Category Archives: Windows - Page 4

Implement NTLM Blocking in Windows Server 2016

Implement NTLM Blocking

NT Lan Manager (NTLM) is a proprietary Microsoft security protocol for providing authentication in the Windows operating system. It’s quite old, and we can implement NTLM blocking to disable it, allowing us to increase overall security by instead moving to another protocol such as Kerberos. We’ll see how to do this in Windows Server 2016 using group policy in the examples here.

Read more »

Enable Bitlocker to use Secure Boot for platform and BCD integrity validation

Enable Bitlocker to use secure boot for platform and BCD integrity validation

BitLocker and Secure Boot are important features for a secured Windows operating system to defend against boot and offline attacks. This post will show you how to enable BitLocker to use secure boot for platform and BCD integrity validation.

During the boot process BitLocker will check that the security sensitive boot configuration data (BCD) settings have not been changed since BitLocker was enabled, recovered, or resumed.


This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.


Read more »

Import and Export Windows Firewall Settings in Windows Server 2016

Import and Export Windows Firewall Settings

Instead of manually configuring the same Windows Firewall rules on many different servers, we can import and export Windows firewall settings to transfer them between different servers.

We can also import the firewall rule policy file into a Group Policy Object (GPO) to apply it automatically throughout a whole domain.

Read more »

Create, View, and Import Security Baselines with Security Compliance Manager (SCM)

create, view, and import security baselines with Security Compliance Manager

Security baselines are used as templates to control the security settings that apply to the Windows operating system or piece of Microsoft software. We can create, view, and import security baselines with Security Compliance Manager (SCM), allowing us to quickly modify various security specific settings which is what we’ll cover here.

Read more »

Install and Configure Security Compliance Manager (SCM)

Install and Configure Security Compliance Manager (SCM)

Microsoft’s Security Compliance Manager (SCM) is used to access and automate Windows security baselines from a central location. We’ll show you how to install and configure Security Compliance Manager 4.0 which adds support for Windows 10 and Windows Server 2016.

SCM will allow you to plan, create, manage, analyze and customize security baselines for all Windows systems within your environment quickly and efficiently.

Read more »

Implement AppLocker rules using Windows PowerShell

Implement AppLocker rules using Windows PowerShell

We can implement AppLocker rules using Windows PowerShell in addition to group policy. AppLocker PowerShell cmdlets are used to make, test and troubleshoot AppLocker policy, however the cmdlets are designed to complement the AppLocker user interface that is configured through either local or group policy.

Read more »

Implement AppLocker Rules in Windows Server 2016

Implement AppLocker Rules

We can implement AppLocker rules using group policy in a Windows domain to limit the execution of arbitrary executable files. AppLocker takes the approach of denying all executables from running unless they have specifically been whitelisted and allowed.

Read more »

Implement Control Flow Guard in Visual Studio 2015

Implement Control Flow Guard (CFG)

Control Flow Guard (CFG) is used to help protect against memory corruption vulnerabilities in .NET software. We can implement Control Flow Guard in Visual Studio 2015 to help protect against these problems in Windows.

Read more »

Determine usage scenarios for Encrypting File System (EFS)

Determine Usage Scenarios for Encrypting File System

This post will help you determine usage scenarios for encrypting file system (EFS) in Windows Server 2016 as per the 70-744 objectives. We’ll cover how you can use EFS to encrypt files in Windows.

Read more »

Configure Windows Defender scans using Windows PowerShell

We can configure Windows Defender scans using Windows PowerShell as an alternative to configuring them through the graphical user interface. This allows us to integrate Windows Defender features into PowerShell scripts, and configure settings that are not available through the graphical user interface.

Read more »