Language:
Microsoft places emphasis on maintaining backward compatibility in Active Directory infrastructure, which means that it cannot enable all hardening features.
Enable hardening GPOs to protect at least privileged users, specifically by disabling obsolete protocols to prevent attackers from exploiting them to elevate their privileges on the Active Directory.
A new look at null sessions and user enumeration
MS15-011 - Microsoft Windows Group Policy real exploitation via a SMB MiTM attack
[MS-NLMP] Session Security Details
MS09-001: Vulnerabilities in SMB could allow remote code execution