What is the best way to harden Windows Server 2008 R2?

security windows-server-2008

Here are two great places to start hardening any server:

  1. Download and run the Windows Server 2008 R2 Best Practices Analyzer.
  2. For a very hard server, run through the DoD's STIGs for Windows Server. They look overwhelming at first, but will take you a long way towards compliance with many regulations. You should also note that some of the DoD's security recommendations are so tight that they can sometimes break apps. Be sure to test before you apply these registry or group policy settings to your machines.

Microsoft has some details of how TMG hardens Server 2008 (listing services and other configuration information). They also have a Planning Guide specifically for PCI and for PCI:DSS; the Server 2008 Security Baseline, and a variety of other Solution Accelerators including the Security Compliance Manager.

Related

Limit total bandwidth use per user
OpenLDAP ACL to allow users to change their password
Is it possible to configure HAProxy to choose a backend server based on a request's source IP? If so, how?
What's the difference between sysadmin and an IT Consultant? [closed]
How do you manage your Mac workstations?
Should I host my entire web application using https?
DNSSEC NSEC3 opt-out
Program to snapshot changes made during an install?
Hyper-V Server - Can't UnJoin An Orphaned Domain
Linux: Allow/restrict IP bind permissions by user
Wildcard DNS, VirtualHosts on apache2, 404 for unused subdomains
How to remove all Couchdb versions in Ubuntu 10.04 (server)? ( after multiple installs )