Updates
Latest Tweet
What's New?
Check out for latest innovation, a computer based training video collection
Like this Page
Group Policy, Profiles, and IntelliMirror for Windows2003, WindowsXP, and Windows 2000 (Mark Minasi Windows Administrator Library) Review by W. Hargraves
Only good for workstations, not complete.
For managing GPOs for locking down servers, this is not a complete book. This is an excellent book for managing desktops or workstations, laptops and terminal servers. There are many user rights assignments and security settings that are left completely out of this book.
Updates:
Since the author commented, I feel it's only fair to elaborate on some of the items, either as a thought for a "Group Policy - locking down your servers" book or possibly a future update to this one.
Most of the User Rights Assignments are the most sensitive rights you can grant. Several of them provide the ability to impersonate other users, including the obvious ones (Impersonate client after authentication). Other rights don't actually provide the functionality that users likely think (Create permanent shared objects - you wouldn't believe how many application teams thought this would let them share folders and printers). At the very least, a detailed list of rights that should be granted per setting for complete OS functionality(changing Impersonate Client... without granting the right to the Service builtin object will break a server running Windows Server 2003 with SP1, but have no effect on other versions of the OS) would be very helpful - the defaults for Windows Server 2003 and Windows 2000 Server are completely different.
Personally I think that another book about securing your servers via GPO would be nice. Not everyone should be securing their servers via GPO and it may add a certain level of complexity to an application environment that is not desired, but for larger environments that require an automatic mechanism to correct any security deficiencies or changes, GPOs are an excellent solution. A book that would cover Windows 2000 Server, Windows Server 2003, Windows Server 2008 (or whatever Longhorn ends up being called) and the differences between the OS versions, would be fabulous for a security/AD/GPO admin in any environment that is much more complex. Particularly in a complex environment, all 3 versions of Windows Server that GPOs apply to should be covered. Many larger companies are slow to adopt new versions of software or upgrade that which they already have (if it ain't broke, don't fix it!), so finding OUs that have Windows 2000 Servers and Windows Server 2003 machines in the same structure of your organization is definitely far from abnormal and providing the reference to effectively secure all of the GPO functional server operating systems (or at least the MS ones).
I understand that the intention of this book is to talk about basically the user environment portions of the GPO, but the name doesn't define that, so won't update my rating. Maybe if it had a companion for the machine-side security related settings...