Updated May 15th, 2017, see #WannaCry SMB Steps below
Harden windows servers
Windows Server 2012 has new security features, best practice wizards, and sleeker interfaces to enhance the security posture of the operating system installation. Windows Server 2008 still has a major install base and is relevant to cover for server hardening as well. Most settings are similar and familiar between the two different server versions.
It should be noted that many of the advanced network management and security features require an Active Directory implementation to fully leverage. As with any corporate network the security is the sum of its parts and we focus here on ensuring that Windows Server systems are properly installed and configured.
Microsoft Server 2008 and 2012 uses Server Manager roles and features to configure and install server components. To open the server manager goto ->Administrative Tools->Server Manager.
Figure 1: Server 2008 Server Manager application
Figure 2: Server 2012 New look Server Manager
Microsoft Server Manager gives you a good snapshot of the configured features of your server. You can see firewall settings, registration information, roles installed, and Windows Server features that are installed and enabled. By default a Windows server installation leaves much of this configuration for post-installation tasks.
You can also use the Programs and Features control panel applet to list installed applications. In Windows you can use the Task Manager to view running processes, their paths, and system utilization.
Process explorer is a Sysinternal tool now owned and supported by Microsoft. Process Explorer allows you to see processes and their perspective process trees and dependencies.
Figure 3: Sysinternal Process Explorer showing running processes.
To show disk space and utilization and to manage any disk volumes use the Disk Management feature in the Server Manager.
Figure 4: Windows Server 2008 Disk Management view in Server Manager application.
To see startup processes there are several places to check. The msconfig utility is a good place to start. This application gives you the running and startup services all in one convenient place.
Figure 5: Msconfig application showing services and status.
The windows registry contains many settings and startup options as well. Using the regedit application you can check the following registry key for tasks that are set to run when windows starts.
Also, the startup program menu is a good place to look for tasks that may run once a user is logged into the system. Often times malware is started via this startup option out of a users profile directory. Be sure to check both the All Users startup folder and the startup folder in each user profile directory.
Utilize the Windows update application to configure system updates if you do not have an enterprise patch management system. From within the Windows Update applet you can set when your system runs updates and reboot behavior. Many server systems should be manually updated, tested, and restarted during maintenance windows.
Figure 6: Un-configured Windows updates