This area is dedicated to security baselines.
The following policies are alterations suggested if using Windows Server 2016 baselines downloaded from the Security Compliance Toolkit download area: https://www.microsoft.com/en-us/download/details.aspx?id=55319
Enable Oracle Remediation to Force Updates Clients Protection Level
Computer Configuration > Policies > Administrative Templates > System > Credentials Delegation > Encryption Oracle Remediation
Disable SMB1 Server
Computer Configuration > Policies > Administrative Templates > MS Security Guide > Configure SMBv1 Server
Enable SMB1 Client Driver Disable Driver (recommended)
Computer Configuration > Policies > Administrative Templates > MS Security Guide > Configure SMB v1 client driver
Turn off Multicast Name Resolution
Computer Configuration > Policies > Administrative Templates > Network > DNS Client > Turn off multicast name resolutio
Disable Netbios
Computer Configuration > Administrative Templates > MS Security Guide > NetBT NodeType configuration "P-Node(recommended)"
Enable Extended Protection for LDAP Authentication (Domain Controllers Only) Enabled, Always (recommended)
Computer Configuration > Administrative Templates > MS Security Guide > Extended Protection for LDAP Authentication (Domain Controllers Ony)