COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Windows Server 2012 Security from End to Edge and Beyond - 1st Edition - ISBN: 9781597499804, 9781597499811

Windows Server 2012 Security from End to Edge and Beyond

1st Edition

Architecting, Designing, Planning, and Deploying Windows Server 2012 Security Solutions

Authors: Thomas W Shinder Yuri Diogenes Debra Littlejohn Shinder
Paperback ISBN: 9781597499804
eBook ISBN: 9781597499811
Imprint: Syngress
Published Date: 30th April 2013
Page Count: 542
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Windows Server 2012 Security from End to Edge and Beyond shows you how to architect, design, plan, and deploy Microsoft security technologies for Windows 8/Server 2012 in the enterprise. The book covers security technologies that apply to both client and server and enables you to identify and deploy Windows 8 security features in your systems based on different business and deployment scenarios. The book is a single source for learning how to secure Windows 8 in many systems, including core, endpoint, and anywhere access.

Authors Tom Shinder and Yuri Diogenes, both Microsoft employees, bring you insider knowledge of the Windows 8 platform, discussing how to deploy Windows security technologies effectively in both the traditional datacenter and in new cloud-based solutions. With this book, you will understand the conceptual underpinnings of Windows 8 security and how to deploy these features in a test lab and in pilot and production environments.

The book's revolutionary "Test Lab Guide" approach lets you test every subject in a predefined test lab environment. This, combined with conceptual and deployment guidance, enables you to understand the technologies and move from lab to production faster than ever before. Critical material is also presented in key concepts and scenario-based approaches to evaluation, planning, deployment, and management. Videos illustrating the functionality in the Test Lab can be downloaded from the authors’ blog Each chapter wraps up with a bullet list summary of key concepts discussed in the chapter.

Key Features

  • Provides practical examples of how to design and deploy a world-class security infrastructure to protect both Windows 8 and non-Microsoft assets on your system
  • Written by two Microsoft employees who provide an inside look at the security features of Windows 8
  • Test Lab Guides enable you to test everything before deploying live to your system


Information Security professionals, Windows systems architects and administrators, technical decision makers, network administrators and other IT professionals who use are responsible for architecting, designing, planning, and deploying security solutions for systems using Microsoft Windows.

Table of Contents


About the Authors

About the Technical Editor


Chapter 1. Planning Platform Security

Chapter Points

Reviewing the Core Security Principles

Planning a Secure Platform from End to Edge and Beyond

From End to Edge and Beyond Chapter Previews


Chapter 2. Planning Server Role in Windows Server 2012

Chapter Points

Server Role and Security Considerations

Using Server Manager to Add a New Role or Feature

Using Security Compliance Manager to Hardening Servers

Administrator’s Punch List


Chapter 3. Deploying Directory Services and Certificate Services

Chapter Points

Evolving Threats Against Certificates

Implementing Directory Services on Windows Server 2012

Implementing Certificate Services on Windows Server 2012

Installing AD CS Role

Site-Aware Certificate Enrollment

Renew with the Same Key

Validate Your Knowledge in AD CS

Administrator’s Punch List


Chapter 4. Deploying AD FS and AD RMS in Windows Server 2012

Chapter Points

Planning for Active Directory Federation Services

Deploying Active Directory Federation Services

Troubleshooting Active Directory Federation Services

Active Directory Rights Management Services


Chapter 5. Patch Management with Windows Server 2012

Chapter Points

Why Should You Have a Patch Management Strategy in Place?

Planning WSUS Deployment on Windows Server 2012

Deploying WSUS

Managing Updates with WSUS

Using Group Policy to Configure WSUS

Administrator’s Punch List


Chapter 6. Virtualization Security

Chapter Points

Considerations Regarding Virtualization Security in Microsoft Platform

Understanding and Deploying Windows Server 2012 Hyper-V Security Capabilities

High Availability for Virtualization Security

Beyond the Hypervisor

Scenario: Virtualization Security Considerations for a Cloud Infrastructure

Administrator’s Punch List


Chapter 7. Controlling Access to Your Environment with Authentication and Authorization

Chapter Points

Planning Authentication, Authorization, and Access Control

Understanding Dynamic Access Control

Planning Authentication

Configuring Dynamic Access Control


Chapter 8. Endpoint Security

Chapter Points

Considerations Regarding Endpoint Security

Windows 8 Security Enhancements

Administrator’s Punch List


Chapter 9. Secure Client Deployment with Trusted Boot and BitLocker

Chapter Points

Security Considerations for Mobile Users

Understanding the Trusted Boot Process

Understanding BitLocker Full Volume Encryption


Chapter 10. Mitigating Application’s Vulnerabilities

Chapter Points

Living in the World of Apps

Browser Protection

The Old Friends Are Still Here: UAC and AppLocker

Extra Tools


Chapter 11. Mitigating Network Vulnerabilities

Chapter Points

Understanding Windows Firewall with Advanced Security

Deploying and Managing the Windows Firewall with Advanced Security

Protecting the Windows Endpoint with IPsec Rules

Common Deployment Scenarios

Using SMB Encryption to Protect Data Traversing the Network


Chapter 12. Unified Remote Access and BranchCache

Chapter Points

The Evolving Remote Access Landscape

New Capabilities in DirectAccess

DirectAccess Requirements and Planning

What is BranchCache?

Overview of BranchCache Deployment

Administrator’s Punch List


Chapter 13. DirectAccess Deployment Scenarios

The Simplified DirectAccess Server Test Lab

Create a Security Group for DirectAccess Clients on DC1

Install the Unified Remote Access Server Role on EDGE1

Run the Getting Started Wizard on EDGE1

Setup and Test CLIENT1 for DirectAccess Connectivity

Overview of Traditional DirectAccess Single Server Deployment

Administrator’s Punch List


Chapter 14. Protecting Legacy Remote Clients

Chapter Points

Virtual Private Networking with Windows Server 2012

Deploying Network Access Protection (NAP) Through Network Policy and Access Services


Chapter 15. Cloud Security

Chapter Points

General Considerations for Cloud Security (SaaS)

General Considerations for Cloud Security (IaaS)

Building a Private Cloud with Windows Server 2012




No. of pages:
© Syngress 2013
30th April 2013
Paperback ISBN:
eBook ISBN:

About the Authors

Thomas W Shinder

Dr. Tom Shinder is a 17 year veteran of the IT industry. Prior to entering IT, Dr. Tom graduated from the University of Illinois College of Medicine with a Doctor of Medicine and was a practicing neurologist with special interests in epilepsy and multiple sclerosis. Dr. Tom began his career in IT as a consultant, and has worked with many large companies, including Fina Oil, Microsoft, IBM, HP, Dell and many others. He started his writing career toward the end of the 1990s and has published over 30 books on Windows, Windows Networking, Windows Security and ISA Server/TMG, UAG and Microsoft DirectAccess. For over a decade, ISA Server and TMG were Tom’s passions, and he ran the popular web site, in addition to writing 8 books on ISA/TMG. Tom joined Microsoft in December of 2009 as a member of the UAG DirectAccess team and started the popular “Edge Man” blog that covered UAG DirectAccess. He is currently a Principal Knowledge Engineer in the Server and Cloud Division Information Experience Group Solution’s Team and his primary focus now is private cloud – with special interests in private cloud infrastructure and security.

Affiliations and Expertise

Member of Microsoft’s ISA Server Beta Team and Microsoft MVP for ISA Server, Dallas, TX, U.S.A.

Yuri Diogenes

Yuri Diogenes started working on IT field as computer operator back in 1993 using MS-DOS 5.5 and Windows 3.1. In 1998 moved to a Microsoft Partner where he was instructor for computer classes and also wrote internal training materials such as Windows NT 4 and Networking Essentials. His initial experience with security started in 1998 when he had to setup the Internet security connectivity using Microsoft Proxy 2.0 and Cisco routers. In 2001 Yuri released his first book (in Portuguese) about Cisco CCNA Certification. In 2003 Yuri accepted the offer to be a Professor in a University in Brazil where he taught operating system and computer networks classes. In December 2003 he moved to United States to work for Microsoft as a contractor in the Customer Service and Support for Latin America messaging division. In 2004 he moved to Dell Computers in Round Rock, Texas to work as Server Advisor in the Network Operating System (NOS) Team, dealing primarily with Windows, Exchange and ISA (2000/2004).

Yuri returned to MS as a full time employee in 2006 to work again on the Customer Service and Support for Latin America, but at this time to be dedicated to the platform division. There I was responsible to primarily support Windows Networking and ISA Server (200/2004/2006) for enterprise customers from Latin America. In 2007 he joined the Customer Services and Support Security Team as a Security Support Engineer where he was dedicated to work with Edge protection (ISA Server and then TMG). In 2010 Yuri co-wrote the Forefront Administrator’s Companion book and also three other Forefront books in partnership with Tom Shinder. During this time Yuri also wrote articles for his own blog (, TechNet Magazine, ISSA Journal and other Security magazines in Brazil. Nowadays Yuri Diogenes works as a Senior Technical Writer for the Server and Cloud division Information Experience Team where he writes articles about Cloud Infrastructure with security functionalities baked in. On his currently role he also deliver presentations at public events such as TechED US, Europe, Brazil and internal Microsoft conferences such as TechReady. Currently Yuri is also working on his Master degree in Cybersecurity Intelligence & Forensics at UTICA while also writing the second edition of his Security+ book (in Portuguese).

Yuri holds several industry certifications, including CISSP, E|CEH, E|CSA, CompTIA, Security+, CompTIA Cloud Essentials Certified, CompTIA Network+, CASP, MCSE, MCTS, MCT and many other Microsoft certifications. You can follow Yuri Diogenes on Twitter @yuridiogenes

Debra Littlejohn Shinder

Debra Littlejohn Shinder is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond.

Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure’s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic’s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on and, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies.

Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft’s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area.

Affiliations and Expertise

MCSE, Technology consultant, trainer, and writer


"This comprehensive book is designed to cover security for the client device that connects to server based applications, services and the servers themselves.  It also covers security for the edge of the network such as a firewall or a remote access server and finally, security for the cloud."--Microsoft Security Blog, November 8, 2012
"In this reference on Windows Server 2012 Security the authors Shindler, Shindler, and Diogenes, all with strong backgrounds in Windows network security in academia and private industry, attempt to cover the full range of security issues that affect the Windows network environment. The organizing principles throughout are availability, integrity, and confidentiality."--Reference & Research Book News, October 2013
"This book shows you how to architect, design, plan, and deploy Microsoft security technologies for Windows 8/Server 2012 in the enterprise…The book is a single source for learning how to secure Windows 8 in many systems, including core, endpoint, and anywhere access.", September 2, 2013

Ratings and Reviews