect in Microsoft Managed Services not in Windows Core Os Security Division (COSD). During Vista development, I was a Program Manager in COSD, working on the UAC project.  I'm currently privileged to be working as a Sr. Program Manager in the Microsoft Security Engineering Center group formally known as SWI.