Windows Server 2016 Security Features

Name: Windows Server 2016 Security Features
Rating: 4.8 (15 reviews)

Learn all about Windows Server 2016 out-of-the-box security stack, security features, security capabilities and more

Created byIT New Courses

Last updated 10/2021

English

What you'll learn

Describe Windows Server 2016 security technologies
Implement secure administrative techniques using credential guard, Just Enough Administration and Just In Time administration
Secure VM deployment and hosting with guarded fabrics
Reduce the Windows Server 2016 attack surface through security baselines, device guard policies and Server Core first deployments
Workload isolation with containers

Course content

6 sections • 16 lectures • 4h 27m total length

Instructor Introduction1:48
Meet the instructor, a seasoned IT professional leading a cyber security operations center, as he introduces the Windows Server 2016 security features course and outlines its structure.
About the Course7:07
Explore the Windows Server 2016 security features course structure, prerequisites, audience, and learning outcomes, including attack surface reduction, secure administration, container isolation, and virtualization security.

Server Hardening17:49
Hardening Windows Server 2016 by reducing attack surface, deploying server core, and removing unneeded features and payloads with gui and PowerShell for secure workload hosting.
Service Configuration and Account Configuration26:48
Harden Windows Server 2016 by disabling unneeded services, configuring service and built-in accounts, enforcing password and lockout policies, and applying group managed service accounts via group policy.
Remote Access, Application restriction and Firewall configuration16:56
Learn to harden Windows Server 2016 with remote access controls, application restriction policies, and firewall configuration, including isolation rules using certificate-based and domain-based authentication.
Software updates and Configuration baselines10:30
Learn to maintain Windows Server 2016 security through timely software updates, implement desired state configuration and group policy, and test and document configuration baselines to protect workloads.

Local Administrator Password Solution (LAPS)24:11
Harness local administrator password solution (laps) to manage unique per-computer local admin passwords, store them securely in Active Directory, rotate them automatically, and enable controlled access via group policy.
Credential Guard7:59
Credential Guard uses virtualization based security to isolate cached credentials in a separate operating system, protecting authentication data and mitigating hash and ticket attacks.
NTLM Blocking, Protected Users and Authentication Policy Silos14:52
Block NTLM and enforce Kerberos authentication on Windows Server 2016, auditing NTLM traffic and using protected users and authentication policy silos to limit privileged access.
Just Enough Administration (JEA)13:53
Explore how just enough administration (JEA) enables restricted PowerShell access via endpoints and role capability files, plus session configuration files and virtual accounts to perform specific tasks.
ESAE Forests9:10
Discover enhanced security administrative forests, a dedicated admin forest housing privileged accounts linked to production by a one-way trust. Learn benefits like selective authentication and essential security guidelines.
Just in Time Administration (JIT)17:20
Discover just in time administration and PAM in Windows Server 2016, using temporary group memberships, approvals, MFA, and logging to secure privileged tasks.

Introduction to Containers24:22
Explore how Windows Server 2016 security features isolate workloads with containers, including Windows Server, Linux, and Hyper-V containers, their images, and security benefits over virtual machines.
Managing Container Images33:02
Explore managing Windows Server 2016 container images: obtain, update, and create images from repositories like Docker Hub; maintain stateless containers and back up images by committing to a repository.
Docker11:24
Learn to manage Docker containers on Windows Server 2016 with Docker Engine and Docker Enterprise Edition, including running Linux and Hyper-V containers and overriding image defaults.

Requirements

Basic understanding of Windows server operating system
Basic understanding of computer networks
Basic knowledge of accessing and using simple Windows PowerShell commands
Basic knowledge of Active Directory domain services, Group Policy

Description

In this course we will examine the out-of-the-box security features and technologies in the Windows Server 2016 Operating system. We will cover topics like the hardware security features (Secure Boot, VSM, etc.) and software security features (Credential Guard, workload isolation with containers, Just Enough Administration, DSC, AD security features, etc.). We will also discuss about attack surface reduction and server hardening processes and best practices.

After completing this course, you will be able to:

Describe Windows Server 2016 security technologies
Reduce the Windows Server 2016 attack surface through security baselines, device guard policies and Server Core first deployments
Implement secure administrative techniques using credential guard, Just Enough Administration and Just In Time administration
Workload isolation with containers
Secure VM deployment and hosting with guarded fabrics

This course is designed to get you started as quickly as possible. There are a variety of self-paced learning activities. You will get:

Video lectures on each topic explaining each concept thoroughly with examples (and Demonstrations where applicable)
Final Exam at the end of the course - 20 questions to test your knowledge on the topics and concepts learned in the course
Links to official Microsoft resources/blogs/videos for further documentation.

This course is the 7th course from a series of 9 courses which address all aspects to become a Microsoft Cyber Security Professional . This cyber security track is designed to teach you, or fill in the knowledge gaps, all the aspects and technologies to become a successful cyber security professional. The entire track addresses mostly Microsoft security technologies, including the latest cloud services made available by Microsoft like: Microsoft Defender Suite, Office 365 security features and services, Microsoft Graph, Azure Active Directory Security and many more.

Microsoft, Windows, Microsoft 365 and Microsoft Azure are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. This course is not certified, accredited, affiliated with, nor endorsed by Microsoft Corporation.

Who this course is for:

Security Administrators, Security Analysts, System Administrator
Any IT enthusiast who wnts to get started in cyber security and be confortable with the Windows Server 2016 security features

Windows Server 2016 Security Features

What you'll learn

Explore related topics

Course content

Introduction2 lectures • 9min

Reduce Attack Surface4 lectures • 1hr 12min

Secure Administration6 lectures • 1hr 27min

Isolate Workloads with Containers3 lectures • 1hr 9min

Secure Virtualization Workload1 lecture • 30min

Final Exam0

Requirements

Description

Who this course is for: