How to lock down a Windows 2008 Server before connecting it to the internet

windows-server-2008 ipsec lockdown

We're a very small company, about to install a new server at a colocation company. The plan is to install the OS, SQL, and IIS, test it, then courier it to the hosting company. It will then presumably appear online, ready for further set up. We plan to manage it over RDP.

Last time we went through this process, we were using Server 2003, and the IPSEC admin was something of a grind.

Is it any different with Server 2008? Is there a quick way of restricting all access except that originating from a couple of IP addresses?

Would appreciate any pointers, or a good idiot's guide to securing Server 2008 for non-experts.


Basics: Updates, Firewall, secured Admin account (renamed, very good password). Then get the Best Practices Analyzers for SQL, IIS, and Server; run them and see what their recommendations are.


I would recommend running the Security Configuration Wizard (SCW) and configuring it accordingly for the installed roles and for your remote management needs.

Related

iptables - how to allow IP when it is blocked by default
versioning system with less duplication of data
How to disable automatic logout on Ubuntu?
Cisco ASA 5505 - need more site-to-site VPNs
Chef: import definitions from other cookbooks
SSH "Access denied" before I'm prompted for password
EC2: maximum shutdown time exceeded
How to get (AD) LDAP person entry by SID?
Adding websites to nginx without restarting nginx
Dump MYSQL databases to induvidual files
Should redundant servers have exactly the same configuration, or slightly different?
trigger a php script when an email is received