Language:
Microsoft emphasized in the Active Directory infrastructure to maintain backward compatibility, which means it cannot enable all reinforcement function.
Enable reinforce the GPO to at least protect privileged users, the specific method is to disable the outdated agreement, to prevent the attacker using these protocols to raise its privileges on the Active Directory.
[MS - NLMP) Session Security Details
MS09-001: Vulnerabilities in SMB could allow remote code execution