Windows Server OS Audit Checklist

The Windows Server OS Audit Checklist was designed to assist administrators in optimizing their environments, from meeting password requirements to disabling unnecessary services.

For maximum security, disable the local administrator account and create service accounts to reduce privilege escalation risks.

1. Configure Automatic Updates
Updating the Windows Server OS with the latest patches, hotfixes and service packs is essential to maintaining server security. These updates patch vulnerabilities that cybercriminals exploit to compromise a server.

To enable automatic updates, open the group policy editor and navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update. From here select “Configure Automatic Maintenance Settings” policy and toggle Enabled.

With this policy, there are various options you can utilize to further tailor the way that automatic updates are managed. For instance, you can manage how often they check, when notifications of downloads and installations occur etc.

Additionally, it is vital that you regularly inspect the status of your servers by setting up an uptime monitor and performing periodic server audits. This will help ensure resources remain consistent across your servers while any downed ones can quickly be identified and resolved.

2. Disable Local Administrator
Built-in Administrator accounts are a primary target for attackers and should be disabled as soon as possible. When this account is enabled, attackers could bypass User Account Control prompts and perform operations with elevated privilege levels without receiving security warnings.

As an effective best practice, using a regular account for admin tasks and only requesting elevation via “Run As” to elevate yourself reduces the risk of account compromise while making it more difficult for malicious actors to track and analyze an admin’s activity.

If you must use the local administrator account, it is best to enable session isolation for it. This will prevent it from accessing other systems and provides protection from pass the hash attacks as well as lateral movements between computers.

3. Check for Multiple Endpoints
The Endpoint Inventory tab shows a list of endpoints authenticated to ClearPass server. You can filter results by host name, MAC address or device category to narrow your search.

Example: Use the Device Category filter to narrow your search for computers of a certain type, while operating system filters allow for even further refinement.

UT-developed hardening checklists are based on comprehensive lists published by the Center for Internet Security. Adopting these best practices will reduce your attack surface by limiting the services running on a server and eliminating unneeded accounts, such as Everyone on Windows servers.

4. Disable Guest Accounts
When using a guest account on Windows systems, it’s essential that only people authorized can log on. You can usually disable your guest account by visiting the Control Panel and choosing User Accounts and Family Safety, then Manage another account section, then Guest.

You can configure a policy in the Group Policy Management Editor window to restrict access to the command prompt, significantly reducing its attack surface and providing greater system security.

Whenever working with a new installation, it’s essential to protect it from hostile network traffic until all security patches have been reviewed and applied – this allows for maximum server hardening. Once this step has been taken, additional configuration settings may be applied as necessary to further hardening of your server.

5. Check Server Uptime
Uptime monitoring on servers is a critical way of measuring their reliability and stability, and can reveal potential problems that could cause downtime or reduce productivity.

Use Windows PowerShell or WMIC’s command-line interface to query information about any computer’s configuration, such as its uptime statistics. Use “os get lastbootuptime” for this task and retrieve them for your server.

Uptime Robot makes monitoring your infrastructure simple with its comprehensive uptime monitor solution, providing deep metrics on availability, capacity, performance and more to ensure servers stay online. Give it a free try now here for no infrastructure or coding hassles required – simple setup!