Introduction
The first step in securing Windows Server is to ensure that you've properly configured user accounts. First, confirm the accounts have only the privileges needed to perform necessary tasks by using the principal of least privilege. Additionally, you need to protect user account credentials from compromise by restricting resources that accounts can use to authenticate against, and the protocols that can be used for that authentication
Learning objectives
After completing this module, you'll be able to:
- Configure and manage user accounts to limit security threats across an organization
- Apply Protected Users settings, policies, and authentication silos to protect highly privileged user accounts
- Describe and configure Windows Defender Credential Guard
- Configure Group Policy to block the use of NTLM for authentication
- Disable inactive accounts and require periodic password updates
Prerequisites
To get the best learning experience from this module, you should have:
- Familiarity with managing Active Directory Domain Services security principals
- Ability to edit Active Directory Group Policy settings
- Experience performing basic Windows Server administration tasks