Chris Ruston

To be fair, there's a great deal of detailed security-related information presented in this book. Unfortunately, there are several problems with the book that keep it from being useful for most Windows Server admins.

First, it is poorly organized. There is little logical flow to the order in which topics are introduced. For example, often the details of a feature are discussed before the general overview of the feature is presented, or without an explanation of where the feature fits in with the overall security topic being discussed. Transitions between topics are also lacking -- the book sometimes reads like a random list of features, each with a one- or two-paragraph explanation, but without any effort to tie them together and explain to the reader in a clear, concise way how they work together. Needless to say, this is very confusing for the reader, and seriously detracts from the usefulness of the information.

The other problem is target audience: is this book for relative beginners, part-time admins (as the jacket copy suggests), or experienced enterprise admins? Much of the information presented goes well above and beyond what a typical small- to medium-sized business IT admin would need or want. For example, do part-time sys admins really need or want 5 pages of detailed discussion (including diagrams) of the packet structures of the various IPSec modes? Or do they need a half-page summary of the various modes, their advantages/disadvantages, and recommended best-practices for their use in a real-world setting?

Here's another example: the chapter that discusses how to manage permissions for shared folders includes a chart that shows how access tokens and ACLs work, literally breaking it down TO THE BINARY LEVEL (1s and 0s)! Why on earth would any sys admin ever need to know this? The best analogy I can think of is, imagine you need someone to show you how to put gasoline in your car, and instead they launch into an explanation of the molecular structure of petroleum...

Windows includes graphical interfaces for assigning permissions to resources and users, editing security policies, and viewing the effective permissions that result for a given user or group. What the reader needs, of course, is an explanation of what the various permissions mean, and how to use them.

Perhaps worst of all, despite all the detail, the key issues of core Windows Server 2003 security aren't clearly identified and covered in a way that non-security expert admins can quickly grasp and make use of to secure their networks. With all the focus on technical detail, the authors seem to have forgotten to explain the basics. (I'm tempted to make a bad pun here about not describing the domain forest due to all the detail about the trees...)

Bottom line: This is not the book for part-time admins, or admins of smaller networks who need a quick lesson in securing their Windows 2003 servers. For readers looking for what the back cover of this book promises, the Windows Server 2003 Network training kit book from Microsoft is a much better choice.… (mehr)