-1

This question is my inspiration

i have windows server 2008R2 in my network as DC.
also i use this server for hosting our organization website.
I want to make it as secure as possible.
What I need to Do for securing my windows server??

edit

our Website is run locally and we are Use Forms Authentication with Active Directory for our website.so now what how can i Get the web site off of your Domain Controller???

Community
  • 1
AminM
  • 183
  • 2
  • 14

1 Answers1

1

Pre-Obligatory

  • Run a current, supported version of Windows. Currently this is Windows 2008R2 and Windows 2012.
  • Never install anything on a domain controller except:
    • DNS, DHCP, WINS, and Certificate Services (and only if needed)
    • Anti-virus, backup agents, monitoring agents

Obligatory

  • Use a core installation if you can
  • Rename the local administrator account
  • Do not disable the firewall
  • Run the Best Practices Analyzer
  • Run the Security Configuration Wizard
  • Use the Microsoft Security Compliance Manager to developy and apply consistent security policies to all your servers
  • Do not disable UAC
  • Do not install and Roles or Features you aren't actively using.
    • Pay particular attention to un-needed sub-features of roles like IIS

  • Keep up to date with OS and application updates

    For the paranoid

  • Change the RDP port

longneck
  • 23,272