Windows Server 2012 Security from End to Edge and Beyond

1st Edition

Architecting, Designing, Planning, and Deploying Windows Server 2012 Security Solutions


  • Thomas W Shinder
  • Yuri Diogenes
  • Debra Littlejohn Shinder
  • Description

    Windows Server 2012 Security from End to Edge and Beyond shows you how to architect, design, plan, and deploy Microsoft security technologies for Windows 8/Server 2012 in the enterprise. The book covers security technologies that apply to both client and server and enables you to identify and deploy Windows 8 security features in your systems based on different business and deployment scenarios. The book is a single source for learning how to secure Windows 8 in many systems, including core, endpoint, and anywhere access.

    Authors Tom Shinder and Yuri Diogenes, both Microsoft employees, bring you insider knowledge of the Windows 8 platform, discussing how to deploy Windows security technologies effectively in both the traditional datacenter and in new cloud-based solutions. With this book, you will understand the conceptual underpinnings of Windows 8 security and how to deploy these features in a test lab and in pilot and production environments.

    The book's revolutionary "Test Lab Guide" approach lets you test every subject in a predefined test lab environment. This, combined with conceptual and deployment guidance, enables you to understand the technologies and move from lab to production faster than ever before. Critical material is also presented in key concepts and scenario-based approaches to evaluation, planning, deployment, and management. Videos illustrating the functionality in the Test Lab can be downloaded from the authors’ blog Each chapter wraps up with a bullet list summary of key concepts discussed in the chapter.

    Key Features

    • Provides practical examples of how to design and deploy a world-class security infrastructure to protect both Windows 8 and non-Microsoft assets on your system
    • Written by two Microsoft employees who provide an inside look at the security features of Windows 8
    • Test Lab Guides enable you to test everything before deploying live to your system


    Information Security professionals, Windows systems architects and administrators, technical decision makers, network administrators and other IT professionals who use are responsible for architecting, designing, planning, and deploying security solutions for systems using Microsoft Windows.

    Table of Contents


    About the Authors

    About the Technical Editor


    Chapter 1. Planning Platform Security

    Chapter Points

    Reviewing the Core Security Principles

    Planning a Secure Platform from End to Edge and Beyond

    From End to Edge and Beyond Chapter Previews


    Chapter 2. Planning Server Role in Windows Server 2012

    Chapter Points

    Server Role and Security Considerations

    Using Server Manager to Add a New Role or Feature

    Using Security Compliance Manager to Hardening Servers

    Administrator’s Punch List


    Chapter 3. Deploying Directory Services and Certificate Services

    Chapter Points

    Evolving Threats Against Certificates

    Implementing Directory Services on Windows Server 2012

    Implementing Certificate Services on Windows Server 2012

    Installing AD CS Role

    Site-Aware Certificate Enrollment

    Renew with the Same Key

    Validate Your Knowledge in AD CS

    Administrator’s Punch List


    Chapter 4. Deploying AD FS and AD RMS in Windows Server 2012

    Chapter Points

    Planning for Active Directory Federation Services

    Deploying Active Directory Federation Services

    Troubleshooting Active Directory Federation Services

    Active Directory Rights Management Services


    Chapter 5. Patch Management with Windows Server 2012

    Chapter Points

    Why Should You Have a Patch Management Strategy in Place?

    Planning WSUS Deployment on Windows Server 2012

    Deploying WSUS

    Managing Updates with WSUS

    Using Group Policy to Configure WSUS

    Administrator’s Punch List


    Chapter 6. Virtualization Security

    Chapter Points

    Considerations Regarding Virtualization Security in Microsoft Platform

    Understanding an


    No. of pages:
    © 2013
    Print ISBN:
    Electronic ISBN:

    About the authors

    Thomas W Shinder

    Dr. Tom Shinder is a 17 year veteran of the IT industry. Prior to entering IT, Dr. Tom graduated from the University of Illinois College of Medicine with a Doctor of Medicine and was a practicing neurologist with special interests in epilepsy and multiple sclerosis. Dr. Tom began his career in IT as a consultant, and has worked with many large companies, including Fina Oil, Microsoft, IBM, HP, Dell and many others. He started his writing career toward the end of the 1990s and has published over 30 books on Windows, Windows Networking, Windows Security and ISA Server/TMG, UAG and Microsoft DirectAccess. For over a decade, ISA Server and TMG were Tom’s passions, and he ran the popular web site, in addition to writing 8 books on ISA/TMG. Tom joined Microsoft in December of 2009 as a member of the UAG DirectAccess team and started the popular “Edge Man” blog that covered UAG DirectAccess. He is currently a Principal Knowledge Engineer in the Server and Cloud Division Information Experience Group Solution’s Team and his primary focus now is private cloud – with special interests in private cloud infrastructure and security.

    Affiliations and Expertise

    Member of Microsoft’s ISA Server Beta Team and Microsoft MVP for ISA Server, Dallas, TX, U.S.A.

    Yuri Diogenes

    Yuri Diogenes started working on IT field as computer operator back in 1993 using MS-DOS 5.5 and Windows 3.1. In 1998 moved to a Microsoft Partner where he was instructor for computer classes and also wrote internal training materials such as Windows NT 4 and Networking Essentials. His initial experience with security started in 1998 when he had to setup the Internet security connectivity using Microsoft Proxy 2.0 and Cisco routers. In 2001 Yuri released his first book (in Portuguese) about Cisco CCNA Certification. In 2003 Yuri accepted the offer to be a Professor in a University in Brazil where he taught operating system and computer networks classes. In December 2003 he moved to United States to work for Microsoft as a contractor in the Customer Service and Support for Latin America messaging division. In 2004 he moved to Dell Computers in Round Rock, Texas to work as Server Advisor in the Network Operating System (NOS) Team, dealing primarily with Windows, Exchange and ISA (2000/2004). Yuri returned to MS as a full time employee in 2006 to work again on the Customer Service and Support for Latin America, but at this time to be dedicated to the platform division. There I was responsible to primarily support Windows Networking and ISA Server (200/2004/2006) for enterprise customers from Latin America. In 2007 he joined the Customer Services and Support Security Team as a Security Support Engineer where he was dedicated to work with Edge protection (ISA Server and then TMG). In 2010 Yuri co-wrote the Forefront Administrator’s Companion book and also three other Forefront books in partnership with Tom Shinder. During this time Yuri also wrote articles for his own blog (, TechNet Magazine, ISSA Journal and other Security magazines in Brazil. Nowadays Yuri Diogenes works as a Senior Technical Writer for the Server and Cloud division Information Experience Team where he writes articles about Cloud Infrastructure with security function

    Debra Littlejohn Shinder

    Debra Littlejohn Shinder is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond. Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure’s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic’s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on and, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies. Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft’s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area.

    Affiliations and Expertise

    MCSE, Technology consultant, trainer, and writer


    "This comprehensive book is designed to cover security for the client device that connects to server based applications, services and the servers themselves.  It also covers security for the edge of the network such as a firewall or a remote access server and finally, security for the cloud."--Microsoft Security Blog, November 8, 2012
    "In this reference on Windows Server 2012 Security the authors Shindler, Shindler, and Diogenes, all with strong backgrounds in Windows network security in academia and private industry, attempt to cover the full range of security issues that affect the Windows network environment. The organizing principles throughout are availability, integrity, and confidentiality."--Reference & Research Book News, October 2013
    "This book shows you how to architect, design, plan, and deploy Microsoft security technologies for Windows 8/Server 2012 in the enterprise…The book is a single source for learning how to secure Windows 8 in many systems, including core, endpoint, and anywhere access.", September 2, 2013