Learn your way! Get started

Securing Windows Server 2016, Part 1 of 5: Overview and Users

with expert Patrick Loner


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 4/20/2018
Level Intermediate
Runtime 3h 29m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

In this course we need to start off by thinking like an attacker and the attack phases. It will begin with a introduction to attacks, breaches and detection. Next, Users and User security with resources, authorization and credentials as well as controlling rights and privileges. It will round out with managing passwords and group managed service accounts.

Prerequisites

This is Part 1 of the series.

Learning Paths

This course will help you prepare for the following certification and exam:
MCSA: Windows Server 2016
70-744: Securing Windows Server 2016

This course is part of the following LearnNowOnline SuccessPaths™:
Windows Server 2016

Meet the expert

Patrick Loner Patrick Loner has certifications for MCSA, MCSE, MCITP, A+, Network+, Security+, and more. He has been working as a Microsoft Certified Trainer, network administrator, and network consultant for over ten years. He has over a decade of experience working with and teaching about Windows networks with client and server operating systems. He has guided many students toward Microsoft and CompTIA certifications. Most recently, he has worked as a freelance trainer and network consultant specializing in Windows Server 2008 and Microsoft Exchange 2007 and Exchange 2010 implementations, design, and upgrades. Patrick continues to branch out now working with and training on Windows Server 2012, Windows 8, Exchange 2013, and System Center Configuration Manager 2012.


Course outline



Introduction to Security

Understanding Attacks (31:25)
  • Introduction (00:29)
  • Assume Breach (03:16)
  • Methods of Attack (12:45)
  • Attack Stages (07:01)
  • Prioritizing Resources (03:30)
  • Incident Response Strategy (02:11)
  • Ensuring Compliance (02:03)
  • Summary (00:06)
Detecting Security Breaches (06:41)
  • Introduction (00:23)
  • Locating Evidence (01:40)
  • Event Logs (02:35)
  • Examining Other Configurations (01:55)
  • Summary (00:06)
Using Sysinternals Tools (29:39)
  • Introduction (00:23)
  • Introducing Sysinternals (02:32)
  • Demo: Sysinternals (01:35)
  • Introduction to FSRM (00:17)
  • System Monitor (02:05)
  • AccessChk (01:32)
  • Autoruns (01:34)
  • LogonSessions (01:24)
  • Process Explorer (01:37)
  • Process Monitor (01:27)
  • Sigcheck (01:18)
  • Demo: Locating Systinternals (01:48)
  • Demo: LogonSessions (05:34)
  • Demo: Process Explorer (03:10)
  • Demo: Process Monitor (03:11)
  • Summary (00:06)

Rights and Permissions

User Rights and Priveleges (41:58)
  • Introduction (00:19)
  • Principle of Least Privilege (05:05)
  • Configuring User Rights (03:23)
  • Configuring Account Security Options (09:33)
  • Demo: Control Privileges (05:29)
  • Demo: Account Options (02:24)
  • Demo: Active Directory in PowerShell (04:08)
  • Demo: User Properties (04:03)
  • Account Security Controls (02:16)
  • Complexity Options (03:28)
  • Summary (01:46)
Assigning Privileges (49:30)
  • Introduction (00:18)
  • Password and Lockout Policies (03:34)
  • Demo: Password Policies (04:22)
  • Configuring Fine-Grained Password Policies (01:26)
  • Understanding PSO Application (02:55)
  • Protected Users Security Groups (03:23)
  • Delegating Administrative Control (04:12)
  • Demo: Access Control Lists (06:25)
  • Local Administrator Password Solutions (03:23)
  • LAPS Requirements (01:40)
  • LAPS Process (01:13)
  • Configuring and Managing Passwords (03:40)
  • Demo: LAPS (04:23)
  • Demo: LAPS GPO (06:42)
  • Summary (01:46)

Accounts and Access

Computer and Service Accounts (19:03)
  • Introduction (00:11)
  • What Is a Computer Account (01:40)
  • Computer Account Functionality (01:19)
  • Working with Secure Channel Passwords (01:54)
  • Service Account Tyoes (02:05)
  • Group MSAs (03:12)
  • Demo: Configure MSA (04:41)
  • Demo: MSA Continued (03:50)
  • Summary (00:06)
Protecting User Credentials (19:23)
  • Introduction (00:11)
  • Introducing Credential Guard (02:14)
  • Credential Guard Requirements (01:30)
  • Configuring Credential Guard (01:18)
  • Verifying Credential Guard Operation (01:23)
  • Credential Guard Weaknesses (01:19)
  • NTLM Blocking (03:33)
  • Searching AD DS for Problem Accounts (02:05)
  • Demo: Locate Problem Accounts (05:41)
  • Summary (00:06)
Privileged Access (11:42)
  • Introduction (00:33)
  • The Need for Privileged Access Workstations (01:52)
  • Privileged Access Workstations (01:41)
  • Jump Servers (01:09)
  • Securing Domain Controllers (06:19)
  • Summary (00:06)