Skip to main content

70-744 Securing Windows Server 2016 Lab Manual

70-744 Securing Windows Server 2016 Lab Manual

Microsoft Official Academic Course

ISBN: 978-1-119-52092-4 September 2018 176 Pages




This text does not include a MOAC Labs Online access code.

This is the companion lab manual to Securing Windows Server 2016 Exam 70-744 which is focused primarily on the securing windows features and their functionality that is available within Windows Server 2016. MOAC offers an official MLO lab environment and Lab Manual to further aid in your study for this exam. Successful skills mastery of Exam 70-744 can help students with securing a career within an IT enterprise and help them to differentiate job hunters in today's competitive job market. This exam will cover considerations into the following:

  • Implementing Server Hardening Solutions
  • Securing a Network Infrastructure 
  • Implement Threat Detection Solutions 
  • Implement Workload-Specific Security
The MOAC IT Professional series is the Official from Microsoft, turn-key Workforce training program that leads to professional certification and was authored for college instructors and college students. MOAC gets instructors ready to teach and students ready for work by delivering essential resources in 5 key areas: Instructor readiness, student software, student assessment, instruction resources, and learning validation. With the Microsoft Official Academic course program, you are getting instructional support from Microsoft; materials that are accurate and make course delivery easy.

Related Resources


Request an Evaluation Copy for this title

Contact your Rep for all inquiries

1. Contents Configuring Disk and File Encryption 1

Exercise 1.1 Encrypting Files with EFS 2

Exercise 1.2 Configuring the EFS Recovery Agent 7

Exercise 1.3 Encrypting a Volume with BitLocker 9

Lab Challenge Backing Up and Restoring EFS Certificates 11

2. Implementing Server Patching and Updating Solutions 13

Exercise 2.1 Installing WSUS 14

Exercise 2.2 Configuring WSUS 17

Exercise 2.3 Configuring Clients 19

Lab Challenge Approving WSUS Updates 22

3. Implementing Malware Protection and Protection Credentials 25

Exercise 3.1 Configuring Windows Defender 26

Exercise 3.2 Using AppLocker to Manager Applications 29

Exercise 3.3 Implementing Device and Credential Guard 31

Lab Challenge Implementing NT LAN Manager (NTLM) Blocking 34

4. Creating Security Baselines 37

Exercise 4.1 Backing Up GPOs 38

Exercise 4.2 Loading and Comparing GPO Settings 40

Lab Challenge Using LGPO.exe 42

5. Securing Virtual Machines with Guarded Fabric and Shielding VMs 43

Exercise 5.1 Installing and Configuring the Host Guarding Service (HGS) 44

Exercise 5.2 Configuring the Admin-Trusted Attestation 47

Lab Challenge Implementing Encrypted and Shielded VMs 48

Clean Up Resetting Servers 49

6. Configuring Windows Firewall and Software-Defined Firewalls 51

Exercise 6.1 Configuring Advanced Shared Settings and Network Locations 52

Exercise 6.2 Creating an Outbound and Inbound Rule in Windows Firewall 54

Exercise 6.3 Configuring Firewall Rules with GPOs 56

Exercise 6.4 Configuring Connection Security Rules 59

Lab Challenge Configuring Authenticated Exception Rules 63

7. Securing Network Traffic 65

Exercise 7.1 Configuring IPsec Using GPOs 66

Exercise 7.2 Implementing SMB 3.1.1 Encryption 69

Exercise 7.3 Implementing SMB Signing and Disabling SMB 1.0 via Group Policy 70

Exercise 7.4 Configuring DNSSEC 72

Lab Challenge Configuring DNS Policies 74

8. Implementing Privilege Access Management and Administrative Forests 77

Exercise 8.1 Configuring a Trust Relationship 79

Exercise 8.2 Configuring Accounts and Shadow Principals 80

Exercise 8.3 Installing PAM Components 83

Lab Challenge Requesting and Verifying Privileged Access 85

9. Implementing Just Enough Administration (JEA) 89

Exercise 9.1 Creating and Configuring Role Capability Files 90

Exercise 9.2 Creating and Configuring Session-Configuration Files 92

Exercise 9.3 Creating and Connecting to a JEA Endpoint 93

Lab Challenge Enabling PowerShell Module and Script Block Logging 96

10. Implementing Privileged Access Workstations, LAPS, and User Rights Assignments 99

Exercise 10.1 Implementing User Rights Assignments 100

Exercise 10.2 Turning on Windows Defender Remote Credentials Guard 103

Lab Challenge Installing and Configuring LAPS 105

11. Configuring Advanced Audit Policies 109

Exercise 11.1 Implementing Auditing 110

Exercise 11.2 Implementing Advanced Auditing 113

Exercise 11.3 Using AuditPol.exe 115

Exercise 11.4 Configuring File Access Auditing 117

Lab Challenge Auditing Removable Devices 119

12. Installing and Configuring Advanced Threat Analytics (ATA) 121

Exercise 12.1 Installing the ATA Center 122

Exercise 12.2 Installing the ATA Gateway 126

Lab Challenge Reviewing and Editing Suspicious Activities on the Attack Time Line 128

13. Determining Threat Detection Solutions Using Operations Management Suite (OMS) 131

Exercise 13.1 Understanding Operations Management Suite (OMS) 132

14. Securing Application Development and Server Workload Infrastructure 135

Exercise 14.1 Creating and Deploying a Nano Server 136

Exercise 14.2 Configuring a Nano Server with the Nano Recovery Tool 139

Exercise 14.3 Installing and Configuring Windows Server Container Host 141

Exercise 14.4 Installing and Configuring Docker 144

Lab Challenge Managing Local Policy on Nano Server 145

15. Implementing Secure File Services and Dynamic Access Control (DAC) 147

Exercise 15.1 Using Quotas with File Server Resource Manager 148

Exercise 15.2 Managing Files with File Screening 151

Exercise 15.3 Creating a File Explorer Task 152

Exercise 15.4 Using Dynamic Access Control (DAC) 153

Lab Challenge Connecting to a Work Folder 158