This policy setting determines if RPC clients authenticate with the Endpoint Mapper Service when their call includes authentication data. The Endpoint Mapper Service on Windows NT4 (all service packs) is unable to process authentication data provided in this manner. Disabling this policy means RPC clients won’t authenticate with the Endpoint Mapper Service, but they can still communicate with it on Windows NT4 Server. The recommended state for this setting is: Enabled.

Orphaned users SQL Server arise when a database user is associated with a login in the master database that no longer exists and should be removed. This situation can happen when the login is removed or when the database is transferred to a different server lacking the corresponding login. The SQL Server logins existing on a server instance can be seen through the sys.server_principals catalog view and the sys.sql_logins compatibility view.

Windows permits an anonymous user to carry out specific actions, such as listing the names of domain accounts and network shares. This functionality proves useful in scenarios when an administrator needs to provide access to users in a trusted domain lacking a reciprocal trust agreement. By default, the Everyone security identifier(SID) is excluded from the token generated for anonymous connections. Consequently, permissions assigned to the Everyone group don’t extend to anonymous users.

Hardened Baseline Configuration is a crucial aspect of system security for cybersecurity experts and the risk management teams. The secure baseline configuration represents a set of security controls that have been carefully selected and implemented to provide a robust general level of system hardening. There isn’t a one-size-fits-all solution, and specific configurations will vary depending on the type of system (server, desktop, etc.), role and its intended use.

The CIS Benchmarks cover a collection of recommended hardening policies specifying different hosts, applications, and operating systems that include detailed recommendations on system configuration, security settings, and other measures that can help organizations safeguard their IT infrastructure against a wide range of cyber threats. The benchmarks cover various platforms and technologies such as operating systems, cloud environments, databases, web browsers, and mobile devices.

The distribution of component object models across different computers is called Distributed Component Object Model (DCOM). DCOM in Windows means an object of the client program can request services from objects on the server program on other computers within the same network. DCOM can also be implemented on a majority of UNIX platforms and aids communication among software components across different computers within a wide area network, local area network(LAN), or over the internet.

Windows Remote Desktop Service(RDS) in Microsoft Windows allows users to control a remote computer or virtual machine over a network using the Remote Desktop Protocol (RDP). To secure this access, it’s crucial to implement strong passwords to prevent brute force attacks and unauthorized access.

Group Policies are part of every Active Directory. Group Policy (GP) is designed to be able to change every system's configurations, from the least to the most privileged layer. Since it is so fundamental in the network management process, it is also very powerful for attackers to use as an attack vector. Therefore, GPO hardening is necessary to ensure that these policies are secure and not easily exploited by attackers, protecting the integrity and security of the entire network.

Best practices for mitigating various attack vectors are changing depending on the environment and server functionality. CIS baselines cover most of the relevant scenarios by addressing the first stage of your Hardening Windows Server project. CIS Benchmarks -What are They and How to Use Them Microsoft has been doing some work related to default security configuration, but there is still a big gap between security best practices (i.e. common benchmarks) and the default Windows configuration.

Access Control Entry (ACE) is data within an access control list detailing the access privileges assigned to an individual user or a collective group of users. In the Access Control Entry system, an identification (ID) distinguishes each ACE and identifies the specific individual or group of subjects. Each access control entry includes: An Access Control List (ACL) is similar to an organized list of rules that determine who can do what.

Microsoft’s initiative to phase out NTLM authentication in favor of the more secure Kerberos protocol was originally announced back in October 2023. At that time, the Windows maker declared its intention to deprecate NTLM and encourage organizations to transition to Kerberos for authentication purposes across its ecosystem. Microsoft announced this week that later this year they are expecting to retire NTLM authentication in Windows 11.

User Account Control (UAC) serves as a security feature in Windows, aiming to safeguard the operating system from unauthorized modifications. Whenever alterations demand administrator-level permissions, UAC prompts the user, allowing them to either authorize or reject the requested change. User Account Control (UAC) provides several benefits, especially in maintaining security and minimizing risks associated with administrative privilege.

Interactive logon: Machine inactivity limit is among the 9 Interactive logon security settings. If a user hasn’t been active on their Windows session for a while and surpasses the set limit, this setting typically determines how long the user can remain inactive before being automatically logged out of their session on the machine. The recommended state for this setting is: 900 or fewer second(s), but not 0.

The ability to authenticate securely over an unsecure network is paramount in safeguarding sensitive information and maintaining trust in digital interactions. In an era where communication often occurs over public networks like the internet, ensuring the authenticity of users and data is critical to prevent unauthorized access and data breaches. Kerberos is a Windows security network authentication protocol that allows users and services to securely authenticate over a non-secure network.

Network hardening involves implementing measures such as configuring firewalls, securing remote access points, blocking unused network ports, removing unnecessary protocols, implementing access lists, and encrypting network traffic to mitigate unauthorized access and bolster the security of a network’s infrastructure. This process involves identifying and addressing vulnerabilities in device management and configurations to prevent exploitation by malicious actors aiming to infiltrate the network.

This Windows policy specifies which accounts can keep data in physical memory, preventing the system from paging it to virtual memory on disk. RAM (Random Access Memory) and virtual storage serve as two types of memory in a computer system, each with distinct functions and characteristics. RAM, the physical memory installed in a computer, provides fast access to actively used data by the CPU, determining the system’s multitasking capabilities.

Security logging and auditing in a Windows environment refers to the process of systematically recording events and activities that occur within the operating system. These audit records are stored in the security log, a component of the Windows Event Viewer. Manage auditing and security log setting grants specific users or groups the authority to configure auditing policies and manage security logs.