Windows Server 2012 Security from End to Edge and Beyond

Windows Server 2012 Security from End to Edge and Beyond

Architecting, Designing, Planning, and Deploying Windows Server 2012 Security Solutions

1st Edition - April 18, 2013

Write a review

  • Authors: Thomas W Shinder, Yuri Diogenes, Debra Littlejohn Shinder
  • eBook ISBN: 9781597499811

Purchase options

Purchase options
DRM-free (PDF, EPub, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Windows Server 2012 Security from End to Edge and Beyond shows you how to architect, design, plan, and deploy Microsoft security technologies for Windows 8/Server 2012 in the enterprise. The book covers security technologies that apply to both client and server and enables you to identify and deploy Windows 8 security features in your systems based on different business and deployment scenarios. The book is a single source for learning how to secure Windows 8 in many systems, including core, endpoint, and anywhere access. Authors Tom Shinder and Yuri Diogenes, both Microsoft employees, bring you insider knowledge of the Windows 8 platform, discussing how to deploy Windows security technologies effectively in both the traditional datacenter and in new cloud-based solutions. With this book, you will understand the conceptual underpinnings of Windows 8 security and how to deploy these features in a test lab and in pilot and production environments. The book's revolutionary "Test Lab Guide" approach lets you test every subject in a predefined test lab environment. This, combined with conceptual and deployment guidance, enables you to understand the technologies and move from lab to production faster than ever before. Critical material is also presented in key concepts and scenario-based approaches to evaluation, planning, deployment, and management. Videos illustrating the functionality in the Test Lab can be downloaded from the authors’ blog Each chapter wraps up with a bullet list summary of key concepts discussed in the chapter.

Key Features

  • Provides practical examples of how to design and deploy a world-class security infrastructure to protect both Windows 8 and non-Microsoft assets on your system
  • Written by two Microsoft employees who provide an inside look at the security features of Windows 8
  • Test Lab Guides enable you to test everything before deploying live to your system


Information Security professionals, Windows systems architects and administrators, technical decision makers, network administrators and other IT professionals who use are responsible for architecting, designing, planning, and deploying security solutions for systems using Microsoft Windows.

Table of Contents

  • Acknowledgments

    About the Authors

    About the Technical Editor


    Chapter 1. Planning Platform Security

    Chapter Points

    Reviewing the Core Security Principles

    Planning a Secure Platform from End to Edge and Beyond

    From End to Edge and Beyond Chapter Previews


    Chapter 2. Planning Server Role in Windows Server 2012

    Chapter Points

    Server Role and Security Considerations

    Using Server Manager to Add a New Role or Feature

    Using Security Compliance Manager to Hardening Servers

    Administrator’s Punch List


    Chapter 3. Deploying Directory Services and Certificate Services

    Chapter Points

    Evolving Threats Against Certificates

    Implementing Directory Services on Windows Server 2012

    Implementing Certificate Services on Windows Server 2012

    Installing AD CS Role

    Site-Aware Certificate Enrollment

    Renew with the Same Key

    Validate Your Knowledge in AD CS

    Administrator’s Punch List


    Chapter 4. Deploying AD FS and AD RMS in Windows Server 2012

    Chapter Points

    Planning for Active Directory Federation Services

    Deploying Active Directory Federation Services

    Troubleshooting Active Directory Federation Services

    Active Directory Rights Management Services


    Chapter 5. Patch Management with Windows Server 2012

    Chapter Points

    Why Should You Have a Patch Management Strategy in Place?

    Planning WSUS Deployment on Windows Server 2012

    Deploying WSUS

    Managing Updates with WSUS

    Using Group Policy to Configure WSUS

    Administrator’s Punch List


    Chapter 6. Virtualization Security

    Chapter Points

    Considerations Regarding Virtualization Security in Microsoft Platform

    Understanding and Deploying Windows Server 2012 Hyper-V Security Capabilities

    High Availability for Virtualization Security

    Beyond the Hypervisor

    Scenario: Virtualization Security Considerations for a Cloud Infrastructure

    Administrator’s Punch List


    Chapter 7. Controlling Access to Your Environment with Authentication and Authorization

    Chapter Points

    Planning Authentication, Authorization, and Access Control

    Understanding Dynamic Access Control

    Planning Authentication

    Configuring Dynamic Access Control


    Chapter 8. Endpoint Security

    Chapter Points

    Considerations Regarding Endpoint Security

    Windows 8 Security Enhancements

    Administrator’s Punch List


    Chapter 9. Secure Client Deployment with Trusted Boot and BitLocker

    Chapter Points

    Security Considerations for Mobile Users

    Understanding the Trusted Boot Process

    Understanding BitLocker Full Volume Encryption


    Chapter 10. Mitigating Application’s Vulnerabilities

    Chapter Points

    Living in the World of Apps

    Browser Protection

    The Old Friends Are Still Here: UAC and AppLocker

    Extra Tools


    Chapter 11. Mitigating Network Vulnerabilities

    Chapter Points

    Understanding Windows Firewall with Advanced Security

    Deploying and Managing the Windows Firewall with Advanced Security

    Protecting the Windows Endpoint with IPsec Rules

    Common Deployment Scenarios

    Using SMB Encryption to Protect Data Traversing the Network


    Chapter 12. Unified Remote Access and BranchCache

    Chapter Points

    The Evolving Remote Access Landscape

    New Capabilities in DirectAccess

    DirectAccess Requirements and Planning

    What is BranchCache?

    Overview of BranchCache Deployment

    Administrator’s Punch List


    Chapter 13. DirectAccess Deployment Scenarios

    The Simplified DirectAccess Server Test Lab

    Create a Security Group for DirectAccess Clients on DC1

    Install the Unified Remote Access Server Role on EDGE1

    Run the Getting Started Wizard on EDGE1

    Setup and Test CLIENT1 for DirectAccess Connectivity

    Overview of Traditional DirectAccess Single Server Deployment

    Administrator’s Punch List


    Chapter 14. Protecting Legacy Remote Clients

    Chapter Points

    Virtual Private Networking with Windows Server 2012

    Deploying Network Access Protection (NAP) Through Network Policy and Access Services


    Chapter 15. Cloud Security

    Chapter Points

    General Considerations for Cloud Security (SaaS)

    General Considerations for Cloud Security (IaaS)

    Building a Private Cloud with Windows Server 2012



Product details

  • No. of pages: 542
  • Language: English
  • Copyright: © Syngress 2013
  • Published: April 18, 2013
  • Imprint: Syngress
  • eBook ISBN: 9781597499811

About the Authors

Thomas W Shinder

Dr. Tom Shinder is a 17 year veteran of the IT industry. Prior to entering IT, Dr. Tom graduated from the University of Illinois College of Medicine with a Doctor of Medicine and was a practicing neurologist with special interests in epilepsy and multiple sclerosis. Dr. Tom began his career in IT as a consultant, and has worked with many large companies, including Fina Oil, Microsoft, IBM, HP, Dell and many others. He started his writing career toward the end of the 1990s and has published over 30 books on Windows, Windows Networking, Windows Security and ISA Server/TMG, UAG and Microsoft DirectAccess. For over a decade, ISA Server and TMG were Tom’s passions, and he ran the popular web site, in addition to writing 8 books on ISA/TMG. Tom joined Microsoft in December of 2009 as a member of the UAG DirectAccess team and started the popular “Edge Man” blog that covered UAG DirectAccess. He is currently a Principal Knowledge Engineer in the Server and Cloud Division Information Experience Group Solution’s Team and his primary focus now is private cloud – with special interests in private cloud infrastructure and security.

Affiliations and Expertise

Member of Microsoft’s ISA Server Beta Team and Microsoft MVP for ISA Server, Dallas, TX, U.S.A.

Yuri Diogenes

Yuri Diogenes started working on IT field as computer operator back in 1993 using MS-DOS 5.5 and Windows 3.1. In 1998 moved to a Microsoft Partner where he was instructor for computer classes and also wrote internal training materials such as Windows NT 4 and Networking Essentials. His initial experience with security started in 1998 when he had to setup the Internet security connectivity using Microsoft Proxy 2.0 and Cisco routers. In 2001 Yuri released his first book (in Portuguese) about Cisco CCNA Certification. In 2003 Yuri accepted the offer to be a Professor in a University in Brazil where he taught operating system and computer networks classes. In December 2003 he moved to United States to work for Microsoft as a contractor in the Customer Service and Support for Latin America messaging division. In 2004 he moved to Dell Computers in Round Rock, Texas to work as Server Advisor in the Network Operating System (NOS) Team, dealing primarily with Windows, Exchange and ISA (2000/2004).

Yuri returned to MS as a full time employee in 2006 to work again on the Customer Service and Support for Latin America, but at this time to be dedicated to the platform division. There I was responsible to primarily support Windows Networking and ISA Server (200/2004/2006) for enterprise customers from Latin America. In 2007 he joined the Customer Services and Support Security Team as a Security Support Engineer where he was dedicated to work with Edge protection (ISA Server and then TMG). In 2010 Yuri co-wrote the Forefront Administrator’s Companion book and also three other Forefront books in partnership with Tom Shinder. During this time Yuri also wrote articles for his own blog (, TechNet Magazine, ISSA Journal and other Security magazines in Brazil. Nowadays Yuri Diogenes works as a Senior Technical Writer for the Server and Cloud division Information Experience Team where he writes articles about Cloud Infrastructure with security functionalities baked in. On his currently role he also deliver presentations at public events such as TechED US, Europe, Brazil and internal Microsoft conferences such as TechReady. Currently Yuri is also working on his Master degree in Cybersecurity Intelligence & Forensics at UTICA while also writing the second edition of his Security+ book (in Portuguese).

Yuri holds several industry certifications, including CISSP, E|CEH, E|CSA, CompTIA, Security+, CompTIA Cloud Essentials Certified, CompTIA Network+, CASP, MCSE, MCTS, MCT and many other Microsoft certifications. You can follow Yuri Diogenes on Twitter @yuridiogenes

Debra Littlejohn Shinder

Debra Littlejohn Shinder is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond.

Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure’s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic’s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on and, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies.

Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft’s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area.

Affiliations and Expertise

MCSE, Technology consultant, trainer, and writer

Ratings and Reviews

Write a review

There are currently no reviews for "Windows Server 2012 Security from End to Edge and Beyond"