Manage Learn to apply best practices and optimize your operations.

Five ways to improve Windows Server hardening

2/6

Review new user accounts and adjust privileges to fend off hackers

Source:  JJpan/iStock/Getty Images
Visual Editor: Sarah Evans

Administrators should review user accounts on Windows Server across the entire organization and enforce security-minded policies on old and new user accounts.

Ensure every user account password has an expiration date that forces a password change on a regular basis. This procedure restricts the time a hacker has to break into an account. If the password is discovered, a password change can resecure the account.

Review account activity to identify infrequently used accounts. Check for new user accounts that were not updated with a user-specific password after creation.

New user accounts often use a common or easily determined password, which makes them easier to compromise. To harden Windows Server, delete unused or unneeded user accounts, use a random password generator for new user accounts and force new password creation when the user first logs in.

For optimal hardening, don't stop with passwords. Review privileged group memberships, such as enterprise, domain, domain name server and other administrators. Group assessment should also be performed regularly for application groups, such as SQL, SharePoint and Exchange, or other custom groups working with vital business applications and data.

Always apply least privilege to all groups, and regularly verify group members. Integrate security procedures with the human resources exit interview process, for example, to ensure that the IT team immediately removes an administrator's account and credentials when he leaves the company.
Many security breaches happen thanks to weak passwords and password policies, as well as careless group administration. Don't let these small account management steps give way to big problems.

View All Photo Stories

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close