Foreword
This is a basic Windows security guide. This guide does not aim to be a comprehensive Windows security guide, but an accessible resource to securing Windows networks with Microsoft code, products and solutions. I intend this guide to show Windows admins how to secure their networks cost effectively, and more easily than they’d expect. I’ll be using the GUI to provide as much simplicity as possible.
There is no guarantee that if you follow this or any guide, your network will be protected from all vulnerabilities and attacks, however your network may have much stronger defenses than before.
Design
The basic design is as follows
2 domain controllers
PAW server for admin tasks
CA servers for PKI
WEF server for logging
WSUS server
File Server
Windows Endpoint
Host firewall example
Guidance/reference
Guidance and links/refs used will be posted in each Part.
Footnote
Not all Microsoft products are covered, primarily core services. Much of what you’ll find here has already been covered by others, and credit will be given on each part/section where I have referenced another engineer’s work.