O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Microsoft 70-744: Securing Windows Server 2016

Video Description

This training series focuses on how to secure Windows Server 2016 environments. It covers methods and technologies for hardening server environments and securing virtual machine infrastructures using Shielded and encryption-supported virtual machines and Guarded Fabric. In addition, the series covers the protection of Active Directory and identity infrastructure with the Enhanced Security Administrative Environment (ESAE) Administrative Forest design approach and the management of privileged identities using Just-in-Time (JIT) and Just-Enough-Administration (JEA) approaches, along with Privileged Access Workstations (PAWs) and Local Administrator Password Solution (LAPS). The series also covers threat detection solutions, such as auditing, implementing Advanced Threat Analytics (ATA), the understanding of Operations Management Suite (OMS) solutions, and workload-specific security including the use of Nano Server for particular server workloads. This series will then prepare you to take the MCSE: Cloud Platform and Infrastructure exams. Prior to this, you must complete the 70-740, 70-741, and 70-742 series and take the MCSA: Windows Server 2016 exams.

Table of Contents

  1. Course Introduction
    1. Introduction 00:00:10
    2. Course Introduction 00:02:55
    3. Instructor Introduction 00:01:25
  2. Chapter 01 - Introduction to Attacks, Breaches, and Detection
    1. Chapter 01 - Introduction 00:01:51
    2. Topic A: Understanding Types of Attacks 00:00:23
    3. Assume Breach 00:03:16
    4. Methods of Attack 00:12:46
    5. Attack Stages 00:07:02
    6. Prioritizing Resources 00:03:30
    7. Incident Response Strategy 00:02:11
    8. Ensuring Compliance 00:02:04
    9. Topic B: Detecting Security Breaches 00:00:22
    10. Locating Evidence 00:01:40
    11. Event Logs 00:02:36
    12. Examining Other Configurations 00:01:56
    13. Topic C: Using Sysinternals Tools 00:00:22
    14. Introducing Sysinternals 00:02:32
    15. Demo - Examining Sysinternals Tools 00:01:52
    16. System Monitor 00:02:05
    17. AccessChk 00:01:32
    18. Autoruns 00:01:35
    19. LogonSessions 00:01:25
    20. Process Explorer 00:01:37
    21. Process Monitor 00:01:28
    22. Sigcheck 00:01:18
    23. Demo - Using Sysinternals Tools 00:13:46
    24. Chapter 01 Summary 00:01:32
    25. Chapter 01 Review 00:00:10
  3. Chapter 02 - Protecting Users and Workstations
    1. Chapter 02 - Introduction 00:02:12
    2. Topic A: User Rights and Privileges 00:00:18
    3. Principle of Least Privilege 00:05:05
    4. Configuring User Rights 00:03:23
    5. Configuring Account Security Options 00:09:33
    6. Demo - User Rights and Account Security Options 00:16:05
    7. Account Security Controls 00:02:16
    8. Complexity Options 00:03:30
    9. Password and Lockout Policies 00:03:34
    10. Demo - Configuring Account Policies in Group Policy 00:04:23
    11. Configuring Fine-Grained Password Policies 00:01:26
    12. Understanding PSO Application 00:02:56
    13. Protected Users Security Groups 00:03:23
    14. Delegating Administrative Control 00:04:13
    15. Demo - Delegating Control in AD DS 00:06:25
    16. Local Administrator Password Solutions (LAPS) 00:03:24
    17. LAPS Requirements 00:01:40
    18. LAPS Process 00:01:13
    19. Configuring and Managing Passwords 00:03:41
    20. Demo - Using LAPS 00:11:06
    21. Topic B: Working with Computer and Service Accounts 00:00:10
    22. What is a Computer Account? 00:01:40
    23. Computer Account Functionality 00:01:20
    24. Working with Secure Channel Passwords 00:01:55
    25. Service Account Types 00:02:05
    26. Group MSAs 00:03:13
    27. Demo - Configuring Group MSAs 00:08:33
    28. Topic C: Protecting User Credentials 00:00:11
    29. Introducing Credential Guard 00:02:14
    30. Credential Guard Requirements 00:01:31
    31. Configuring Credential Guard 00:01:17
    32. Verifying Credential Guard Operation 00:01:23
    33. Credential Guard Weaknesses 00:01:19
    34. NTLM Blocking 00:03:34
    35. Searching AD DS for Problem Accounts 00:02:05
    36. Demo - Locating Problem Accounts 00:05:42
    37. Topic D: Using Privileged Access Workstations 00:00:32
    38. The Need for Privileged Access Workstations 00:01:53
    39. Privileged Access Workstations 00:01:42
    40. Jump Servers 00:01:09
    41. Securing Domain Controllers 00:06:20
    42. Chapter 02 Summary 00:02:19
    43. Chapter 02 Review 00:00:10
  4. Chapter 03 - Managing Administrative Access
    1. Chapter 03 - Introduction 00:01:50
    2. Topic A: Understanding and Deploying JEA 00:00:18
    3. Introduction to JEA 00:06:01
    4. JEA Components 00:01:06
    5. Session Configuration Files 00:03:06
    6. Demo - Creating a Session Configuration File 00:03:18
    7. Role Capability Files 00:02:32
    8. Demo - Create a Role Capability File 00:07:31
    9. JEA Endpoints 00:01:12
    10. Demo - Creating a JEA Endpoint 00:02:15
    11. Connecting to JEA Endpoints 00:01:52
    12. Deploying JEA Endpoints 00:02:06
    13. Topic B: Using Enhanced Security Administrative Environments (ESAE) Forests 00:00:17
    14. ESAE Forests 00:02:34
    15. Administrative Tiers 00:01:47
    16. ESAE Best Practices 00:02:42
    17. The Clean Source Principle 00:02:08
    18. Implementing the Clean Source Principle 00:02:25
    19. Topic C: Using Microsoft Identity Manager 00:00:23
    20. Overview of MIM 00:02:37
    21. MIM Requirements 00:01:50
    22. MIM Service Accounts 00:02:51
    23. Topic D: Using JIT Administration and PAM 00:00:32
    24. Overview of JIT Administration 00:01:32
    25. Privileged Access Management (PAM) 00:02:32
    26. PAM Components 00:02:13
    27. Creating an Administrative Forest 00:01:26
    28. Configuring Trust Relationships 00:03:22
    29. Shadow Principals 00:02:09
    30. Configuring the MIM Web Portal 00:01:00
    31. Managing and Configuring PAM Roles 00:01:05
    32. Chapter 03 Summary 00:02:49
    33. Chapter 03 Review 00:00:10
  5. Chapter 04 - Configuring Anti-Malware and Patch Management
    1. Chapter 04 Introduction 00:01:46
    2. Topic A: Configuring and Managing Windows Defender 00:00:09
    3. Understanding Malware 00:04:44
    4. Malware Sources 00:01:41
    5. Mitigation Methods 00:03:26
    6. Windows Defender 00:01:40
    7. Demo - Using Windows Defender 00:06:43
    8. Topic B: Restricting Software 00:00:13
    9. Controlling Applications 00:01:41
    10. Software Restriction Policies 00:02:49
    11. Security Levels 00:01:16
    12. AppLocker 00:02:41
    13. Support for AppLocker 00:03:04
    14. AppLocker Rules 00:01:57
    15. Creating Default Rules 00:03:01
    16. Demo - Using AppLocker 00:11:15
    17. Topic C: Using Device Guard 00:00:15
    18. Overview of Device Guard 00:02:07
    19. Device Guard Features 00:02:12
    20. Configuring Device Guard 00:01:43
    21. Device Guard Policies 00:02:28
    22. Deploying Code Integrity Policies 00:01:33
    23. Control Flow Guard 00:01:25
    24. Topic D: Patch Management with WSUS 00:00:10
    25. Overview of WSUS 00:02:26
    26. Deployment Options 00:02:05
    27. Server Requirements 00:01:53
    28. Configuring Clients 00:01:27
    29. Administering WSUS 00:01:09
    30. Approving Updates 00:01:47
    31. Demo - Installing and Configuring WSUS 00:18:04
    32. Chapter 04 Summary 00:02:07
    33. Chapter 04 Review 00:00:10
  6. Chapter 05 - Auditing and Advanced Threat Analytics
    1. Chapter 05 - Introduction 00:01:12
    2. Topic A: Configuring Auditing for Windows Server 2016 00:00:11
    3. Overview of Auditing 00:01:50
    4. The Purpose of Auditing 00:01:30
    5. Types of Events 00:04:50
    6. Auditing Goals 00:00:57
    7. Auditing File and Object Access 00:01:52
    8. Demo - Configuring Auditing 00:10:03
    9. Topic B: Advanced Auditing and Management 00:00:38
    10. Advanced Auditing 00:01:11
    11. Advanced Auditing Subcategories 00:02:40
    12. Dynamic Auditing 00:02:38
    13. Event Log Subscriptions 00:02:28
    14. Audit Collection Services (ACS) 00:02:01
    15. Demo - Configuring Event Forwarding 00:06:59
    16. Auditing with Windows PowerShell 00:01:58
    17. Demo - Using PowerShell with Audit Logs 00:08:00
    18. Transaction Logging 00:02:03
    19. Module Logging 00:01:07
    20. Script Block Logging 00:00:50
    21. Demo - Configuring PowerShell Logging 00:08:57
    22. Topic C: Deploying and Configuring ATA 00:00:08
    23. Overview of ATA 00:02:35
    24. Usage Scenarios 00:05:09
    25. Deployment Requirements 00:02:14
    26. ATA Gateways 00:02:03
    27. Port Mirroring 00:01:17
    28. Configuring ATA Center 00:01:38
    29. Topic D: Deploying and Configuring Operations Management Suite 00:00:06
    30. Introduction to Operations Management Suite 00:00:54
    31. Deployment Overview 00:01:40
    32. OMS Solutions 00:01:33
    33. Installing OMS 00:01:26
    34. OMS Solutions 00:01:21
    35. Chapter 05 Summary 00:01:59
    36. Chapter 05 Review 00:00:10
  7. Chapter 06 - Securing the Infrastructure
    1. Chapter 06 - Introduction 00:00:53
    2. Topic A: Secure the Virtualization Infrastructure 00:00:28
    3. Introduction to Guarded Fabric 00:03:16
    4. Host Guardian Service 00:01:31
    5. Preparing HGS Nodes 00:01:20
    6. Installing and Configuring HGS 00:02:10
    7. Attestation and Encryption 00:01:35
    8. Attestation Methods 00:01:23
    9. Initializing HGS 00:02:00
    10. Configuring HSG Clients 00:01:24
    11. Topic B: Deploying Security Baselines 00:00:08
    12. Security Compliance Manager (SCM) 00:03:33
    13. SCM Requirements 00:01:21
    14. Demo - Installing SCM 00:03:12
    15. Demo - Installing SCM 00:11:53
    16. Topic C: Deploying Nano Server 00:00:13
    17. Planning for Nano Server 00:01:06
    18. Understanding Nano Server Roles 00:00:45
    19. Installing Nano Server Roles 00:02:07
    20. Nano Server Installation 00:01:01
    21. Installation Steps 00:01:53
    22. Chapter 06 Summary 00:00:47
    23. Chapter 06 Review 00:00:10
  8. Chapter 07 - Configuring Data Protection
    1. Chapter 07 Introduction 00:01:50
    2. Topic A: Planning and Implementing File Encryption 00:00:12
    3. Introducing Encrypting File System 00:06:36
    4. EFS Features 00:06:26
    5. Encryption and Decryption 00:03:47
    6. Recovering EFS Files 00:02:54
    7. Demo - Using EFS 00:08:47
    8. Topic B: Planning and Implementing BitLocker 00:00:13
    9. Overview of BitLocker 00:03:21
    10. BitLocker and TPMs 00:02:19
    11. BitLocker Requirements 00:02:00
    12. Tools for Configuring and Managing BitLocker 00:01:49
    13. Deploying BitLocker 00:01:40
    14. Demo - Deploying BitLocker 00:10:17
    15. BitLocker on Hyper-V VMs 00:00:42
    16. BitLocker and CSVs 00:01:43
    17. Enabling BitLocker for CSV 00:01:08
    18. Network Unlock 00:01:56
    19. Network Unlock Process 00:01:12
    20. BitLocker Recovery 00:03:01
    21. Microsoft BitLocker Administration and Monitoring (MBAM) 00:00:47
    22. Chapter 07 Summary 00:00:49
    23. Chapter 07 Review 00:00:10
  9. Chapter 08 - Advanced File Server Management
    1. Chapter 08 Introduction 00:01:07
    2. Topic A: Using File Server Resource Manager 00:00:18
    3. Capacity Management 00:02:52
    4. Storage Management 00:01:15
    5. Introduction to FSRM 00:01:17
    6. Storage Management with File Server Resource Manager 00:00:24
    7. Overview of FSRM 00:01:15
    8. Installing and Configuring FSRM 00:01:31
    9. Demo - Installing and Configuring FSRM 00:05:52
    10. Quota Management 00:02:54
    11. Demo - Create and Manage Quotas 00:11:52
    12. File Screening 00:02:32
    13. Using File Groups 00:01:54
    14. Exceptions and Templates 00:01:56
    15. Demo - Implementing File Screening 00:10:07
    16. Storage Reports 00:02:13
    17. Report Tasks 00:00:47
    18. Demo - Generating Storage Reports 00:06:51
    19. Automatic File Management 00:01:27
    20. Topic B: Implementing Classification and File Management Tasks 00:00:12
    21. File Classification 00:02:24
    22. Classification Rules 00:01:56
    23. Demo - Configure File Classification 00:08:07
    24. File Management Task 00:03:35
    25. Topic C: Working with Dynamic Access Control 00:00:11
    26. Overview of Dynamic Access Control 00:02:43
    27. Dynamic Access Control Scenarios 00:03:38
    28. DAC Technologies 00:01:13
    29. Understanding Identity 00:03:13
    30. Understanding Claims 00:03:14
    31. Types of Claims 00:02:19
    32. Central Access Policies 00:01:27
    33. Policy Components 00:01:36
    34. DAC Prerequisites 00:03:07
    35. Demo - Implementing DAC 00:16:10
    36. Chapter 08 Summary 00:01:52
    37. Chapter 08 Review 00:00:10
  10. Chapter 09 - Securing the Network Infrastructure
    1. Chapter 09 Introduction 00:02:12
    2. Topic A: Using the Windows Firewall with Advanced Security 00:00:07
    3. Types of Firewalls 00:03:48
    4. Well-Known Ports 00:02:12
    5. Host-Based Firewall 00:02:24
    6. Network Profiles 00:02:16
    7. Configuring the Windows Firewall 00:04:13
    8. Demo - Working with the Windows Firewall 00:17:44
    9. Topic B: Datacenter Firewall 00:00:37
    10. Network Controller 00:02:10
    11. Datacenter Firewall 00:02:24
    12. Network Security Groups 00:00:53
    13. Scenarios for Datacenter Firewall 00:02:20
    14. Topic C: Utilizing IP Security 00:00:12
    15. Overview of IP Security 00:02:07
    16. IPSec Protocols 00:02:08
    17. IPSec Usage Scenarios 00:04:09
    18. IPSec Configuration Tools 00:01:00
    19. Connection Security Rules 00:00:54
    20. Understanding Rule Types 00:01:39
    21. Rule Endpoints 00:01:47
    22. Authentication Settings 00:02:57
    23. Authentication Methods 00:02:32
    24. Encryption Settings 00:01:32
    25. Monitoring Connections 00:00:57
    26. Demo - Implementing IPSec 00:07:10
    27. Topic D: Configuring Advanced DNS Settings 00:00:06
    28. Managing DNS Services 00:03:35
    29. Optimizing DNS Name Resolution 00:03:17
    30. The GlobalNames Zone 00:01:38
    31. Implementing DNS Security 00:04:45
    32. DNS Security (DNSSEC) 00:01:44
    33. Implementing DNSSEC 00:02:44
    34. Demo - Configuring DNSSEC 00:06:54
    35. Introducing DNS Policies 00:01:47
    36. Implementing DNS Policies 00:03:11
    37. RRL Feature 00:03:07
    38. Demo - Configuring DNS Policies 00:08:42
    39. Topic E: Monitoring Network Traffic 00:00:05
    40. Microsoft Message Analyzer 00:02:53
    41. Demo - Using Microsoft Message Analyzer 00:06:00
    42. Topic F: Securing SMB Traffic 00:00:30
    43. SMB 3.1.1 Protocol Security 00:02:12
    44. SMB Encryption Requirements 00:01:35
    45. Encrypting SMB Shares 00:01:26
    46. Disabling Support for SMB 1.0 00:01:24
    47. Chapter 09 Review Summary 00:01:49
    48. Course Closure 00:02:15