Windows Server 2003 Security: A Technical Reference

She covers everything. We joke that she may need medication in my office to explain her attention to detail. All joking aside, this book is great. I need to get a copy for my personal library.

This Book is really cool for Sys Admins. Every IT Manager should have this. Thanks to Mr.Roberta Bragg.

What can I say? This book has an answer for every question I ever throw at it. It is kind of dry reading, and I dont think you'll sit down by the fire to read it, but if you need to quickly come up to speed on a windows security topic this book offers concise, accurate and helpful answers. Unlike the other reviewer, by the way, my copy has no problems at all. I dont know how that happened to him. anyhow--a really useful book for even experienced admins. Ive been at this for 15 years, and the book has plenty to teach me.

This book covers a wide range of security topics: * authentication & authorization * application security * NTFS security and EFS (encrypting file system) * active directory * public key infrastructure * remote access, IPSec, & SSL * patching and support * backups * auditing & monitoring Three types of information are covered: background on how security technologies work, how to implement security, and management processes. The book works best in the first two areas. Good background information and detailed instructions are given on how to configure Windows Server 2003, often for obscure and difficult topics such as creating a root certificate authority. Other highlights include: * discussion of lesser known tools, often from the resource or deployment kit * coverage of authorization manager * coverage of software restriction policies * discussion of all the ins and outs of backups (you might be surprised how complicated this can get) One missing item is .NET code access security, which isn't covered at all. The section on IIS security is lacking. The biggest problem with the book is the excessive lecturing about best practices and process. For example: "A backup policy provides the information detailing the what, who, when, and where of information systems backups. Standards designate the current approved backup programs and methodologies that will be used. Procedures detail the steps that must be taken to fulfill the policies and meet the standards." And on and on. A lot of ink is spilt to say in a thousand different ways 'do things in an organized fashion'. You'd never get around to implementing security if you took all the process and best practice material literally.

This is an amazing book. It's thorough and well researched. The writing is a bit dry but that's a minor quibble when it comes with the rest of this fine work. This is the best work I have seen on Windows 2003 security. Definitely worth a look and worth the money if this is your job.