Some quick tips on securing Windows Servers, especially on the latest version which is Windows Server 2019.
- Of course, the most important is to keep the operating system updated with the latest patches.
- Install only the essential components through the Windows Server Core.
- Secure the administrator account. Rename it to something else, and of course use a complex password.
- Make sure server sync time with NTP all the time.
- Use a good firewall and antivirus.
- Secure RDP. Make sure it is not open to the internet. To prevent unauthorized access, change the default port, and restrict the RDP access to a specific IP address, if any.
- Enable BitLocker.
- Use Microsoft Baseline Security Analyzer.
- Configure Log Monitoring and Disable Unnecessary Network Ports.
That is all for now. Good luck.