Hardening Windows Servers

Some quick tips on securing Windows Servers, especially on the latest version which is Windows Server 2019.

  1. Of course, the most important is to keep the operating system updated with the latest patches.
  2. Install only the essential components through the Windows Server Core.
  3. Secure the administrator account. Rename it to something else, and of course use a complex password.
  4. Make sure server sync time with NTP all the time.
  5. Use a good firewall and antivirus.
  6. Secure RDP. Make sure it is not open to the internet. To prevent unauthorized access, change the default port, and restrict the RDP access to a specific IP address, if any.
  7. Enable BitLocker.
  8. Use Microsoft Baseline Security Analyzer.
  9. Configure Log Monitoring and Disable Unnecessary Network Ports.

That is all for now. Good luck.