==========================================================
Some important security tips that will strengthen the security of Windows
==========================================================
Change the KRBTGT password regularly, at least every 180 days
Don't use domain administrator credentials to log in to client PCs
Eliminate breached passwords in the environment
Encourage the use of passphrases for passwords
Enforce least privilege in your Active Directory environment
Enforce strong passwords using good password policies
Implement good security practices for domain controllers, protecting privileged accounts with strong passwords
Implement the Microsoft Local Administrator Password Solution (LAPS) for local accounts
Increase your overall security posture by following best practices in the environment
Limit the number of users with admin rights
Monitor accounts with the adminCount attribute set to "1"
Monitor changes to domain groups and other activity
Monitor for suspicious activity, such as unnecessary Kerberos ticket requests
Monitor service account use and other privileged accounts
Monitor the adminSDHolder ACL regularly for rogue users or groups
Prevent account password reuse
Prevent the use of incremental passwords or breach passwords
Protect your environment from privilege escalation attacks
Remove unnecessary accounts from Active Directory, including service accounts
Use extremely strong passwords on service accounts and rotate these
Use hardened workstations as admin jump boxes
Use strong passwords
Use strong passwords across the board
Use strong passwords on all protected accounts and service accounts
Use strong passwords, especially for admin and service accounts
by GoN | Published: May 9 2023 | Last Updated:
