Mitigating PtH attacks
Are you familiar with Pass-the-Hash (PtH) attacks? This is a form of credentials theft, in which the attacker captures account logon information on one computer and then uses those credentials to authenticate to other computers over the network. They do this by stealing the hash values, rather than plaintext passwords. It's a particularly serious problem because it could allow the attacker to gain access to the domain controllers and servers that contain sensitive data.
You can find out all about how PtH attacks can be performed against Microsoft operating systems and learn about mitigations for these attacks, in a very comprehensive 84 page paper that you can download free from the Microsoft web site, called Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques. Check it out here: