Windows 2000 Security Little Black Book


This book is known as the "bible" that points out "security holes" in the Windows 2000 system, as well as weaknesses that emerge from poor planning and lax administration. It places extra emphasis on Windows 2000 security issues raised by high-bandwidth connections to the Internet, with and without firewalls. Covers Windows 2000 security at system deployment and during routine system administration.

Read More Show Less
... See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (3) from $1.99   
  • Used (3) from $1.99   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any coupons and promotions
Seller since 2009

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

Very Good
Our feedback rating says it all: Five star service and fast delivery! We have shipped four million items to happy customers, and have one MILLION unique items ready to ship today!

Ships from: Toledo, OH

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2009

Feedback rating:


Condition: Good
Our feedback rating says it all: Five star service and fast delivery! We have shipped four million items to happy customers, and have one MILLION unique items ready to ship today!

Ships from: Toledo, OH

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2011

Feedback rating:


Condition: Like New
"new condition, not used"

Ships from: Murphy, TX

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Sort by
Sending request ...


This book is known as the "bible" that points out "security holes" in the Windows 2000 system, as well as weaknesses that emerge from poor planning and lax administration. It places extra emphasis on Windows 2000 security issues raised by high-bandwidth connections to the Internet, with and without firewalls. Covers Windows 2000 security at system deployment and during routine system administration.

Read More Show Less

Product Details

Meet the Author

Ian McLean, MCITP, MCDBA, MCT, has 40+ years of experience in the education and IT industries. He has coauthored numerous Self-Paced Training Kits covering Windows Server, Windows® client, Microsoft Exchange Server, and SQL Server® technologies.

Read More Show Less

Read an Excerpt

Chapter 1:Windows 2000 Security Features

In Brief

Windows 2000 security is flexible and scalable-from the smallest company right up to multinational corporations in which strict security across wide area networks (WANs), including the Internet, is a major priority. Mostly, however, the new developments in Windows 2000 support the Internet-based enterprise. Security in large organizations is implemented through the use of the hierarchical Windows 2000 Active Directory. Other changes take advantage of the flexibility of the Windows security architecture to integrate authentication using Internet public key certificates, and interactive logon using smart cards. Windows 2000 combines ease of use, good administration tools, and a solid security infrastructure that supports both the enterprise and the Internet.

Windows 2000 Active Directory

Windows 2000 Active Directory stores all domain security policy and account information, provides replication and availability of this account information to multiple Domain Controllers (DCs) and facilitates remote administration. It supports a hierarchical namespace for user, group, and computer account information. Accounts can be grouped by Organizational Units (OUs) rather than the flat domain account namespace provided by Windows NT 4.

NOTE: In Windows NT 4 the domain name space consists of User, Global group, Local group and Computer accounts. There's no hierarchy in the Windows NT 4 domain name space-everything is at the same level. Global groups and Local groups can't be nested, although Global groups can be put into Local groups. A Global group can't inherit rights or permissions from another Global group at a higher level, because there isn't a higher level. This is known as a flat namespace. In contrast, the Windows 2000 namespace is hierarchical. OUs can inherit security policies from higher level OUs, and inheritance can be blocked or enforced. The Windows 2000 hierarchical namespace is discussed later in this chapter. Chapter 3 discusses OUs and Group Policy Objects (GPOs) in detail.

Administrative rights to create and manage user or group accounts can be delegated to the level of OUs. Access rights can be granted to individual properties on user objects to allow, for example, a specific individual or group to have the right to reset passwords but not to modify other account information. Active Directory replication allows account updates at any DC, where Windows NT 4 allowed updates only at the Primary Domain Controller (PDC). Multiple master replicas of Active Directory at other DCs are updated and synchronized automatically.

NOTE: Windows 2000 domains don't have PDCs-all Windows 2000 DCs are equal, although one DC in a domain assumes the role of PDC emulator. In a mixed domain, where there is a Windows NT 4 PDC, a Windows 2000 DC can act as a Backup Domain Controller (BDC) equivalent. This provides a smooth upgrade path from Windows NT 4 to Windows 2000.

Windows 2000 employs a new domain model that uses Active Directory to support a multilevel hierarchical tree of domains. Management of trust relationships between domains is simplified by using two-way transitive trusts (Kerberos trusts) throughout the domain tree. The Windows 2000 domain tree and Kerberos trusts enable Windows 2000 scalability, which is discussed in Chapter 2.

Distributed Security And Security Protocols

Windows security includes authentication based on Internet standard security protocols. Kerberos version 5, discussed in Chapter 4, is implemented as the default protocol, although Windows NT LAN Manager (NTLM) is also supported to provide backward-compatibility. The Transport Layer Security (TLS) protocol, based on Secure Sockets Layer version 3 (SSL3/TLS), supports client authentication by mapping user credentials in the form of public key certificates to existing Windows NT accounts, and provides enhanced feature support for public key protocols in Windows 2000. Public key security and SSL3/TLS are discussed in Chapter 6. Common administration tools are used to manage account information and access control, whether using shared secret authentication or public key security.

In addition to passwords, Windows 2000 supports the optional use of smart cards for interactive logon. Smart cards, which look just like magnetic-stripe bank cards used in Automatic Teller Machines (ATMs), but hold thousands of times more information, support cryptography and secure storage for private keys and certificates, enabling reliable distributed security authentication.

TIP: Some good basic information about smart cards, smart card types, what smart cards look like, and smart card terminology can be found at and

At the network level, Windows 2000 uses Internet Protocol Security (IPSec), which is discussed in Chapter 10. Chapter 11 discusses Virtual Private Networks (VPNs) used for remote access over Wide Area Networks (WANs), including the Internet. The protocols used to implement tunneling in VPNs, such as Point-to-Point Protocol (PPP), Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP), are discussed in Chapter 10.

I'll be discussing protocols throughout this book and have listed only the most significant in this introductory chapter. Protocol specifications are included in Request For Comment (RFC) documents. For example, if you want to find out more about Domain Name Systems Security Extensions (RFC 2535) or Security Association and Key Management Protocol (RFC 2408), then details may be found at and and in-notes/rfc2408.txt respectively.

TIP: A list of RFCs in numerical order may be found at

Deploying Smart Cards

Microsoft Certificate Server enables organizations to issue X.509 version 3 certificates to their employees or business partners. This includes the introduction of the Cryptographic Application Program Interface (CryptoAPI) for certificate management. Organizations may use public key certificates issued by a commercial Certificate Authority (CA), a third-party CA, or Microsoft Certificate Server. System administrators define which CAs are trusted in their environment and hence which certificates are accepted for client authentication and access to resources.

Using public key certificates and mapping to an existing Windows account can authenticate external users who don't have Windows 2000 accounts. Access rights defined for the Windows account determine the resources that the external users can use on the system. Client authentication using public key certificates allows Windows 2000 to authenticate external users based on certificates issued by trusted CAs.

Windows 2000 users have suitable tools and common interface dialog boxes for managing the private/public key pairs and the certificates that they use to access Internet-based resources. Storage of personal security credentials, which uses secure, disk-based storage, is easily transported with the industry-standard protocol Personal Information Exchange (PIE). Windows 2000 also has integrated support for smart card devices.


The operating system implements several encryption methods to take advantage of the use of digital signatures for providing authenticated data streams. In addition to signed ActiveX controls and Java classes for Internet Explorer, Windows 2000 uses digital signatures for image integrity of a variety of program components. In-house developers can also create signed software for distribution and virus protection.

Third-party suppliers are likely to host dynamic password authentication services on Windows 2000 Server and integrate dynamic passwords with Windows 2000 domain authentication. The Application Program Interfaces (APIs) and documentation to support these third-party products are available in the Microsoft Platform Software Development Kit (SDK).

IP Security

The business world makes extensive use of the Internet, intranets, branch offices, and remote access. Sensitive information constantly crosses the networks. The challenge for administrators and other network professionals is to ensure data integrity, confidentiality and authentication. The data must be safe from the following:

  • Modification while en route
  • Interception, viewing, or copying
  • Access by unauthenticated persons

To address these requirements, the Windows 2000 Server operating system includes an implementation of the IP Security Protocol (IPSec) as specified by the Internet Engineering Task Force (IETF). IPSec exists below the transport level, so that its security services are inherited transparently by applications. Microsoft Windows IP Security uses industry-standard encryption algorithms and a comprehensive security management approach to provide security for all TCP/IP communications on both sides of an organization's firewall. The result is a Windows 2000 Server end-to-end security strategy that defends against both external and internal attacks. IPSec is discussed in detail in Chapter 10.

Virtual Private Networks

A Virtual Private Network (VPN) enables a user to tunnel through the Internet or another public network, while maintaining the same level of security that would be provided by a private network. From the user's point of view, the VPN appears to be a point-to-point connection with the corporate server. A VPN must allow roaming or remote clients to connect to resources and be securely authenticated. The user's private address, name and password must be kept private and data must be encrypted. Encryption keys for both the client and the server must be generated and refreshed and the common protocols used in the public network must be supported.

WARNING! Nothing remains secure forever, and encryption keys are no exception. They therefore have an expiry time and require to be periodically refreshed. Precautions, such as an alternate data path, should be taken during a key refresh. If an unauthorized user intercepts a key refresh, then security is compromised.

Windows 2000 currently supports VPN solutions based on PPTP and the recently developed L2TP. IPSec also supports VPNs, but does not commonly meet all the requirements. VPNs are discussed in Chapter 11.

Security Configuration And Analysis Tools

Windows 2000 provides the Security Template and Security Configuration and Analysis snap-ins, plus the secedit command line utility, to configure and analyze security settings based on a series of standard templates that you can load, combine and edit to configure local security. The tools let you analyze your security settings by comparing them with the defaults, and to export the bespoke security templates you create for use in other machines on a network. They enable you to configure security at local machine level, or to amend a machine-type specific template that can then be applied to every machine of that type (workstation, member server and so on) in your network.

Although Windows NT 4 provides numerous graphical tools that can be used individually to configure various aspects of system security, these tools are not centralized-an administrator may need to open three or four applications to configure security for one computer. Security configuration can be complex-and with the distributed security features added in Windows 2000, this complexity has increased.

The security configuration tools are designed to meet the need for central security configuration, and to provide enterprise-level security analysis...

Read More Show Less

Table of Contents

Introduction xxiii
Chapter 1 Windows 2000 Security Features 1
In Brief
Windows 2000 Active Directory 2
Distributed Security And Security Protocols 3
Deploying Smart Cards 4
Encryption 5
IP Security 6
Virtual Private Networks 6
Security Configuration And Analysis Tools 7
Immediate Solutions
Understanding The Active Directory Structure 8
Integrating Security Account Management 9
Using Transitive Two-Way Trusts 10
Delegating Administration 12
Using The Access Control List To Implement Fine-Grain Access Rights 13
Using Security Protocols 14
Using The Security Support Provider Interface 16
Using The Kerberos 5 Authentication Protocol 18
Using Public Key Certificates For Internet Security 23
Implementing Interbusiness Access 29
Providing An Enterprise Solution 30
Using NTLM Credentials 31
Using Kerberos Credentials 31
Using Private/Public Key Pairs And Certificates 32
Using Internet Protocol Security 33
Using Virtual Private Networks 34
Using The Security Configuration Tools 36
Migrating From NT 4 To Windows 2000 38
Chapter 2 Active Directory And The Access Control List 41
In Brief
Windows 2000 Active Directory 42
Immediate Solutions
Supporting Open Standards 46
Supporting Standard Name Formats 47
Using Application Programming Interfaces 48
Using The Windows Scripting Host 51
Enabling Scalability 54
Using Distributed Security 60
Using The Security Settings Extension Of The Group Policy Editor 61
Analyzing Default Access Control Settings 64
Analyzing Default Group Membership 67
Switching Between User Contexts 69
Synchronizing Upgraded Machines With The Default Security Settings 70
Using The Security Templates Snap-in 70
Using The Access Control List Editor 74
Chapter 3 Group Policy 77
In Brief
Group Policy Capabilities And Benefits 78
Group Policy And Active Directory 79
Immediate Solutions
Linking Group Policy With The Active Directory Structure 83
Configuring A Group Policy Management Snap-in 84
Accessing Group Policy For A Domain Or OU 85
Creating A Group Policy Object 86
Editing A Group Policy Object 88
Giving A User The Log-on Locally Right On A Domain Controller 89
Managing Group Policy 91
Adding Or Browsing A Group Policy Object 92
Setting Inheritance And Override 93
Disabling Portions Of A GPO 97
Linking A Single GPO To Multiple Sites, Domains, And OUs 98
Administering Registry-Based Policies 100
Setting Up Scripts 104
Using Security Group Filtering 106
Using Loopback Processing To Make Policies Computer-Specific 109
Setting Up An Audit Policy 113
Chapter 4 Security Protocols 115
In Brief
Protocols 116
Immediate Solutions
Setting Up A Shared Secrets Protocol 119
Using A Key Distribution Center 122
Understanding Kerberos Subprotocols 126
Authenticating Logons 130
Analyzing Kerberos Tickets 137
Delegating Authentication 140
Configuring Kerberos Domain Policy 141
Using The Security Support Provider Interface 143
Chapter 5 The Encrypting File System 149
In Brief
Why Data Encryption Is Necessary 150
The Encrypting File System 151
Immediate Solutions
Using The Cipher Command-Line Utility 157
Encrypting A Folder Or File 158
Decrypting A Folder Or File 160
Copying, Moving, And Renaming An Encrypted Folder Or File 161
Backing Up An Encrypted Folder Or File 162
Restoring An Encrypted Folder Or File 164
Restoring Files To A Different Computer 166
Securing The Default Recovery Key On A Standalone Computer 170
Securing The Default Recovery Key For The Domain 172
Adding Recovery Agents 172
Setting A Recovery Policy For A Specific OU 175
Recovering A File Or Folder 176
Disabling EFS For A Specific Set Of Computers 176
Chapter 6 Public Keys 179
In Brief
Public Key Cryptography 180
Protecting And Trusting Cryptographic Keys 182
The Windows 2000 PKI Components 184
Immediate Solutions
Enabling Domain Clients 189
Applying Windows 2000 Public Key Security 194
Setting World Wide Web Security 196
Using PK-Based Authentication In Internet Explorer 198
Setting Up Microsoft Outlook To Use The Secure Sockets Layer 200
Setting Up PK-Based Secure Email 202
Configuring Outlook Express To Use PK Security 203
Configuring Outlook To Use PK Security 208
Achieving Interoperability 211
Chapter 7 Certificate Services 215
In Brief
Certificates 216
Deploying An Enterprise CA 219
Trust In Multiple CA Hierarchies 220
Immediate Solutions
Setting Up A Certification Authority 222
Using The Certificate Service Web Pages 225
Installing CA Certificates 227
Requesting An Advanced Certificate 231
Enrolling Using A PKCS #10 Request File 234
Configuring A Domain To Trust An External CA 235
Setting Up An Automatic Certificate Request For Computers 237
Starting And Stopping Certificate Services 238
Backing Up And Restoring The Certificate Services Service 239
Displaying The Certificate Services Log And Database 241
Revoking Issued Certificates And Publishing A CRL 243
Configuring The Policy And Exit Modules For Certificate Services 245
Chapter 8 Mapping Certificates To User Accounts 249
In Brief
Why Certificate Mapping Is Needed 250
Types Of Mapping 251
Where Mapping Occurs 252
Immediate Solutions
Installing A User Certificate 253
Exporting A Certificate 256
Installing A CA Certificate 257
Configuring Active Directory For UPN Mapping 259
Configuring Active Directory For One-To-One Mapping 264
Configuring IIS For One-To-One Mapping 265
Configuring Active Directory For Many-To-One Mapping 267
Configuring IIS For Many-To-One Mapping 268
Testing The Mapping 269
Chapter 9 Smart Cards 273
In Brief
What Is A Smart Card? 274
Smart Card Interoperability 275
Supported Smart Cards 279
Supported Smart Card Readers 279
Immediate Solutions
Installing A Smart Card Reader 281
Setting Up A Smart Card Enrollment Station 283
Issuing Smart Cards 286
Logging On Using A Smart Card 289
Deploying Smart Cards 295
Resolving Smart Card-Related Issues 297
Securing The Smart Card Enrollment Station 299
Putting Applications On Smart Cards 300
Using The Smart Card Software Development Kit 301
Using The Microsoft APIs 307
Using The Java Card API 2.1 309
Using The OpenCard Framework 311
Chapter 10 IP Security 313
In Brief
IP Security Protection 314
IPSec Features 314
Security Associations 317
Immediate Solutions
Analyzing IPSec Operations 320
Specifying IPSec Settings 321
Configuring IPSec On Individual Computers 325
Configuring IPSec For A Domain 329
Changing The Security Method 331
Configuring IPSec For An OU 332
Chapter 11 Virtual Private Networks 335
In Brief
Using Virtual Private Networks 336
Tunneling 337
Authentication 339
Comparing PPTP And L2TP 341
The Remote Authentication Dial-in User Service 341
Immediate Solutions
Specifying A VPN Strategy 343
Setting Up A VPN Server 349
Configuring A VPN Server 351
Configuring A VPN Client 353
Organizing Remote Access User Accounts 355
Creating A Remote Access Policy For Router-To-Router VPN Connections 356
Enabling Mutual Authentication 357
Obtaining A Computer Certificate Automatically 358
Adding L2TP And PPTP Ports 359
Setting Up A RADIUS Server 360
Chapter 12 Security Configuration And Analysis Tools 363
In Brief
The Configuration Tools 364
Security Template Settings 365
Predefined Security Templates 367
Immediate Solutions
Creating And Analyzing A Security Configuration 370
Editing A Security Configuration 371
Exporting A Security Configuration 373
Editing Security Templates 374
Using The Secedit Command 376
Glossary 383
Index 399
Read More Show Less


This book discusses network security on a Microsoft Windows 2000 network, although many of the principles of good security are product independent. It's a technical book, addressing technical issues--but it doesn't lose sight of the fact that security is as much a people problem as a technical one. It's designed to help the administrator to balance security and usability, and to set security criteria that colleagues accept as workable and sensible.

Security technologies are developing rapidly. Public key certificates and dynamic passwords help meet the security needs of the enterprise environment. Remote access over public networks, and Internet access for business-to-business communication, are driving the evolution of security technology. Smart cards are replacing password security where the use of the latter has proven to be problematical, and biometrics--the use of a unique physical characteristic such as a fingerprint or retina scan instead of a PIN--provides a sound basis for account security combined with ease of use. This book covers the new features that Windows 2000 provides to assist the security professional to set up a sound but useable security framework--always remembering that nothing's infallible!

Who the Book Is For This book is for network professionals, possibly with a Windows NT 4.0, NetWare or Unix background, who are administering or intend to administer Windows 2000 networks--and specifically to set up Windows 2000 security. It would also be of use to technical support personnel and to consultants and designers tasked with developing and setting up security on a network. The book's structure makes it ideal for those who want to learn the facts, carryout the procedures and solve the problems--fast.

The book assumes that readers know how an NT 4 trust works, have come across User Manager for Domains, Server Manager, System Policy Editor and Event Viewer, have a working knowledge of TCP/IP and know the limitations of 10BaseT.

How the Book Is Organized

The first chapter takes a broad-brush approach, introducing the topics that will be described in detail later in the book, and the terms and acronyms that the reader will come across time and time again when implementing Windows 2000 security. The purpose of the chapter is to provide an overview, familiarize the reader with the concepts, and let him or her decide which of the subsequent chapters is of particular interest. This book is about solving problems. Chapter 1 addresses the problem of knowing where to start, what to look for, and where to find it.

Chapter 2 describes Active Directory, which defines the structure of a Windows 2000 network, and provides the means to implement structured, multi-level security zones with a finer granularity of control than was possible with previous Microsoft Windows implementations. The chapter demonstrates how Active Directory can be customized and Access Control Settings configured, and introduces the Microsoft Management Console (MMC) snap-ins that are used to configure and administer all aspects of Windows 2000, including security policies.

Chapter 3 describes group policy, and the methods by which the settings contained in Group Policy Objects (GPOs) can be applied to Active Directory objects such as sites, domains and Organizational Units (OUs). The chapter discusses policy inheritance, how domain-level policies may be enforced or blocked at lower levels in the Active Directory structure, and how security group filtering enables the certain administrative tasks to be delegated without compromising of overall domain security policy.

Chapter 4 looks at the various Windows 2000 Security Protocols and how these are used. In particular, the chapter highlights Kerberos 5, the Windows 2000 default authentication protocol. The chapter describes how mutual authentication is achieved using a shared secret protocol, and discusses shared keys, session keys, key distribution centers, Kerberos tickets, the ticket granting service, and cross-domain authentication. The principles and practice described in this chapter are central to the entire concept of Windows 2000 security.

In Chapter 5, the problem of unauthorized access to sensitive data id outlined, and the Windows 2000 solution, the Encrypting File System (EFS) is described. EFS is normally invisible to the user, who can access and edit his or her own files in the usual manner, while the files remain inaccessible to any other user. This has its own problems, and the use of recovery agents to retrieve encrypted files is also discussed.

Chapters 6 and 7 are interlinked. The use public keys, private keys, and security certificates provides strong security when sensitive data is being sent over a hostile environment such as the Internet. Chapter 6 discusses the Windows 2000 public key infrastructure (PKI), the use of the SSL3 protocol to set up a secure Web site, and the use of digital signatures and encryption to protect sensitive e-mail traffic. Chapter 7 discusses certificate authorities (CAs), including Microsoft Certificate Services and third party CAs such as VeriSign and Thawte. The chapter describes how to set up a CA, how to obtain certificates, and how to set up a certificate revocation list (CRL).

Chapter 8 discusses certificate mapping, which implements certificate-based security for logons over a hostile environment, such as the Internet, and provides a method of authenticating logons by employees of a partner or subsidiary organization who don't have individual accounts in a domain.

Smart cards, discussed in Chapter 9, are rapidly becoming the authentication method of choice, particularly for large organizations that have found password security difficult to manage in the past.

Sensitive data is at its most vulnerable when travelling across a network. While SSL3 encryption can be used by (for example) browsers, it requires applications to be SSL3 aware. Internet Protocol Security (IPSec), discussed in Chapter 10, provides a method, invisible to the user, of securing all network traffic against both outsiders and malicious insiders.

Where traffic passes over a foreign network, such as the Internet, tunneling through Virtual Private Networks (VPNs), discussed in Chapter 11, provides a cost-effective answer to security concerns.

Chapter 12 looks at the tools provided for configuring local security using security templates, editing security parameters, creating new templates, and analyzing security settings

Finally there's a glossary that lists and explains the technical terms used in the book, and a comprehensive index to enable the reader to search for specific terms and topics, making the use of the book even quicker and more effective.

How the Book Can Be Used

This book can be read through from start to finish, and will give an excellent grounding in Windows 2000 security. However, the reader may feel it's more appropriate to skip around, finding examples and procedures that will help with current tasks or with any problems he or she may encounter. The book is a reference resource, to be used in the way best suited to the reader's needs and experience.
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)