|
Administering Windows Vista Security: The Big Surprises (Mark Minasi Windows Administrator Library)
This is an inside look at Windows Vista Security for Systems Administrators. You can get an early start on Windows Vista security and the technology shifts you'll need to know as a systems administrator. From leading Windows expert Mark Minasi comes this just-in-time book to get you there. This targeted, hands-on guide takes a rapid-fire approach
to the biggest security changes and how they'll affect business as usual for those who must integrate and provide technical support for Windows Vista. You'll find practical instruction, tips, workarounds, and much more. This book helps you with tasks such as: work through a slew of Vista surprises, such as logging on as Administrator and how to re-enable Run; discover how virtualization works-and where it doesn't; find out why you can no longer delete files in System32, even though you are an Administrator; get familiar with new post-boot security features such as PatchGuard; protect laptops to the max with the innovative BitLocker feature; meet the new Windows Integrity mechanism; explore the revamped Event Viewer, event forwarding, and new troubleshooting tools; go above and beyond what you've heard about Vista; discover the changes to Share and Registry Access; catch up on all the encryption news and services; and, try out Vista Remote Desktop with its enhanced security. The Mark Minasi Windows Administrator Library equips system administrators with in--depth technical solutions to the many challenges associated with administering Windows in an enterprise setting. Series editor Mark Minasi, a leading Windows expert, not only selects the topics and authors, he also develops each book to meet the specific needs and goals of systems administrators, MIS professionals, help--desk personnel, and corporate programmers.
Contents:
Introduction
Chapter 1 Administering Vista Security: The Little Surprises
Restoring the Administrator
Making Your Own Administrator
Activating the Administrator Account
Power Users Are Essentially Gone
Run Is Off the Start Menu
BOOT.INI Is Gone, BCD Is Here
boot.ini Review
BCD Terminology
Creating a Second OS Entry
Understanding Vista Boot Manager Identifiers
Choosing Timeout and Default OS with bcdedit
Changing an Entry Option
Cleaning Up: Deleting OS Entries
Documents and Settings Is Gone, Kind Of
IPv6 and Network Properties
Remote Desktop Gets a Bit More Secure
NTFS and the Registry Are Transaction Based
Undelete Comes to Windows for Real! Changes in Security Options
Changes to Named Pipe Access
Changes to Share and Registry Access
LM Deemphasized, NTLMv2 Emphasized
No More Unsigned Driver Warnings
Encryption News
Vista Includes New Cryptographic Services
You Can Encrypt Your Pagefile
Offline Files Folders Are Encrypted per User
New Event Viewer
XML Format Comes to Event Viewer
Custom Queries Lets You Customize Event Viewer
Generating Actions from Events
Telling the Event Log Service to Display Messages
Forwarding Events from One Computer to Another
Subscription Overview
Creating an Example Subscription
Troubleshooting Subscription Delays
Event Forwarding in Workgroups
Chapter 2 Understanding User Account Control (UAC): Are You Sure, Mr
Administrator?? Introducing UAC
Why UAC Is Good, after All
UAC Benefits for Users
UAC Benefits for Admins
UAC as a Transition Tool
An Overview of UAC
Digging Deeper into UAC
How Windows Creates the Standard User Token
How to Tell UAC to Use the Administrator Token
What Tells Windows to Use the Administrator Token
Reconfiguring User Account Control
Turning UAC On, Off, or in Overdrive
Configuring UAC Junior: UAC for the User
Side Point: How Administrator ish Must You Be to Get UACed? Excluding the Built in Administrator
Telling UAC to Skip the Heuristics
Controlling Secure Desktop
Sign or Go Home: Requiring Signed Applications
Working around Apps That Store Data in the Wrong Places
The Big Switch: Turning Off UAC Altogether
Will UAC Succeed? Summary
Chapter 3 Help for Those Lame Apps: File and Registry Virtualization
File and Registry Virtualization Basics
Seeing File Virtualization in Action
File and Registry Virtualization Considerations
Which Areas Are Protected and Where They Are Virtualized
How Virtualization Handles Files
How Virtualization Handles the Registry
What Does Legacy Mean, Exactly? Seeing Virtualization in Standard Versus Administrative Users
Tracking Virtualization
A Possible Virtualization Problem
Controlling Virtualization
The Future of Virtualization
Summary
4 Understanding Windows Integrity Control
Windows Integrity Control Overview
Mandatory Controls Versus Discretionary Controls
The Orange Book
C2 Certification and NT
C and B: Discretionary Versus Mandatory
WIC Components
WIC's Six Integrity Levels
How Objects Get and Store Integrity Levels: Mandatory Labels
Process Integrity Levels
Seeing Processes in Action
Setting Up
Example: Starting a Low Integrity Application
Internet Explorer Protected Mode and WIC
A Prime Directive Puzzle: WIC and Deletes
Using WIC ACEs to Restrict Access
Things WIC ACEs Can't Do
You Cannot Apply Mandatory Labels with Group Policy
You Cannot Create Standard Permissions That Name Mandatory Labels
A Note on Modifying System Files
Dialing Up Custom Labels
Meet SDDL Strings
Understanding the Secret Language of Bs: SDDL Label Syntax
Using SDDL Strings to Set Integrity Levels
Summary
Chapter 5 BitLocker: Solving the Laptop Security Problem
The Laptop Security Problem Today
BitLocker Drive Encryption The Overview
BitLocker Components
What Is a TPM? Full Disk Encryption
Encryption Algorithm
Key Storage
Authentication or Access Control
Increasing Security with Additional Key Protectors
Boot Process Validation (Integrity Check)
Enabling BitLocker for the First Time
Using BitLocker without a TPM
Summary of Key Protectors
Recovery
Recovery Example 1: Desktop Hardware Failure (Stand alone System without a TPM)
Recovery Example 2: Laptop Hardware Failure (TPM based)
Recovery Example 3: Lost USB Key (Computer with a TPM)
Recovery Example 4: Found Laptop
Recovery Summary
BitLocker and Active Directory
Group Policy Options
Managing the TPM and BitLocker in the Enterprise
Servicing a BitLocker Protected Computer
Secure Decommissioning
Planning for BitLocker Deployment
Summary
Chapter 6 Post Boot Protection: Code Integrity, New Code Signing Rules, and PatchGuard
Address Space Layout Randomization
Giving 64 bit More Armor
PatchGuard
Code Integrity
What Can Go Wrong? New Code Signing Rules
What Is Code Signing and Why Does It Matter? ActiveX Controls
Protected Media Path Requirements
Requirements
Getting Down to Business: Code Signing an Application or Driver
Getting Down to Business: Deploying an Application or Driver Signed by a Publisher
Summary
Chapter 7 How Vista Secures Services
Services in Brief
Service Control Manager
How Vista Toughens Services: Overview
Session Separation
Reducing Service Privileges
Developers Can Reduce Service Privileges
Admins Can Also Reduce Service Privileges
Special Case: Multiple Services Needing Different Privileges
Reduced Privilege Summary
Service Isolation
How Service Isolation Works
Restricting a Service's SID
Granting Write Permissions to a Service SID
Understanding the sc.exe
Restricted SID Commands
Restricting a Service's Network Ports
Summary
Index.
Brief Description:
Gives an inside look at Windows Vista Security for Systems Administrators. This book helps you with tasks such as: work through Vista surprises, such as logging on as Administrator and how to re-enable Run; discover how virtualization works-and where it doesn't; protect laptops to the max with the innovative BitLocker feature; and more.
|
