A highly recommended best practice in securing Windows Servers is to stop unnecessary services and disable unused functionality. A brief checklist containing high level definitions of tasks to be performed would help administrators reduce the attack surface of their servers. A typical checklist would include:
- Stopping and disabling all unnecessary services and applications
- Renaming the Administrator account
- Creating a new user account named Administrator with a complex password and disabling this new fake account
- Removing or disabling all unnecessary user accounts
- Delegating remaining user accounts based on the principle of least privilege
- Requiring strong authentication of users
- Performing regular operating systems and applications updates
- Installing/running protective software with the latest updates
- Document and verify systems configurations
- Check logs on regular basis – create a routine job
- Remove nonessential executables
- For highly critical servers you can have system integrity tools that monitor the system configuration and files for changes
And the list goes on depending on your environment and threat levels!