Windows Server 2016 security implementation

The course provides in-depth coverage of Windows Server security, network and directory infrastructure security. The course covers the topics covered in Microsoft's course 20744.

The course is designed for experienced IT professionals who are familiar with Windows Server 2016 systems and who will be responsible for protecting, securing, managing and maintaining Windows Server 2016-based enterprise infrastructure.

• Vulnerability detection and the use of Sysinterals tools: overview, basic concepts; cybercrime tools, attack types and their characteristics; use of incident-response based start strategies; overview of Sysinternals tools and their use for vulnerability/attack detection.
• Protecting privileged access and security credentials: overview of user privileges, computer and services accounts; protecting security credentials; overview of privileged access workstations and jump servers; implementing, installing and configuring local administrative password (LAP) solutions; configuring restricted groups; delegating privileges; creating and managing managed service accounts (MSAs); using Credential Guard; detecting problem accounts.
• Restricting administrator privileges: overview of Just Enough Administration (JEA); installing and configuring JEA; creating JEA files (role-capability, session configuration); creating and connecting a JEA endpoint; installing JEA using Desire State Configuration (DSC).
• Privileged Access Management and Administrative Forests: overview of Enhanced Security Administrative Environment (ESAE); overview and use of Microsoft Identity Manager (MIM); configuring and requesting privileged access; overview of Just In Time (JIT) Administration; implementing JIT and privileged access management using MIM.
• Protection against malware and other threats: configuring and managing Windows Defender; Software Restriction Policies (SRP) and Applocker hash; configuring and using Device Guard; overview, installation and use of Enhanced Mitigation Experience Toolkit (EMET).
• Security auditing and log file analysis: purpose of auditing, possible applications; auditing file system-level accesses; logging domain logins; configuring and managing advanced security audit policies; configuring Windows Powershell-based auditing and logging.
• Threat Monitoring: review, deploy and use Microsoft Advanced Threat Analytic and Operations Management Suite to monitor and manage various threats.
• Protecting virtualization infrastructure: review and configure Guarded Fabric virtual machines; create shielded and encryption-supported virtual machines.
• Use Security Compliance Manager to configure and manage security limits; deploy, manage and protect Nano Server; deploy, manage and protect Hyper-V and Windows Server containers.
• Protecting data using encryption: basic encryption concepts; designing and implementing encryption; using Encrypting File System (EFS) and BitLocker; encrypting and decrypting data using EFS and Bitlocker.
• Restricting volume and folder access: overview and use of File Server Resource Manager (FSRM), file classification and file management tasks; configuring FSRM quotas; configuring file screening; overview of Dynamic Access Control (DAC); planning DAC implementation; setting user and device requirements, configuring resource property definitions, configuring and managing central access rules and policies.
• Firewall configuration: overview of Windows Firewall; overview of software-based distributed firewalls; configuring and testing inbound and outbound traffic restrictions.
• Network traffic protection: overview of network threats and connection security rules; configuring advanced DNS settings, using DNSSEC; examining network traffic using Microsoft Message Analyzer; using Server Message Block (SMB) encryption, analyzing SMB-based traffic.
• Windows Server maintenance: install and configure WSUS, update settings, accept and install updates, install Windows Defender definitions using WSUS.

Windows Server 2016 operational skills and practice. Completion of or knowledge of courses 20740, 20741 and 20742. As the course materials are in English, basic English language skills at document reading level are required. The lectures will be given in Hungarian.