Microsoft has published guidance on the easiest way to secure privileged access in Windows Server.
Securing privileged access is a critical first step to establishing security assurances for business assets in a modern organization. The security of most or all business assets in an IT organization depends on the integrity of the privileged accounts used to administer, manage, and develop. Cyber-attackers often target these accounts and other elements of privileged access to gain access to data and systems using credential theft attacks likeĀ Pass-the-Hash and Pass-the-Ticket.
Protecting privileged access against determined adversaries requires you to take a complete and thoughtful approach to isolate these systems from risks.
Read on at Microsoft Docs: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access