Rating: 
Summary: Definitely a Worthwhile Purchase
Review: Anyone involved in Windows NT/2000 security development would benefit from adding this book to their library. Brown definitely does an excellent job of explaining one of the more difficult aspects of Windows NT/2000 development -- in fact, I'd say that his treatment of ACLs, security descriptors, desktops, window stations and access tokens is among the best that I have read. The only reason that I don't rate this book with 5 stars is that it does not include anything on the LSA APIs. These are some of the more intimidating APIs that a security developer will ever tangle with, but they are essential for such handy little tasks as joining workstations to domains, creating and/or modifying user or group machine rights, or coding replacement GINA dlls. You can find some pretty decent refrences to these APIs (as well as some decent code examples) on msdn dot microsoft dot com, but you have to hunt for them. Having the LSA included in a handy reference such as this book would definitely make it worthy of a five star rating!
Rating:
Summary: Informative, very good Read.
Review: Good Book if you are looking for information on how Security affects the way COM Components work etc. Informative Book.Must read for all COM programmers.
Rating: 
Summary: best book on the topic
Review: I find this book amazing; it has the best of information i could find on this topic in one book.
The topic on IIS and COM+ helped me learn a lot and taught me some design flaws i had in designing few apps for IIS.
i would recommend every developer to have one in there shelf.
Rating:
Summary: This book is great!
Review: I have been working with Windows NT since beta Version 3.1 and I did not really understand how to program windows security until I read this book. This is a difficult topic and the author makes it easy to understand along the lines of Don Box's 'Essential COM' or a Charles Petzold's 'Programming Windows'. Kieth Brown has a deep understanding of Windows NT security and he shares it with you in this book. If you ever wanted to know why a user must logoff and back on before an access control change will take effect - read this book. If you want to know which security API's you should be using and which you should avoid - read this book. If you want to understand why your IIS website using Windows integrated security can't access a SQL database on another machine without including a user/password pair in the connection string - read this book. If you don't really understand what tokens, logon sessions, window stations or desktops are - read this book. Even though this book is targeted to programmers it is also a great resource for Administrators who really want to understand how security works in Windows NT4 & 2000.
Rating: 
Summary: This book really deserves a 5 star rating
Review: I have read Keith Brown's Security Briefs articles on MSJ. They are awesome. However the extral large fonts used in this book is a huge turn off. This expands the book size from 250 pages to 580 pages. For now, I will stick to Security Briefs articles on MSDN, and the chapter on IIS security from this book available online.
Rating:
Summary: Very good book for security programming
Review: I look forward to the release of this book for more than one year. This book shows much light on windows security programming.It is the Bible for windows developper on security programming...
Rating:
Summary: Software Consultant
Review: I purchased this book based on all the good reviews out there. It was difficult to read and didn't explain much. I was really disappointed and would not recommend to this book for anyone getting into Windows security. I was looking for a book that would allow me to just right into examples and then come back for a better understanding on the details. I thank the person that recommended the "Programming Server-Side Applications" book. That books explains the security topic very well with good presentation. I've been doing C/C++ development for about 7 years in Windows now and this is the first book that I felt was so bad that I had to warn others about. I really like the other books by DevelopMentor (Essential COM, Effective COM, ATL Internals, etc.)
Rating:
Summary: Software Consultant
Review: I purchased this book based on all the good reviews out there. It was difficult to read and didn't explain much. I was really disappointed and would not recommend to this book for anyone getting into Windows security. I was looking for a book that would allow me to just right into examples and then come back for a better understanding on the details. I thank the person that recommended the "Programming Server-Side Applications" book. That books explains the security topic very well with good presentation. I've been doing C/C++ development for about 7 years in Windows now and this is the first book that I felt was so bad that I had to warn others about. I really like the other books by DevelopMentor (Essential COM, Effective COM, ATL Internals, etc.)
Rating:
Summary: Unravels the tangled web
Review: I went out and bought this book at a time when I was having trouble with some DCOM security issues. I have always kind of avoided learning about Windows security, because, frankly, I didn't find it very interesting, and the parts of the documentation I had read were so confusing as to be useless. I was therefore very pleasantly surprised and gratified to find that Brown's book was easy to read, clearly and interestingly written, and explained the details of Windows security in a very straightforward, methodical fashion. Although it was probably not necesary to do so, I read the book from cover to cover. It is organized so as to provide lower level details and concepts in the early chapters, then to move on to higher-level and more complicated issues. For me, this meant that the problem I was working on was not addressed until the second-last chapter, but by the time I got there, I felt that I had a good grasp of the underlying functionality, and could better understand why certain seemingly bizarre APIs and configurations worked the way they do. (After finishing it, I was able to solve the problems I was having, too!) One of the clever features that Brown has included is to provide a non-technical overview in the first three chapters, which is suitable for sharing with your non-technical manager so that you can have intelligent discussions, using a common vocabulary, of the issues you are dealing with. That's truly a rare treat! Another good feature is that the index is quite well done. (There's nothing worse than a reference book in which you can't find the information you're looking for.) The long and the short if it is that this book, while not for everyone, is an outstanding reference on Windows Security.
Rating:
Summary: Unravels the tangled web
Review: I went out and bought this book at a time when I was having trouble with some DCOM security issues. I have always kind of avoided learning about Windows security, because, frankly, I didn't find it very interesting, and the parts of the documentation I had read were so confusing as to be useless. I was therefore very pleasantly surprised and gratified to find that Brown's book was easy to read, clearly and interestingly written, and explained the details of Windows security in a very straightforward, methodical fashion. Although it was probably not necesary to do so, I read the book from cover to cover. It is organized so as to provide lower level details and concepts in the early chapters, then to move on to higher-level and more complicated issues. For me, this meant that the problem I was working on was not addressed until the second-last chapter, but by the time I got there, I felt that I had a good grasp of the underlying functionality, and could better understand why certain seemingly bizarre APIs and configurations worked the way they do. (After finishing it, I was able to solve the problems I was having, too!) One of the clever features that Brown has included is to provide a non-technical overview in the first three chapters, which is suitable for sharing with your non-technical manager so that you can have intelligent discussions, using a common vocabulary, of the issues you are dealing with. That's truly a rare treat! Another good feature is that the index is quite well done. (There's nothing worse than a reference book in which you can't find the information you're looking for.) The long and the short if it is that this book, while not for everyone, is an outstanding reference on Windows Security.
| 
