From the course: Configuring Windows Server Hybrid Advanced Services (AZ-801) Cert Prep by Microsoft Press

Unlock this course with a free trial

Join today to access over 25,200 courses taught by industry experts.

Harden domain controllers

Harden domain controllers

Even with protected users and read-only domain controllers in place, DCs themselves remain high-value targets, hardening them directly as a non-negotiable. Here we highlight key techniques that limit credential theft and keep attackers from moving laterally. Restricted Admin Mode prevents credential exposure via the Remote Desktop Protocol, RDP. When you remote into a DC using Remote Desktop Protocol, your credentials normally get stored in memory. Restricted Admin Mode stops this by authenticating with the machine account instead of your user account, so nothing reusable is left behind. Protected Process Light, PPL, protects LSAS from memory attacks. LSAS stands for Local Security Authority Subsystem Service, and it's where Windows stores cached credentials. Tools like Mimikatz target it directly. Running LSAS as a protected process means only trusted, signed code can access it, shutting down many common credential dumping attacks. LSA protection blocks unauthorized code injection…

Contents