In the world of Windows, Active Directory and Microsoft applications in general, hardening recommendations and frameworks are legion. They all share a common Achilles heel though - the consequences of implementing a certain security control are hard to predict, That has kept many organization from consistently hardening their systems in the past and is continuing to do so in spite of the cyber threat ravaging the modern world.

In this session I will present a typical on-premises environment that is 100% functional, yet very resilient against a wide variety of typical attack techniques, along with the simple yet effective hardening measures that make this level of resilience possible.