Summary
This module provided you with the necessary knowledge to secure Active Directory Domain Services user accounts. You learned how to restrict an administrative account to least privilege, secure the account by placing it in the protected users group, limit the authentication scope of the account using authentication policies and authentication policy silos, block the less secure NTLM protocol and learned how to search the account database for potentially insecure accounts
Now that you have reviewed this module, you should be able to:
- Configure and manage user accounts to limit security threats across an organization
- Apply Protected Users settings, policies, and authentication silos to protect highly privileged user accounts
- Describe and configure Windows Defender Credential Guard
- Configure Group Policy to block the use of NTLM for authentication
- Disable inactive accounts and require periodic password updates
Resources
Use these resources to discover more.