Customer Rating: 
Summary: Must Have This Book for Any MS Admin
Comment: I've been purchasing books here since the days of NT 4 Server and have yet to feel oblighted to write a review until I read this book. Let's face it, any book written by or endorsed by "Mark Manasi" is worth every penny. This book covers the DOs and DON'Ts for Group Policy like no other. Simple and to the point. "I am" the IT Department therefore my time is at a premium. The author gives me the answer I need in plain english.
Customer Rating: 
Summary: Only good for workstations, not complete.
Comment: For managing GPOs for locking down servers, this is not a complete book. This is an excellent book for managing desktops or workstations, laptops and terminal servers. There are many user rights assignments and security settings that are left completely out of this book.
Updates:
Since the author commented, I feel it's only fair to elaborate on some of the items, either as a thought for a "Group Policy - locking down your servers" book or possibly a future update to this one.
Most of the User Rights Assignments are the most sensitive rights you can grant. Several of them provide the ability to impersonate other users, including the obvious ones (Impersonate client after authentication). Other rights don't actually provide the functionality that users likely think (Create permanent shared objects - you wouldn't believe how many application teams thought this would let them share folders and printers). At the very least, a detailed list of rights that should be granted per setting for complete OS functionality(changing Impersonate Client... without granting the right to the Service builtin object will break a server running Windows Server 2003 with SP1, but have no effect on other versions of the OS) would be very helpful - the defaults for Windows Server 2003 and Windows 2000 Server are completely different.
Personally I think that another book about securing your servers via GPO would be nice. Not everyone should be securing their servers via GPO and it may add a certain level of complexity to an application environment that is not desired, but for larger environments that require an automatic mechanism to correct any security deficiencies or changes, GPOs are an excellent solution. A book that would cover Windows 2000 Server, Windows Server 2003, Windows Server 2008 (or whatever Longhorn ends up being called) and the differences between the OS versions, would be fabulous for a security/AD/GPO admin in any environment that is much more complex. Particularly in a complex environment, all 3 versions of Windows Server that GPOs apply to should be covered. Many larger companies are slow to adopt new versions of software or upgrade that which they already have (if it ain't broke, don't fix it!), so finding OUs that have Windows 2000 Servers and Windows Server 2003 machines in the same structure of your organization is definitely far from abnormal and providing the reference to effectively secure all of the GPO functional server operating systems (or at least the MS ones).
I understand that the intention of this book is to talk about basically the user environment portions of the GPO, but the name doesn't define that, so won't update my rating. Maybe if it had a companion for the machine-side security related settings...
Customer Rating:
Summary: A must!
Comment: When you're working with Group Policies or Profiles, it's simple: you must read this book. Jeremy Moskowitz learns you the tough parts of Windows in his own matchless style.
Customer Rating:
Summary: Excellent source for IT professionals
Comment: This book isn't for beginners but if you're a network or systems administrator it is an excellent source of group policy information for Windows servers and workstations (2000, XP, and 2003).
Customer Rating:
Summary: Easy to Read
Comment: Jeremy Moskowitz books are easy to read. He gives you great examples.
|
|
