The concept behind deceptions to increase cyber security by supporting classic solutions such as antivirus and endpoint detection and response is already over 30 years old. During this time, various deception techniques and approaches have been researched, some of which have also been put into practice. What has hardly been investigated, however, is the feasibility in large IT environments when considering the overall picture of an organization. As a result, deceptions are rarely used in the real world. This thesis focuses on Windows endpoints and closes the gap between theoretical deception techniques and practical implementation by designing concrete advisories and implementation concepts. This involves not only analysing deception techniques, but also studying the attacker’s procedures, especially in the reconnaissance phase, in order to make the deception as effective as possible. To ensure that no user of an endpoint stumbles across a deception and is thereby disturbed at work or triggers false positives, the user behavior is analyzed by means of a survey within Bosch. In order to ensure feasibility in large IT environments, options for deployment on the endpoints and distribution to the endpoints are examined. Based on the four aspects of attacker procedures, deceptions, deployment and user behavior, playbooks are created with the help of a specially designed documentation framework, which depict concrete deception stories.