Security Baseline for Windows Server 2019

Background

In order to improve the University security posture from being compromised, our servers need to be hardened to minimize our hacking risk.  The recommended Windows Server Hardening policies will serve as a Security Baseline on Windows servers for departmental IT staff aligning the security to a certain extent.

Scope

• Windows Server 2019

Recommended Policy Set

• Developed based on Centre for Internet Security (CIS) Benchmark
• Security Baseline for Windows Server hardening, no matter domain-joined or not
• Tested on Windows Web Server, File Server and SQL server

Deliverables

• Download policy set at LAN Administrators’ Resources Website
• One policy set for Domain Controllers and Member Servers (Domain-joined servers), and another policy set for Standalone Servers (Workgroup servers)

Remarks

• Windows Server 2012 R2 will be end-of-support in Oct 2023, please plan ahead for the upgrade or decommission.  More details can be found at “Windows Server 2012 R2 – MicrosoftLifecycle | MicrosoftDocs“

Last Update on: Feb 2022