Home / server / Questions / 514132
Accepted
AminM
Asked: 2013-06-08 06:35:00 +0800 CST

What steps do you take to secure a windows server [duplicate]

  • 772

This question is my inspiration

i have windows server 2008R2 in my network as DC.
also i use this server for hosting our organization website.
I want to make it as secure as possible.
What I need to Do for securing my windows server??

edit

our Website is run locally and we are Use Forms Authentication with Active Directory for our website.so now what how can i Get the web site off of your Domain Controller???

windows-server-2008

1 Answers

  1. Best Answer

    Pre-Obligatory

    • Run a current, supported version of Windows. Currently this is Windows 2008R2 and Windows 2012.
    • Never install anything on a domain controller except:
      • DNS, DHCP, WINS, and Certificate Services (and only if needed)
      • Anti-virus, backup agents, monitoring agents

    Obligatory

    • Use a core installation if you can
    • Rename the local administrator account
    • Do not disable the firewall
    • Run the Best Practices Analyzer
    • Run the Security Configuration Wizard
    • Use the Microsoft Security Compliance Manager to developy and apply consistent security policies to all your servers
    • Do not disable UAC
    • Do not install and Roles or Features you aren't actively using.
      • Pay particular attention to un-needed sub-features of roles like IIS

    • Keep up to date with OS and application updates

      For the paranoid

    • Change the RDP port

    • 1