Attackers often use tasks as a means to hide their tracks. The Domain controller: Allow server operators to schedule tasks setting determines whether scheduled tasks are forced to run under the context of the authenticated account instead of allowing them to run as SYSTEM. Disabling this setting affects only the ability to schedule jobs using the AT command and does not affect tasks set using Task Scheduler. Another recommended setting is to Enable LSA (Local Security Authority) protection. This protects against pass-the-hash or Mimikatz-style attacks.”]