Security Tools to Administer Windows Server 2012
Applies To: Windows Server 2012, Windows 8
This topic for the IT professional lists and describes Microsoft tools that are available for Windows Server 2012 to administer security technologies and address ongoing threats to your computers and network.
To help you find the right tool for the job, the following security tools are grouped by category and task:
Category |
Task |
|---|---|
Access |
|
Auditing |
|
Certificate Services |
Manage a CA and other Active Directory Certificate Services tasks |
Computer |
|
Credentials |
|
Cryptography |
|
Files |
|
Security policies |
|
Security principals |
|
System security |
|
The following list provides links to the security cmdlets included in the Windows PowerShell Core Modules, and links to cmdlets for technologies that are sometimes used to manage security in your enterprise.
Manage user accounts, groups, and credentials
Managing user identities and processes for logon and authentication involve important yet often repetitive tasks. To obtain information about and manage user accounts, groups, and credentials, use one of the following tools.
Tool |
Type |
Description |
|---|---|---|
Windows command-line tool |
Displays user, group, and privileges information for the user who is currently logged on to the local computer. If used without parameters, whoami displays the current domain and user name. |
|
Windows command-line tool |
Creates, lists, and deletes stored user names and passwords or credentials. |
|
Windows command-line tool |
Adds, displays, or modifies local groups. |
|
Windows command-line tool |
Adds or modifies user accounts, or displays user account information. |
|
Windows PowerShell cmdlet |
Gets a credential object based on a user name and password. |
|
Windows PowerShell cmdlet |
Gets information about the Authenticode signature in a file. |
|
Sysinternals utility |
Lists active logon sessions. |
|
Sysinternals utility |
Lists users logged on to a computer. |
Modify or create new security principals
Adding, deleting, and modifying account and group information is one of the most frequent administrator tasks. To modify or create new security principals, use one of the following tools.
Tool |
Type |
Description |
||
|---|---|---|---|---|
Windows command-line tool |
Configures the server principal name for the host or service in Active Directory Domain Services (AD DS) and generates a .keytab file containing the shared secret key of the service.
|
|||
Windows command-line tool |
Creates, lists, and deletes stored user names and passwords or credentials. |
|||
Windows command-line tool |
Adds, displays, or modifies local groups. |
|||
Windows command-line tool |
Adds or modifies user accounts, or displays user account information. |
|||
Windows command-line tool |
Allows you to add specific types of objects to the directory. |
|||
Windows PowerShell cmdlet |
Adds computers to a workgroup or domain. |
|||
Windows PowerShell cmdlet |
Removes computers from workgroups or domains. |
|||
Windows PowerShell cmdlet |
Resets the computer account password. |
.jpeg)
NoteManage certificates and encryption
Certificate and encryption can significantly strengthen the security of a network and its resources. To manage certificate requests and encrypted files or directories, use the following tools.
Tool |
Type |
Description |
|---|---|---|
Windows command-line tool |
Requests certificates from a certification authority (CA), retrieves a response to a previous request from a CA, creates a new request from an .inf file, accepts and installs a response to a request, constructs a cross-certification or qualified subordination request from an existing CA certificate or request, or signs a cross-certification or qualified subordination request. |
|
Windows command-line tool |
Displays or alters the encryption of directories and files on NTFS volumes. If used without parameters, cipher displays the encryption state of the current directory and any files it contains. |
|
Windows PowerShell cmdlet |
Gets information about .pfx certificate files on the computer. |
|
Windows PowerShell provider |
Allows you to navigate the certificate namespace and view the certificate stores and certificates. You can also copy, move, and delete certificates and certificate stores, and open the Certificates snap-in for the Microsoft Management Console (MMC). |
|
Manage a CA and other Active Directory Certificate Services tasks
Active Directory Certificate Services (AD CS) role services allow an organization to issue and manage certificates that enable a variety of network infrastructure requirements. To manage a CA and complete a variety of other AD CS tasks, use the following tool.
Tool |
Type |
Description |
|---|---|---|
Windows command-line tool |
Collects and displays certification authority (CA) configuration information, configures AD CS, backs up and restores CA components, and verifies certificates, key pairs, and certification paths. |
Manage access to network resources
Files, folders, and shares that are protected by using access control lists (ACLs) can be monitored and managed by using the following tools, cmdlets, and utilities. To obtain information about access permissions on resources, use one of the following tools.
Tool |
Type |
Description |
|---|---|---|
Windows command-line tool |
Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories. Icacls.exe replaces the Cacls.exe tool for viewing and editing DACLs. |
|
Windows command-line tool |
Displays and changes permissions (access control entries) in the ACL of objects in Active Directory Domain Services (AD DS). |
|
Windows PowerShell cmdlet |
Gets the security descriptor for a resource, such as a file or registry key. |
|
Sysinternals utility |
Allows you to scan file shares on your network and view their security settings. |
|
Sysinternals utility |
Displays access permissions to files, registry keys, or Windows services for a specified user or group. |
|
Sysinternals utility |
Displays access permissions to directories, files, and registry keys for all users and groups on computers in your domain. |
Take ownership or securely delete files
Administrators might need to modify the ownership of files or ensure that deleted files cannot be accessed. To take ownership or securely delete files, use one of the following tools.
Tool |
Type |
Description |
|---|---|---|
Windows command-line tool |
Enables an administrator to recover access to a file that previously was denied, by making the administrator the owner of the file. |
|
Sysinternals utility |
Allows you to securely overwrite your sensitive files and remove previously deleted files by using this Department of Defense–compliant secure deletion program. |
Manage security auditing and audit logs
Security auditing allows you to monitor and analyze a wide variety of computer and network activities. The following utilities can be used to configure event logging and manage event logs and event log entries.
Tool |
Type |
Description |
|---|---|---|
Windows command-line tool |
Displays information about and performs functions to modify audit policy settings. |
|
Windows command-line tool |
Creates and manages Event Trace Session and Performance logs and supports many functions of Performance Monitor from the command line. |
|
Windows PowerShell cmdlet |
Deletes all entries from specified event logs on a local or remote computer. |
|
Windows PowerShell cmdlet |
Gets the events in the event queue. |
|
Windows PowerShell cmdlet |
Gets the events in a specified event log or a list of the event logs on a computer. |
|
Windows PowerShell cmdlet |
Creates a new event. |
|
Windows PowerShell cmdlet |
Creates a new event log and a new event source on a local or remote computer. |
|
Windows PowerShell cmdlet |
Deletes events from the event queue. |
|
Windows PowerShell cmdlet |
Deletes an event log or unregisters an event source. |
|
Windows PowerShell cmdlet |
Displays the event logs of the local or a remote computer in Event Viewer. |
|
Windows PowerShell cmdlet |
Writes an event to an event log. |
|
Windows PowerShell cmdlet |
Sets the event log properties that limit the size of the event log and the age of its entries. |
|
Sysinternals utility |
Allows you to collect event log records. |
|
Windows command-line tool |
Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs. |
Analyze and manage security policies
Security policy is the configurable set of rules that the operating system follows when determining the permissions to grant in response to a request for access to resources. You can use the following tools to analyze and manage security policy settings for a single computer or a domain.
Tool |
Type |
Description |
||
|---|---|---|---|---|
Windows administrative tool |
Determines the minimum functionality required for a server's role or roles and disables functionality that is not required. |
|||
Windows command-line tool |
Configures and analyzes system security by comparing an existing configuration to at least one template. |
|||
Windows command-line tool |
Refreshes local and domain Group Policy settings, including security settings.
|
|||
Windows command-line tool |
Displays Resultant Set of Policy (RSoP) information for a local or domain user and computer. |
|||
Local Security Policy |
Microsoft Management Console (MMC) snap-in |
The Security Policy snap-in (secpol.msc) allows you to adjust settings for Account Policies, Local Policies, Windows Firewall with Advanced Security, Network List Manager Policies, Public Key Policies, Software Restriction Policies, Application Control Policies, IP Security Policies on Local Computer, and Advanced Audit Policy Configuration. |
||
Security templates |
Microsoft Management Console (MMC) snap-in |
Security templates provide standard security settings to use as a model for your security policies. They help you troubleshoot problems with computers whose security settings are not in compliance with policy or are unknown. Security templates are inactive until imported into a Group Policy object or the Security Configuration and Analysis snap-in to MMC. |
||
Microsoft Management Console (MMC) snap-in |
AppLocker helps you control which applications and files users can run. These include executable files, scripts, Windows® Installer files, DLLs, Packaged apps and Packaged app installers. You can also use AppLocker to inventory applications running on your computers. |
|||
Microsoft Management Console (MMC) snap-in |
You can use software restriction policies to create a highly restricted configuration for computers, in which you allow only specifically identified applications to run. Software restriction policies are integrated with Microsoft Active Directory and Group Policy. You can also create software restriction policies on stand-alone computers. Software restriction policies are trust policies, which are regulations set by an administrator to restrict scripts and other code that is not fully trusted from running. |
Analyze and manage computer processes and performance
Understanding the configuration and behavior of a computer and the applications and processes running on that computer are important to diagnosing performance issues and system failures but can require detailed investigation. The following tools can assist with many of these tasks.
Tool |
Type |
Description |
|---|---|---|
Windows command-line tool |
Allows a user to run specific tools and programs with different permissions than the user's current logon provides. |
|
Windows command-line tool |
Communicates with the Service Controller and installed services. |
|
Windows command-line tool |
Enables you to shut down or restart local or remote computers one at a time. |
|
Windows command-line tool |
Displays a list of currently running processes on the local computer or on a remote computer. |
|
Windows command-line tool |
Ends one or more tasks or processes. Processes can be ended by process ID or image name. |
|
Windows command-line tool |
Configures, queries, or changes Boot.ini file settings. |
|
Windows PowerShell cmdlet |
Gets the execution policies in the current session. |
|
Windows PowerShell cmdlet |
Changes the user preference for the execution policy of the shell. |
|
Sysinternals utility |
Allows you to start programs as a different user via a shell context-menu entry. |
|
Sysinternals utility |
Includes command-line tools for listing the processes running on local or remote computers, running processes remotely, restarting computers, and obtaining copies of event logs. |
|
Sysinternals utility |
Allows you to bypass the password screen during logon. |
|
Sysinternals utility |
Shows what programs are configured to start automatically when a computer starts and the user logs on. Autoruns also shows the registry and file locations where applications can configure auto-start settings. |
|
Sysinternals utility |
Allows you to find out what files, registry keys, and other objects processes are open, which dynamic link libraries (DLLs) they have loaded, and who owns each process. |
|
Sysinternals utility |
Allows you to run processes with limited-user rights. |
Diagnose, plan and remediate overall system security
Microsoft provides a number of free tools that can be used to diagnose overall system health, plan for improvements and migrations, and security and protect against the risk of infection from malware. The following tools can be used to accomplish these tasks.
Tool |
Type |
Description |
|---|---|---|
Download |
The SDL Developer Starter Kit offers 14 content modules (with speaker notes, presenter guides, and sample comprehension questions) plus eight MSDN virtual labs with lab manuals—all created to help you build a customized SDL training program for your development teams. |
|
Download |
Checks computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003Windows 8, Windows 7, Windows Vista, and Windows XP for infections by specific, prevalent malicious software and helps remove any infection found. |
|
Download |
Provides information and recommendations about best practices to help enhance security within your IT infrastructure. |
|
Download |
Allows you to design mitigation methods to help prevent malicious users from gaining access to your system. |
|
Download |
Allows you to enter information including business requirements and application architecture, which is then used to produce a threat model. |
|
RootkitRevealer |
Sysinternals utility |
Allows you to scan your computer for rootkit-based malware. |
Sysinternals utility |
Allows you to collect file version information and verify that images on your computer are digitally signed. |
|
Download |
Allows you to catalogue changes made to the operating system attack surface by the installation of new software. |
|
Download |
The MAP Toolkit is a powerful inventory, assessment and reporting tool that can securely assess IT environments for various platform migrations. Having an inventory of what platforms exist in your environment can enable you to more quickly deploy security updates, react to security incidents, contain any issues that may arise, and recover more quickly from those issues. |
See also
The following table provides additional resources for security tools in related technologies.
Group Policy |
|
Active Directory Domain Services |
|
Active Directory Certificate Services |
|
Security Troubleshooting |
|
Windows Server Update Services |
|
Microsoft System Center |