What is the best way to harden Windows Server 2008 R2?
Here are two great places to start hardening any server:
- Download and run the Windows Server 2008 R2 Best Practices Analyzer.
- For a very hard server, run through the DoD's STIGs for Windows Server. They look overwhelming at first, but will take you a long way towards compliance with many regulations. You should also note that some of the DoD's security recommendations are so tight that they can sometimes break apps. Be sure to test before you apply these registry or group policy settings to your machines.
Microsoft has some details of how TMG hardens Server 2008 (listing services and other configuration information). They also have a Planning Guide specifically for PCI and for PCI:DSS; the Server 2008 Security Baseline, and a variety of other Solution Accelerators including the Security Compliance Manager.