MJFChat: Security – 8 Steps for Hardening Windows Server with Microsoft’s Orin Thomas

  • Podcasts
  • MJF Chat
  • MJFChat: Security – 8 Steps for Hardening Windows Server with Microsoft’s Orin Thomas

In this episode of MJF Chat, Mary Jo Foley interviews Orin Thomas about security hardening for Windows Server, discussing various strategies and best practices. Orin is a Principal Hybrid Cloud Advocate at Microsoft and he has written more than 40 books for Microsoft Press. He is the architect of Microsoft’s Windows Server Hybrid Administrator Associate certification.

Windows Server ships in a mostly secure configuration, but Microsoft has to balance security with backwards compatibility. Thomas has some ideas about things you can do to tighten the security of your Windows Server deployment. And he’s ready to field questions about your own issues around making Windows Server more secure.

Mary Jo Foley and Orin Thomas podcast on Windows Server Security

8 steps for hardening Windows Server security

Orin covers the importance of hardening Windows Server, emphasizing that while it is mostly secure out of the box, additional steps can enhance security significantly.

  1. Third-Party Guidelines: Orin recommends looking at third-party guidelines like the DISA STIG and the Center for Internet Security (CIS) for comprehensive security hardening advice.
  2. Application Whitelisting: Application whitelisting is highlighted as a key strategy, with a preference for Windows Defender Application Control over the older AppLocker.
  3. Incremental Hardening: Orin advises against applying all security settings at once to avoid operational issues, recommending an incremental approach to hardening.
  4. Upgrading Domain Controllers: One of the simplest yet effective steps is to upgrade domain controllers to the latest version of Windows Server.
  5. Privileged Access Workstations: Using privileged access workstations for administration tasks is recommended to prevent security breaches from compromised admin workstations.
  6. Remote Access Security: For remote access using PowerShell, it is crucial to restrict access to known, hardened workstations.
  7. Security Compliance Toolkit: The Security Compliance Toolkit is suggested for checking server configurations against security baselines.
  8. Network Isolation: Orin discusses the importance of network isolation, such as blocking critical servers from Internet access to enhance security.

Orin recommends using Windows Admin Center for easier server management and integration with Azure, enhancing administrative efficiency.

About MJFChat

We’ve started a new, twice-monthly interview show on Petri.com that will cover topics of interest to our tech-professional audience. We are calling this show “MJFChat.”

In my role as Petri’s Community Magnate, I will be interviewing a variety of IT-savvy folks. Some of these will be Petri contributors; some will be tech-company employees; some will be IT pros. We will be tackling various subject areas in the form of 30-minute audio interviews. I will be asking the questions, the bulk of which we’re hoping will come from you, our Petri.com community of readers.