Index
A
- Active Directory
- GPO, exporting from / Exporting GPO from Active Directory
- security policies, importing into / Importing a policy into Active Directory
- Active Directory Administrative Center (ADAC)
- about / Enabling the KDC support
- Advanced Encryption Standard (AES)
- about / Server Message Block
- application control
- about / Application control and management
- application management
- with AppLocker / Application control and management
- AppLocker
- about / Application control and management
- URL / Application control and management
- policy, creating / Creating a policy
- policy, auditing / Auditing a policy
- policy, implementing / Implementing the policy
- PowerShell support / AppLocker and PowerShell
- ASA
- about / Maintaining and monitoring the integrity of a baseline policy, Managing servers using Server Manager
- reference link / Maintaining and monitoring the integrity of a baseline policy
- using / Microsoft ASA
- attack surface
- reference link / Server types and roles
- auditing
- about / Auditing
- default policies / Default auditing policies
- auditing policies
- Object Access-Audit File System / Enabling Global Object Access Auditing – filesystem
- Object Access-Audit Handle Manipulation / Enabling Global Object Access Auditing – filesystem
- Global Object Access Auditing-filesystem / Enabling Global Object Access Auditing – filesystem
- Authorization Manager (Azan) tool
- about / Securing the access mechanism
B
- backup or rollback plan
- in SCW / A backup or rollback plan
- baseline
- about / Baseline and security
- baseline policies
- about / Baseline policies
- RODC / Read-only Domain Controllers
- DNS / Domain Name System
- baseline policy
- integrity, maintaining / Maintaining and monitoring the integrity of a baseline policy
- integrity, monitoring / Maintaining and monitoring the integrity of a baseline policy
- monitoring, with ASA / Microsoft ASA
- BitLocker
- used, for data encrypting / Data encryption using BitLocker encryption
- installing / Installing BitLocker
- data encryption status, verifying / Verifying the encryption status
- data volume, encrypting / Encrypting data volume
- volume, managing / Managing BitLocker volume
- URL / Managing BitLocker volume
- BPA
- about / Microsoft Best Practice Analyzer
- bring your own devices (BYOD)
- about / Controlling and segregating IP address allocation
- Brute Force attack
- about / Adding dynamic IP restrictions
- reference link / Adding dynamic IP restrictions
C
- cache poisoning attacks
- about / Cache poisoning attacks
- Center for Internet Security (CIS)
- URL / Baseline and security
- about / Baseline and security
- Central Access Policy
- reference link / Creating a central access policy
- Cluster Aware Updates (CAU) / Microsoft Windows Server Update Services
- URL / Managing the group membership
D
- DAC
- about / Dynamic Access Control
- reference link / Dynamic Access Control
- configuring / Dynamic Access Control
- DAC configuration
- KDC support, enabling / Enabling the KDC support
- claim type, creating / Creating claim types
- Resource Properties, enabling / Creating and enabling resource properties
- Resource Properties, creating / Creating and enabling resource properties
- Central Access Rule, creating / Creating a central access rule
- Central Access Policy, creating / Creating a central access policy
- Central Access Policy, deploying / Deploying a central access policy
- folder permissions, configuring on file server / Configuring folder permissions on a file server
- access control configuration, verifying / Verifying access the control configuration and permission
- permission, verifying / Verifying access the control configuration and permission
- data protection
- about / Data protection
- unwanted shares, removing / Removing unwanted shares
- data encrypting, BitLocker used / Data encryption using BitLocker encryption
- Denial of Service (DoS)
- about / Monitoring the performance
- URL / Monitoring the performance
- Denial Of Service (DoS) attack
- about / Adding dynamic IP restrictions
- reference link / Adding dynamic IP restrictions
- Desired Configuration Management (DCM)
- DHCP
- about / Dynamic Host Configuration Protocol
- security task lists / Dynamic Host Configuration Protocol
- baseline policy, applying / Applying a DHCP baseline policy
- IP address allocation, controlling / Controlling and segregating IP address allocation
- IP address allocation, segregating / Controlling and segregating IP address allocation
- Policy Based Assignment (PBA), configuring / Configuring PBA
- administration, securing / Securing DHCP administration
- IP address, management / IP address and DNS management and monitoring
- IP address, monitoring / IP address and DNS management and monitoring
- DNS management / IP address and DNS management and monitoring
- DNS, monitoring / IP address and DNS management and monitoring
- Distributed DoS (DDoS)
- about / Monitoring the performance
- DNS
- about / Domain Name System
- task list / Domain Name System
- baseline policy, applying / Applying a DNS baseline policy
- Scavenging, enabling on DNS server / Enabling Scavenging on a DNS server
- Scavenging, enabling on DNS zone / Enabling Scavenging on a DNS zone
- dynamic update, securing / Securing DNS dynamic updates
- cache poisoning attacks / Cache poisoning attacks
- Domain Controllers (DCs)
- about / Baseline policies
- Domain Name System Security Extensions (DNSSEC)
- about / Cache poisoning attacks
- reference link / Cache poisoning attacks
E
- EMET
- about / Enhanced Mitigation Experience Toolkit
- technologies / Enhanced Mitigation Experience Toolkit
- URL, for technologies / Enhanced Mitigation Experience Toolkit
- installing / Installing Enhanced Mitigation Experience Toolkit
- configuring / Configuring Enhanced Mitigation Experience Toolkit
- Encrypting File System (EFS)
- about / Encrypting Hyper-V host servers
- event forwarding
- about / Event forwarding
- source computer, configuring / Configuring the source computer
- target (collector) computer, configuring / Configuring the target (collector) computer
- troubleshooting / Troubleshooting event forwarding
- Event Log Readers / Configuring the target (collector) computer
- Event Viewer / Event forwarding, Configuring the target (collector) computer
F
- file or data server
- about / File or data server
- baseline security, applying / Applying baseline security
- access mechanism / The access mechanism
- data protection / Data protection
- Forest Functional Level (FFL)
- about / Dynamic Access Control
- Fully Qualified Domain Name (FQDN)
G
- Global Object Access Auditing / Default auditing policies
- Global Object Access Auditing - directory services
- enabling / Enabling Global Object Access Auditing – directory services
- Global Object Access Auditing - filesystem
- enabling / Enabling Global Object Access Auditing – filesystem
- gMSA
- about / Service accounts
- configuring / Group Managed Service Accounts, Configuring Group Managed Service Accounts
- KDS root key, creating / Creating a KDS root key
- creating / Creating Group Managed Service Accounts
- installing / Installing Group Managed Service Accounts
- GPO
- group membership, WSUS
- managing / Managing the group membership
- Group Policy Management Console (GPMC)
- about / Importing a policy into Active Directory, The printer driver security and installation
- Group Policy Object (GPO)
- about / Baseline and security, Policy implementation
- Group Policy Preference (GPP)
- about / Print server and share permissions
- groups, WSUS
- creating / Creating groups
- guard protection
- about / Guard protection
- enabling / Enabling the guard protection
H
- Hyper-V Administrators
- about / Securing the access mechanism
- Hyper-V Security V1.0
- about / Applying baseline security
- Hyper-V server
- about / Hyper-V servers
- baseline security, applying / Applying baseline security
- access mechanism, securing / Securing the access mechanism
- guard protection / Guard protection
- host servers, encrypting / Encrypting Hyper-V host servers
I
- IIS
- about / Internet Information Services
- baseline security, applying / Applying baseline security
- web server components, securing / Securing web server components
- access mechanisms, securing / Securing the access mechanisms
- dynamic IP restrictions, adding / Adding dynamic IP restrictions
- installation, BitLocker
- about / Installing BitLocker
- installation, EMET / Installing Enhanced Mitigation Experience Toolkit
- installation, gMSA
- about / Installing Group Managed Service Accounts
- installation, RODC
- installation, SCM
- about / Installing Microsoft SCM
- Internet Protocol Security (IPSEC/IPsec)
- about / Configuring and implementing SMB
- IP Address Management (IPAM)
- about / IP address and DNS management and monitoring
- URL / IP address and DNS management and monitoring
K
- Kerberos Key Distribution Center (KDC)
- about / Dynamic Access Control
- Key Distribution Service (KDS)
- about / Group Managed Service Accounts
L
- Least Privilege principle
- reference link / Server types and roles
- about / Server types and roles
M
- Man-In-the-Middle attack
- about / Print server access mechanisms
- Managed Service Accounts (MSA)
- Microsoft BitLocker Administration and Monitoring (MBAM)
- about / Encrypting data volume
- Microsoft Infrastructure Planning and Design (IPD) guides
- Microsoft Message Analyzer
- URL / Monitoring the performance
- Microsoft Security Baselines
- about / Baseline and security
- Microsoft System Center
- URL / Managing servers using Server Manager
- Microsoft System Center 2012 Process Pack, for IT GRC
- Microsoft Windows Server
- about / Microsoft Windows Server
- monitoring
- about / Monitoring
- performance / Monitoring the performance
N
- National Institute of Standards and Technology (NIST)
- URL / Baseline and security
- about / Baseline and security
- National Security Agency (NSA) Configuration Guides
- URL / Baseline and security
- about / Baseline and security
O
- Organizational Unit (OU)
- about / Policy implementation
P
- Policy Based Assignment (PBA)
- about / Controlling and segregating IP address allocation
- configuring / Configuring PBA
- PowerShell
- using / Monitoring and securing server roles
- PowerShell cmdlets
- URL / Managing the group membership
- PowerShell support
- in AppLocker / AppLocker and PowerShell
- Printing and Documenting service
- about / The print server role security
- print server
- about / Print server
- GPO, applying / Print server
- baseline security, applying / Applying baseline security
- role security / The print server role security
- access mechanisms / Print server access mechanisms
- Digitally Sign Communication, enabling / Print server access mechanisms
- printer driver, installing / The printer driver security and installation
- printer driver, security / The printer driver security and installation
- share permission / Print server and share permissions
R
- Remote Server Administration Tool (RSAT)
- about / IP address and DNS management and monitoring
- RODC
- about / Read-only Domain Controllers
- reference link / Read-only Domain Controllers
- installing / Installing RODCs
- configuring / Configuring RODCs
S
- SAMBA 4
- about / Identifying the client and server operating system
- reference link / Identifying the client and server operating system
- Schema / Default auditing policies
- SCM
- about / Microsoft SCM, Baseline policies
- installing / Installing Microsoft SCM
- URL, for downloading / Installing Microsoft SCM
- administering / Administering Microsoft SCM
- GPO, importing / Importing GPO into SCM
- SCW
- about / Baseline and security, Security Configuration Wizard
- business security policy, translating into technical policy / Translating your policy into a technical policy
- policy template, creating / Creating a policy template
- policy review / Policy review and validation
- policy validation / Policy review and validation
- policy implementation / Policy implementation
- backup or rollback plan / A backup or rollback plan
- SCW, sections
- Role-Based Service Configuration / Security Configuration Wizard
- Network Security / Security Configuration Wizard
- Registry Settings / Security Configuration Wizard
- Auditing Policy / Security Configuration Wizard
- SCWCMD
- about / Policy review and validation
- analyze / Policy review and validation
- configure / Policy review and validation
- register / Policy review and validation
- rollback / Policy review and validation
- transform / Policy review and validation
- view / Policy review and validation
- used, for troubleshooting / Analyzing the result and troubleshooting
- used, for analyzing result / Analyzing the result and troubleshooting
- security
- about / Baseline and security
- SCW / Baseline and security, Security Configuration Wizard
- Security Content Automation Protocol (SCAP)
- security policies
- implementing / Creating and implementing security policies
- GPO, exporting from Active Directory / Exporting GPO from Active Directory
- GPO, importing into SCM / Importing GPO into SCM
- imported GPO, merging with SCM baseline / Merging imported GPO with the SCM baseline policy
- SCM baseline policy, exporting / Exporting the SCM baseline policy
- importing, into Active Directory / Importing a policy into Active Directory
- Security Technical Implementation Guides (STIGs)
- URL / Baseline and security
- about / Baseline and security
- Server Core
- about / Microsoft Windows Server, Server types and roles
- reference link / Microsoft Windows Server
- URL, for supported services / Microsoft Windows Server
- Server Manager
- used, for managing servers / Managing servers using Server Manager
- server roles, securing / Monitoring and securing server roles
- server roles, monitoring / Monitoring and securing server roles
- server role baseline report, creating / Creating a server role baseline report
- production servers, analyzing / Analyzing production servers
- server roles
- adding / Server types and roles
- removing / Server types and roles
- server types
- selecting / Server types and roles
- service accounts
- Service Principle Name (SPN)
- Simplified Authorization
- about / Securing the access mechanism
- reference link / Securing the access mechanism
- SMB
- about / Server Message Block, The access mechanism
- implementing / Configuring and implementing SMB
- configuring / Configuring and implementing SMB
- client and server operating system, identifying / Identifying the client and server operating system
- configuration, verifying / Verifying the current SMB configuration
- encryption, enabling / Enabling or disabling the SMB encryption
- encryption, disabling / Enabling or disabling the SMB encryption
- communication, verifying / Verifying SMB communication
- source computer
- configuring / Configuring the source computer
- System Access Control List (SACL) / Default auditing policies
- System Center Virtual Machine Manager (SCVMM)
- about / Encrypting Hyper-V host servers
- System Centre Operations Manager (SCOM)
- about / Monitoring
- URL / Monitoring
T
- target (collector) computer
- configuring / Configuring the target (collector) computer
- Task Scheduler / Monitoring
- Time To Live (TTL)
- about / Cache poisoning attacks
- troubleshooting
- with SCWCMD / Analyzing the result and troubleshooting
- Trusted Platform Module (TPM)
- about / Encrypting data volume
U
- updates, WSUS
- managing / Managing updates
W
- Web Server, best practice recommendations
- reference link / Internet Information Services
- Web Server Security V1.0
- about / Applying baseline security
- Web Services on Devices (WSD)
- about / The printer driver security and installation
- Windows Server Manager
- about / Managing servers using Server Manager
- WSUS
- about / Microsoft Windows Server Update Services
- Server Role / Microsoft Windows Server Update Services
- Database / Microsoft Windows Server Update Services
- Group Policy Objects / Microsoft Windows Server Update Services
- web role, installing / Installing the WSUS web role
- configuring / Configuring WSUS
- automatic updates, configuring / Configuring and deploying automatic updates
- automatic updates, deploying / Configuring and deploying automatic updates
- administering / Administering WSUS
- updates, managing / Managing updates
- group membership, managing / Managing the group membership
- WSUS, administering
- groups, creating / Creating groups