Category Archives: Exam Guides - Page 4

Install and Configure Security Compliance Manager (SCM)

Install and Configure Security Compliance Manager (SCM)

Microsoft’s Security Compliance Manager (SCM) is used to access and automate Windows security baselines from a central location. We’ll show you how to install and configure Security Compliance Manager 4.0 which adds support for Windows 10 and Windows Server 2016.

SCM will allow you to plan, create, manage, analyze and customize security baselines for all Windows systems within your environment quickly and efficiently.

Read more »

Implement AppLocker rules using Windows PowerShell

Implement AppLocker rules using Windows PowerShell

We can implement AppLocker rules using Windows PowerShell in addition to group policy. AppLocker PowerShell cmdlets are used to make, test and troubleshoot AppLocker policy, however the cmdlets are designed to complement the AppLocker user interface that is configured through either local or group policy.

Read more »

Implement AppLocker Rules in Windows Server 2016

Implement AppLocker Rules

We can implement AppLocker rules using group policy in a Windows domain to limit the execution of arbitrary executable files. AppLocker takes the approach of denying all executables from running unless they have specifically been whitelisted and allowed.

Read more »

Implement Control Flow Guard in Visual Studio 2015

Implement Control Flow Guard (CFG)

Control Flow Guard (CFG) is used to help protect against memory corruption vulnerabilities in .NET software. We can implement Control Flow Guard in Visual Studio 2015 to help protect against these problems in Windows.

Read more »

Determine usage scenarios for Encrypting File System (EFS)

Determine Usage Scenarios for Encrypting File System

This post will help you determine usage scenarios for encrypting file system (EFS) in Windows Server 2016 as per the 70-744 objectives. We’ll cover how you can use EFS to encrypt files in Windows.

Read more »

Configure Windows Defender scans using Windows PowerShell

We can configure Windows Defender scans using Windows PowerShell as an alternative to configuring them through the graphical user interface. This allows us to integrate Windows Defender features into PowerShell scripts, and configure settings that are not available through the graphical user interface.

Read more »

Configure Windows Defender using Group Policy

While Windows Defender can be configured at a high level through the graphical user interface, we can instead configure Windows Defender using group policy which gives us more control and allows us to roll out the settings to the whole domain from a central location.

Read more »

Disable SMB Version 1.0 in Windows Server 2016

Disable SMB Version 1.0 in Windows Server 2016

By default SMB version 1.0 is enabled in Windows Server 2016. As this was last needed in Windows XP and Windows Server 2003 it’s quite old, newer versions of SMB are more secure and have additional features. If you no longer need to support these older versions of SMB file shares, it’s a good idea to disable SMB version 1.0, or even remove it completely, as a number of recent vulnerabilities specifically affect SMB version 1.

Read more »

Integrate Windows Defender with WSUS and Windows Update

Integrate Windows Defender with WSUS and Windows Update

It’s important for Windows Defender to stay up to date so that new known variants of malware can be detected. This can be achieved if we integrate Windows Defender with WSUS and Windows update, which we’ll show you how to do here in Windows Server 2016.

Read more »

Implement Antimalware Solution with Windows Defender

This post will cover the 70-744 exam objective “implement antimalware solution with Windows Defender”, we’ll show you how to work with Windows Defender in Windows Server 2016.

By default Windows Server 2016 comes with Windows Defender installed and running. This is an improvement over Windows Server 2012, which had nothing by default although with some work you could install Windows Defender manually, however this solution was of course not officially supported.

Read more »