Windows Server 2016 security auditing for enhanced threat detection

Windows Server 2016 security auditing for enhanced threat detection “Detecting malicious reconnaissance attempts to access SAM The Security Account Manager (SAM) is a database file, which stores users’ passwords. A common attack is to access SAM remotely to enumerate user groups, such as finding all the users in the local admin group on a server. On Windows Server 2016, when an attacker with insufficient privilege runs a query on the network to identify highly privileged…

"Windows Server 2016 security auditing for enhanced threat detection"