Windows Servers Hardening

by George Chetcuti [Published on 5 Aug. 2011 / Last Updated on 5 Aug. 2011]

A highly recommended best practice in securing Windows Servers is to stop unnecessary services and disable unused functionality. A brief checklist containing high level definitions of tasks to be performed would help administrators reduce the attack surface of their servers. A typical checklist would include:
Stopping and disabling all unnecessary services and applications
Renaming the Administrator account
Creating a new user account named Administrator with a complex password and disabling this new fake account
Removing or disabling all unnecessary user accounts
Delegating remaining user accounts based on the principle of least privilege
Requiring strong authentication of users
Performing regular operating systems and applications updates
Installing/running protective software with the latest updates
Document and verify systems configurations
Check logs on regular basis – create a routine job
Remove nonessential executables
For highly critical servers you can have system integrity tools that monitor the system configuration and files for changes
And the list goes on depending on your environment and threat levels!

A highly recommended best practice in securing Windows Servers is to stop unnecessary services and disable unused functionality. A brief checklist containing high level definitions of tasks to be performed would help administrators reduce the attack surface of their servers. A typical checklist would include:

  • Stopping and disabling all unnecessary services and applications
  • Renaming the Administrator account
  • Creating a new user account named Administrator with a complex password and disabling this new fake account
  • Removing or disabling all unnecessary user accounts
  • Delegating remaining user accounts based on the principle of least privilege
  • Requiring strong authentication of users
  • Performing regular operating systems and applications updates
  • Installing/running protective software with the latest updates
  • Document and verify systems configurations
  • Check logs on regular basis – create a routine job
  • Remove nonessential executables
  • For highly critical servers you can have system integrity tools that monitor the system configuration and files for changes

And the list goes on depending on your environment and threat levels!

Add Review or Comment

See Also

Featured Links