Windows Security Complete Course

Protect Windows systems by securing hardware and virtualization, prioritizing trusted hardware, TPM, and secure boot, and deploying Hyper-V to isolate and safeguard virtual machines.

Protect hardware against BIOS/UEFI rootkits, CPU side-channel, and firmware attacks. Secure virtualization and supply chain risks by separating management and production, mitigating hypervisor threats and VM escape.

Explore how BIOS and UEFI security protect startup with secure boot, digital signatures, and trusted updates. Examine TPM 2.0, health attestation, VBS, and key management for device integrity.

Explore virtualization-based security features in Windows, including Credential Guard, hypervisor-protected code integrity, and Application Guard for Office and Edge, to protect sign-in data, browser sessions, and documents.

Explore malware, phishing, social engineering, dos/ddos, password attacks, insider threats, and advanced persistent threats, and learn how these attacks compromise organizations. Build awareness of motivations, impacts, and defense strategies.

Explore common attacks and vulnerabilities targeting Windows Server, including ransomware, malware, denial of service, zero-day exploits, and man-in-the-middle threats, and learn how to prevent, mitigate, and patch them.

Explore pass-the-hash attacks, where attackers use password hashes to authenticate across systems, and learn defenders like least privilege, strong passwords, network segmentation, multi-factor authentication, credential guards, and monitoring.

Install Sysmon on Windows to provide enhanced monitoring by logging process creation, network connections, and file creation times to Windows event log; configure with a config.xml and install via sysmon64.

Explore Sysmon event IDs 1, 3, 4, 13, and 22 to detect process creation, network connections, service state changes, registry value sets, and DNS queries for Windows security monitoring.

Discover how autoruns reveals every startup program in Windows, including startup folders, registry keys, and services. Learn to analyze, disable unnecessary items, and verify signatures with VirusTotal.

Use the logon sessions utility from sysinternals to view active windows logon sessions, analyze authentication methods, and support security monitoring of user sessions.

Explore how to use Process Explorer to monitor and manage Windows processes, view handles, loaded DLLs, CPU and memory usage, and properties to troubleshoot and optimize system performance.

Understand how user rights govern system-level tasks on Windows Server, distinguish them from permissions, and apply least privilege by configuring them via local security policy or group policy.

Learn best practices for managing user rights on Windows Server, including the principle of least privilege, regular audits, built-in groups, and documenting changes.

Demonstrates configuring user rights and account security options in Windows Server using local security policy, assigning log on locally rights and applying least privilege to prevent privilege escalation.

Configure and enforce strong password policies, including complexity, expiration, and history, and implement account lockout settings to protect Windows Server from brute force attacks.

Secure Active Directory domain controllers and the Windows infrastructure by minimizing attack surfaces, enabling secure authentication, enforcing password security and auditing, and deploying read-only domain controllers and password replication policy.

Identify and mitigate the seven critical security risks facing Windows Server domain controllers and Active Directory, from network security to privilege escalation, DoS, OS and application vulnerabilities, and physical security.

Demonstrate a kerberoasting attack by configuring a vulnerable service account with an SPN, enabling auditing, and using PowerShell and Mimikatz to analyze tickets for offline cracking and defense.

Demonstrates a kerberoasting attack using Mimikatz to extract a service ticket, crack an RC4-encrypted hash offline, and audit Kerberos activity via security event logs.

Demonstrates kerberoasting prevention by enforcing AES encryption for Kerberos tickets, implementing gMSA, and monitoring domain controller events to detect unusual ticket requests.

Demonstrates installing and using nmap to scan a domain controller, identify open ports and potential vulnerabilities, and assess operating system details on Windows Server 2022.

Assess key security risks affecting domain controllers and Active Directory, including authentication credentials, denial of service, elevation of privilege, wireless certificates, updates, and physical security threats.

Centralize domain controller security by configuring default and custom GPOs, apply domain-wide account policies, and implement advanced audit policy and standardized event log settings for consistent monitoring.

Explore advanced security controls for enterprise infrastructure, including restricted groups policy, system services and firewall hardening, PKI and BitLocker policies, advanced audit configurations, and a practical GPO rollout strategy.

Explore configuring Active Directory domain controller security with GPOs, including the default domain controllers policy, custom GPOs, password and Kerberos policies, restricted groups, auditing settings, and consistent security log retention.

Configure and verify domain controller security policies via group policy, including password length, audit settings, and event log size, then validate with gpupdate and event viewer.

Configure a custom domain controller security policy with a GPO, link it to domain controllers, enforce restricted groups for remote desktop access, and disable printer spooler and other unnecessary services.

Perform hands-on domain controller security with advanced audit policy configuration and account management auditing. Enable security options, interactive logon messages, and Kerberos encryption enhancements on Windows Server 2025.

Explore hands-on knowledge checks on configuring and verifying domain controller security policies with group policy objects, using the Group Policy Management Console, enforcing minimum password length, and auditing logon events.

Create a custom gpo for domain controllers to enable granular, targeted settings and preserve default policies. Link it after the default policy, document changes, and follow change management best practices.

Explore why custom GPOs preserve default domain controller settings and simplify troubleshooting. Learn the processing order Local, Site, Domain, OU and how last-applied wins, linking and documenting for change management.

Centralize security settings for domain controllers via the domain controllers policy or a linked custom GPO in Domain Controllers OU, covering account, local, audit, firewall, PKI configurations for secure authentication.

Explore essential secure authentication practices in a domain environment through knowledge check questions on two-factor authentication, elevated permissions for domain admins, de-provisioning, IPsec, client security, and device health attestation.

Secure domain controllers by enforcing physical security, using raw disks where appropriate, enabling BitLocker, and monitoring hot-swap disks, while protecting virtual disks and securing backups.

Explore essential strategies for securing domain controllers, including physical access controls, read-only domain controllers, BitLocker encryption, hotswap monitoring, secure backups, and protecting virtual disks.

Explore read-only domain controllers for branch offices, enabling local authentication via password replication policy and credential caching while minimizing security exposure and avoiding data replication to other domain controllers.

Explore why read-only domain controllers reduce credential exposure in branch offices, how password replication policies govern cached credentials, and the inbound-only replication that limits RODC as a bridgehead.

Learn how to deploy a read-only domain controller (RODC) using GUI, remote management, or PowerShell, via two-stage pre-staging and delegated promotion.

Plan and configure an RODC password replication policy by managing allowed and denied lists to control which users or computers' credentials are cached, including branch office and raw disk considerations.

Stage a delegated installation of a read-only domain controller and configure a password replication policy for it, then verify the resultant policy in Active Directory Administrative Center and Server Manager.

Learn how to separate RODC local administration by delegating domain users or security groups as local administrators, enabling maintenance on an RODC without granting rights to other domain controllers.

Explore best practices for securing Active Directory by reducing attack surfaces, guarding domain controllers, preventing credential theft, and planning for security incidents.

Explore best practices for securing Active Directory and test your knowledge with questions. Identify gaps in antivirus deployments, prevent credential theft, enforce least privilege, and use secure administrative hosts.

Describe and configure Windows Server 2016+ account security, including password, lockout, Kerberos, authentication, PSR precedence, and resultant PSR with fine-grained policies, plus Windows Hello and Azure MFA.

Learn how user rights grant system-level privileges on Windows Server, distinguish them from file permissions, and apply least privilege via local security policy or group policy.

Explore the difference between user rights and permissions in Windows Server security, learn to manage system-wide tasks via Group Policy or Local Security Policy, and apply the least privilege principle.

Apply least privilege, audit and document user rights, and use built-in groups to manage deny logon locally and logon through Remote Desktop Services on Windows Server.

Learn best practices for managing user rights on Windows Server, applying the principle of least privilege, auditing rights assignments, and securing remote access and system shutdown permissions.

Learn to enforce password history and minimum password age, manage maximum password age and password complexity, and apply domain-wide policies at the domain level in Active Directory.

Configure account lockout policies with thresholds (3–5), duration, and a zero value meaning never locked out, plus a 30-minute reset for brute-force protection and automatic unlock.

Explore how account lockout policies protect Active Directory environments by detecting and preventing brute force attacks, configure thresholds and durations, and balance security with usability through high security practices.

Deploy and configure Kerberos policy settings across the domain using group policy to manage ticket lifetimes, TGTs, clock synchronization, and SSO authentication.

Explore Kerberos policies and their role in secure domain authentication, including single sign-on, ticket lifetimes, time synchronization, and claims and compound authentication.

Demonstrates configuring a domain-based password policy and an account lockout policy in group policy, including password history, max age, min length, complexity, and lockout settings.

Learn how restricted groups in group policy control local group membership on servers and workstations, and how the protected users group strengthens credential protection in AD DS.

Explore restricted groups and protected users in Active Directory, and reinforce how membership control, authentication protocols, and encryption types secure critical accounts and local groups.

Define multiple fine-grained password policies in a single domain via password settings objects linked to users or groups; ensure domain functional level is at least Windows Server 2008.

Master the tools for creating fine grained password policies (PSOs) using PowerShell or Active Directory Administrative Center, configuring complexity, length, age, history, lockout settings, and linking policies to groups.

Explore how fine-grained password policies in Active Directory govern password history, precedence, and complexity; learn to manage PSOs with ADAC and PowerShell, including linking PSOs to groups.

Configure a fine-grained password policy named managers piezo in the Active Directory Administrative Center. Apply this policy to datum\\manager with precedence 10 and minimum length 15.

Link multiple pesos to users or groups; peso with the lowest MSDS password settings precedence becomes the resultant peso. If none linked, default domain policy applies; view MSDS resultant peso.

Explore how Active Directory resolves the effective PSOs for users and groups using MSDS password settings precedence and the MSDS resultant attribute, with viewing in Active Directory users and computers.

Protect domain accounts by enabling the Protected Users security group and configuring authentication policies with DEC claims, limiting local credential caching on domain member computers.

Explore knowledge checks on protected users, Kerberos pre-auth encryption, and authentication policies in Active Directory, including authentication policy silos, TGT lifetimes, and prerequisites for secure domain authentication.

Configure local and domain user account policies via the local security policy console and group policy management, applying password, lockout, and kerberos settings under the default domain policy.

Explore configuring local and domain account policies in an Active Directory environment, covering local security policy, Group Policy precedence, Kerberos settings, and the default domain policy.

Configure auditing to track authentication events on Windows Server 2016 domain controllers, including account logon and logon events, and view security log entries to identify successful and failed attempts.

Differentiate audit account logon events from audit logon events and understand how domain controllers generate them during sign-in. Learn how advanced audit policies provide finer control over logon auditing.

Configure authentication related audit policies with Group Policy Management Console, enable success and failure auditing, update policies with gpupdate, and verify events 4771 and 4768 in Event Viewer.

Scope GPO audit policies to the correct systems by using OUs, and ensure account logon auditing covers all domain controllers, while logon events occur on clients.

Explore how managed service accounts and group MSAs simplify authentication for applications and services in Windows, compare MSAs with standard accounts, and cover Kerberos delegation and SPNs.

Explore the use of built in local accounts for running services, including local system, local service, and network service, and assess security implications and considerations for service accounts.

Examine challenges of using service accounts for programs like SQL Server or IIS, including local versus domain accounts, password management, SPN administration, and Windows Server 2016 managed service accounts.

Discover managed service accounts, providing automatic password management and SP management for program-specific services, with domain functional level 2008 r2+ and route key setup on Windows Server 2016.

Explore group MSAs, extending managed service accounts across multiple servers for automatic password management and simplified SPN handling, with domain controller requirements, KDS root key setup, and AD PowerShell configuration.

Demonstrate configuring group MSAs by creating the domain root key on long DC1, creating and installing the service account, and setting it to a service like the data sharing service.

Enforce password and account lockout policies, and audit AD DS. Deploy rods for branch office authentication and implement password replication; configure a group MSA for a web app.

Implement security policies for accounts, passwords, and administrative groups in Active Directory, applying default domain policy, fine grained password policies, and restricted groups to IT admins.

Deploy and secure an Active Directory domain controller, configure password replication policies, implement read-only domain controller setup, and configure IIS to run under a managed service account.

Configure a domain-wide password policy for all users with high precedence linked to the domain users group, and note that administrative precedence should be low for future restrictive groups.

Ensure physical security for domain controllers to protect all users, computers, and groups. Enable auditing for authentication and directory changes via the default domain controllers policy or a GPO.

Retire smb v1 and adopt smb v2/v3 with encryption and signing to protect data and prevent man-in-the-middle attacks. Learn to enable these protections via PowerShell or group policy.

Learn how to audit SMB v1 usage and block it with group policy, while exploring SMB v2/3 security, SMB signing, and encryption on shares.

Configure smb signing and encryption to prevent man-in-the-middle attacks by digitally signing packets, enforcing client and server signing, enabling encrypt data, and rejecting unencrypted access across shares.

Examine NTLM authentication, including LAN manager, version 1 and 2, and hash storage, plus pass-the-hash risks. See why Kerberos is preferred despite limitations and legacy devices such as printers.

Audit ntlm usage via event 4624, enable deep domain auditing, then enforce ntlmv2 by adjusting network security settings and lan manager level, starting at 3, to phase out lm/ntlmv1 usage.

Configure NTLMv2 as default, allow a fallback to LAN manager and version one, then progressively refuse LAN manager up to level five, auditing devices and enabling Kerberos where possible.

Sign the section company primary zone with DNSSEC, configure a SHA-256 key signing key and distribute trust anchors to DC2, then verify with PowerShell and NRPT policy.

Explore how to manage servers securely using Windows Admin Center, enabling centralized monitoring, threat protection, and update management. Integrate on-premises servers with Azure for monitoring, storage, backup, and disaster recovery.

Securely manage domain controllers and server core systems with Windows Admin Center, adding servers, extensions, PowerShell remoting, Azure integration, and remote desktop for administration.

Explore how Active Directory Domain Services uses domain functional levels to enable security features, authentication policies, and protected users, with real-world upgrade planning scenarios.

Explore replication requirements and upgrade planning from Windows Server 2008 to 2016, migrating from FRS to DFS, and understand functional level rollback limitations and the database 32 pages optional feature.