As soon as we explain the "best practice" to protect an executable, the methods are known in public, which makes it easier to find a workaround. In consequence, the formerly "best" practice is flawed.
As long as executables cannot be protected perfectly, all trials to do so involve some obfuscation. How this can be done, depends on what you try to protect the software from: Copying? Using outside a specified range of time? Reverse engineering? Creating different results on different hardware?
Start with defining, what you want to protect and how much time and money it is worth to spend for this protection.