Windows Server Security Baselines

Complete the full lesson to earn 25 points

Work through each section, then tap “Mark as Complete” on the last one.

Section 1 of 12

✦ Skip the page breaks and see fewer ads — read each lesson on a single page with Pro

Windows Server Security Baselines: Securing the Foundation

When you first install Windows Server, Microsoft provides a configuration designed for maximum compatibility. This makes sense from a sales perspective; they want the server to work out of the box with as many applications and hardware configurations as possible. However, "maximum compatibility" is often the opposite of "maximum security." A default installation leaves numerous legacy protocols enabled, keeps unnecessary services running, and maintains permissive user rights that an attacker can easily exploit. To move from a vulnerable default state to a hardened production state, we use security baselines.

A security baseline is a group of Microsoft-recommended configuration settings that are based on feedback from security engineers, product groups, partners, and customers. These baselines are not just a list of "good ideas"; they are tested, holistic configurations that reduce the attack surface of your operating system without breaking core functionality. In this lesson, we will explore how to find these baselines, how to analyze the differences between your current state and the recommended state, and how to deploy these settings across your infrastructure using the Microsoft Security Compliance Toolkit.

Section 1 of 12
Next