I am securing down several Active Directory Domains. I’ve done this in the past but because I am managing acquired domains too, I’m trying to be efficient and want to hit the lowest hanging fruit first.
My list at the moment stands at:
* Disable DC Printer Spoolers – GPO it
* NETBIOS LLMNR disablement
* SMBv1 disable
* NTLMv1 disable
Anything else you guys can think of?