-1

This question is my inspiration

i have windows server 2008R2 in my network as DC.
also i use this server for hosting our organization website.
I want to make it as secure as possible.
What I need to Do for securing my windows server??

edit

our Website is run locally and we are Use Forms Authentication with Active Directory for our website.so now what how can i Get the web site off of your Domain Controller???

AminM
  • 185
  • 2
  • 13

1 Answers1

1

Pre-Obligatory

  • Run a current, supported version of Windows. Currently this is Windows 2008R2 and Windows 2012.
  • Never install anything on a domain controller except:
    • DNS, DHCP, WINS, and Certificate Services (and only if needed)
    • Anti-virus, backup agents, monitoring agents

Obligatory

  • Use a core installation if you can
  • Rename the local administrator account
  • Do not disable the firewall
  • Run the Best Practices Analyzer
  • Run the Security Configuration Wizard
  • Use the Microsoft Security Compliance Manager to developy and apply consistent security policies to all your servers
  • Do not disable UAC
  • Do not install and Roles or Features you aren't actively using.
    • Pay particular attention to un-needed sub-features of roles like IIS
  • Keep up to date with OS and application updates

    For the paranoid

  • Change the RDP port

longneck
  • 22,793
  • 4
  • 50
  • 84
  • tnx for answer but why never install DNS, DHCP, WINS, and Certificate Services Together??( i install it Together for paying Lower cost) – AminM Jun 26 '13 at 08:33
  • That is not what I said. You can install dns, dhcp, wins and certificate services on a DC. Those roles are appropriate for a domain controller and have minimalsecurity impact. everything else, like a website, should not be running on a domain controller. – longneck Jun 26 '13 at 12:55
  • meh changing the RDP port will just give you a bit less internet background noise. – Lucas Kauffman Jun 26 '13 at 13:34
  • 2
    Don't forget MS BPA [2012](http://technet.microsoft.com/en-us/library/hh831400.aspx), [2008R2](http://technet.microsoft.com/en-us/library/dd759260.aspx) (other versions available for older versions of Windows, but if you're really concerned about security you probably aren't running ancient software). – Chris S Jun 26 '13 at 13:40
  • @JesonPark LOL WUT? – longneck Feb 17 '14 at 13:31