Holy cow, I wrote a book!
Today, I'm not writing anything new.
Instead, I'm referring you to
the series of articles by Ruediger Asche
Windows NT Security in Theory and Practice.
These articles are quite old but the principles are still sound.
Just bear in mind that the newer stuff won't be covered.