PUBLISHED BY
Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399
2006 by Thomas P. Gallagher, Matthew Bryan Jeffries, and Lawrence G. Landauer
All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher.
Library of Congress Control Number 2006927197
978-0-7356-2187-9
1 2 3 4 5 6 7 8 9 QWT 1 0 9 8 7 6
Distributed in Canada by H.B. Fenn and Company Ltd.
A CIP catalogue record for this book is available from the British Library.
Microsoft Press books are available through booksellers and distributors worldwide. For further information about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to mspinput@microsoft.com.
Microsoft, Microsoft Press, Active Desktop, Active Directory, ActiveX, Authenticode, Brute Force, Excel, Expression, FrontPage, Hotmail, Internet Explorer, MSDN, MS-DOS, MSN, NetMeeting, Outlook, PowerPoint, SharePoint, Tahoma, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media, Windows Mobile, Windows NT, Windows Server, Windows Vista, and Wingdings are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries . Other product and company names mentioned herein may be the trademarks of their respective owners .
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name , e-mail address, logo, person, place, or event is intended or should be inferred.
This book expresses the author s views and opinions . The information contained in this book is provided without any express, statutory , or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers , or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book.
Acquisitions Editor: Ben Ryan
Project Editor: Kathleen Atkins
Copy Editor: Christina Palaia
Technical Editor: Chris Weber, Technical Review services provided by Content Master, a member of CM Group, Ltd
Body Part No. X12-21108
Dedication
To my parents ”I am very grateful for your continued support and encouragement.
To Vy (Sara) Vu ”Thanks for everything. You are truly amazing.
” Tom
To my parents for all the love, support, and guidance they have always given me.
To my friends for understanding when I had to miss Wing Dome nights.
And especially , thanks to my lovely wife Kim for being there through all
the long days and late nights, always willing to help in any way;
you mean everything to me.
” Bryan
Thanks and blessings to you for taking security seriously; to Katherine (GG)
for her unwavering faith, support, prayers, and believing in me;
to Joy and Christopher for their prayers and encouragement;
to Mammam and John for my first computers;
and to all the great folks at Microsoft
who provided this opportunity.
” Lawrence
About the Author
Tom Gallagher
Tom Gallagher has been intrigued with both physical and computer security from a young age. In 1999, Tom graduated from Loyola University of New Orleans and was hired to work as a penetration tester for Microsoft SharePoint. Since then, he has continued to work on the security of different parts of Microsoft Office and is currently the lead of the Office Security Test team. This team is primarily focused on penetration testing, writing security testing tools, and educating program managers, developers, and testers about security issues.
Bryan Jeffries
Bryan Jeffries has been interested in computers for as long as he can remember. Upon graduating from North Carolina State University in 2001 with a BS degree in Computer Science, he left his home state of North Carolina to work for Microsoft Corporation in Redmond, Washington. He has been working as a software engineer in Microsoft SharePoint Products and Technologies for the past five years and is responsible for driving security testing across Microsoft Office Server System. Bryan lives in Kirkland, Washington, with his beautiful wife, Kim.
Lawrence Landauer
Lawrence Landauer's first interest in computers was as a hobby. After graduating from Montana State University in 1995 with a BS degree in Industrial and Management Engineering, he has since worked for Microsoft Corporation as a software engineer working on coding, testing, and training projects related to security, personal productivity, and deployment.