1. Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites;STIG Viewer | Unified Compliance Framework®,0
2. Windows server 2016 must be configured to prevent the storage of the LAN manager hash of passwords;STIG Viewer | Unified Compliance Framework®,0
3. Windows 10 security hardening using device guard whitelisting and Applocker blacklisting
4. WDIGEST authentication must be disabled;STIG Viewer | Unified Compliance Framework®,0
5. Improving your Active Directory security posture: AdminSDHolder to the rescue;grillenmeier;Cyber Security Peer Reviewed J,0