Basic Security Checklist – Windows Server
●
●
●
●
●
For Windows 2016 – remember to use the advanced menu by
o Pressing Windows + X
o Right-Click the Start Menu
Make Internet Explorer Work for You (IE Enhanced Security Configuration)
o Server Manager to turn off
o Consider another Browser if allowed by scenario
Turn off Shutdown Event Tracker
o Group Policy Editor (gpedit.msc)
o Computer Configuration\Administrative Templates\System
o Display Shutdown Event Tracker
Malware
o Antivirus (WinClam, MSE, Server Trial version - depends on Server version)
▪ You can use a trial version – just be sure it supports your OS!
o Antimalware (MalwareBytes)
o Rootkit removal – think SAFE MODE
Unauthorized Software
o Start Menu
o Control Panel -> Programs
▪ Windows Features (Server Manager)
▪ Remove Role Services
o Microsoft Configuration Utility (msconfig.exe)
o Startup Folder
o Registry Entries (regedit)
▪
▪
●
●
●
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Run and Run Once
Users (Server Manager -> Configuration or Computer Management)
o Decide who should have access to what (scenario)
o Disable extra accounts (why not delete?)
o Insure all accounts have a password (Password1234)
o Changing the default names – why?
o Check group memberships
o Prevent auto-login with netplwiz (also classic login)
Updates
o Four choices (none, alert only, download only, automatic)
▪ Server 2016 - options not available
o Other Microsoft updates
o Service Packs (download ahead of time)
o Other OS Updates
o Non-Microsoft updates (watch the scenario)
Passwords – Local Security Policy (secpol.msc)
o Length
o Complexity
o History
Security Checklist (Windows Server)
Page 1
Security Checklist (Windows Server)
Page 2
●
●
●
●
●
●
●
●
●
●
●
●
Account Lockout – Local Security Policy
o Duration
o Threshold
o Reset lockout counter
Security options – Local Security Policy
Computer Properties
o Remote Access (Remote Desktop, Remote Assistance)
Auditing (secpol.msc)
Firewall
o Check rules – look for something out of the ordinary
o Insure it is on for all profiles
Extra Services (services.msc, Server Manager)
o Do not touch CyberPatriot Services
o Look at scenario
o Look for “strange” services
o Remember to sort by status & startup type
Unauthorized File Sharing
o Check through Shared Folder Snap-In
o Use MMC or Computer Management
o Note the location before removing the share!
Show File Extensions and Hidden Files
o Windows Explorer -> Organize -> Folder & Search Options
o Windows Explorer -> View tab -> find checkboxes
Check Event Logs for out of the ordinary items
o Security log…
Finding Unauthorized File (graphics, videos, etc.)
o For Server need to insure that File Services Role is on
o Display the file extensions Search techniques (kind, type)
User Access Control (User Accounts)
Action Center
Security Checklist (Windows Server)
Page 3
Download PDF
Similar pages