SEC250 - Hardening Windows Systems

This seminar teaches how to "lock down" a Windows server and its clients to ensure reliable and secure operation, consistent with the enterprise’s unique security policies. 

Level: Intermediate

System administrators; software developers; system integrators; I.T. support personnel


Hardening a system is all about understanding the security mechanisms present in Windows, and then applying the correct settings to ensure the security goals of the organization are met. This course starts with the fundamentals of Windows security, and then teaches the attendees how to use a variety of tools that allow an administrator to examine and modify the security settings to be placed in a GPO (Group Policy Object) that will be pushed out to one or more systems within a domain. The course will begin with discussing the different types of security threats, both internal and external to their organization, such as Pass The Hash. This is followed by an exhaustive look at the security mechanisms within Windows, such as security descriptors, SIDs, discretionary access control lists (DACL), system access control lists (SACL), access tokens, and access rights. Security concepts covered include authentication, authorization, access control, defense in depth, least privilege, and dynamic access control (expression-based ACLs and claims). Methods for hardening services will be covered in detail.

Finally, the attendees will learn to use a variety of tools for monitoring and securing their systems, including Attack Surface Analyzer, Security Compliance Manager, Data Classification Toolkit. 

  • Security threats
    • Application threats
    • Device driver threats
    • Malware
    • Network attacks
    • Data theft
  • Windows security elements
    • Security concepts
    • Fundamental security features
    • New security features in Windows Server 2012
  • Analyzing your environment
    • System configuration
    • Attack surface
  • Evaluating security policies
  • Selecting security settings
  • Creating and deploying GPOs

Knowledge of domain administration tools and techniques.

Operating systems supported: This seminar is applicable primarily to Windows Server editions 2008 through 2012 R2.
Durations and formats: 3 days with labs

Labs will include the use of the Microsoft Attack Surface Analyzer, Assessment and Planning Toolkit, Security Compliance Manager, and Baseline Security Analyzer on an example domain + client configuration to create a security baseline, analyze the attack surface before and after installation of optional software, and apply recommended changes. 

Additional information:

When this seminar is presented as part of a series with one of our five-day "Windows Internals" and/or our "Windows Security Internals" seminars, the duration is shortened to two days with labs, due to some overlap in the topic list.