Microsoft’s initiative to phase out NTLM authentication in favor of the more secure Kerberos protocol was originally announced back in October 2023. At that time, the Windows maker declared its intention to deprecate NTLM and encourage organizations to transition to Kerberos for authentication purposes across its ecosystem. Microsoft announced this week that later this year they are expecting to retire NTLM authentication in Windows 11.

User Account Control (UAC) serves as a security feature in Windows, aiming to safeguard the operating system from unauthorized modifications. Whenever alterations demand administrator-level permissions, UAC prompts the user, allowing them to either authorize or reject the requested change. User Account Control (UAC) provides several benefits, especially in maintaining security and minimizing risks associated with administrative privilege.

This Windows policy specifies which accounts can keep data in physical memory, preventing the system from paging it to virtual memory on disk. RAM (Random Access Memory) and virtual storage serve as two types of memory in a computer system, each with distinct functions and characteristics. RAM, the physical memory installed in a computer, provides fast access to actively used data by the CPU, determining the system’s multitasking capabilities.

Keeping Windows Server systems updated with the latest patches is one of the key things that administrators can do to ensure their Windows Server environments are stable and secure. Patching is one of the necessary evils that administrators need to manage to keep Windows, Linux, and other environments healthy. Hyper-V hosts are part of the infrastructure that also needs to be kept updated.

WDigest Authentication is a method used in Windows operating systems for verifying user credentials during authentication. It’s a way for computers to prove their identity to servers by storing a copy of the user’s plaintext password in memory. It uses Hypertext Transfer Protocol (HTTP) along with Simple Authentication Security Layer (SASL) exchanges for authentication purposes. The name “WDigest” comes from its function and purpose within the Windows operating system.

The Network Time Protocol (NTP) was developed in the 1980s to address the growing need for time synchronization between an individual’s computer or device and others on the same network. The Windows NTP (Network Time Protocol) client is a component of the Windows operating system responsible for synchronizing the system’s clock with a time server on the internet or a local network.

In a network each user, whether verified or not, is given a security identifier (SID), a virtual name tag. This unique identifier helps with managing users, giving administrators the ability to control on an individual level the rights and permissions of users, authentication and providing an overall level of security. A SID also hides private information of users such as the real names of the accounts, adding an additional layer of protection.

As Windows organizations migrate toward cloud-based environments, they often lose context of their full stack. In addition to securing their on-premises servers, they now need to deal with virtual servers, managed services, and platform-as-a-service offerings. Cloud-based resources require organizations to relinquish control over physical infrastructure and limit their access to underlying operating systems.

Linux and Unix admins are accustomed to using Open Secure Shell (OpenSSH) to connect to servers because it has been included in those systems for decades. Windows users, on the other hand, have traditionally had to download third-party tools like Putty or WinSCP to utilize SSH capabilities. However, that changed when OpenSSH became available as an optional feature in Windows 10 and Windows Server 2019.