Windows Server hardening involves identifying and remediating security vulnerabilities. Here are the top Windows Server hardening best practices you can implement immediately to reduce the risk of attackers compromising your critical systems and data. Organizational Security  Maintain an inventory record for each server that clearly documents its baseline configuration and records each change to the server.  Thoroughly test and validate every proposed change to server hardware or software before making the change in the production environment.  Regularly perform a risk assessment. Use the results to update your risk management plan and maintain a prioritized list of all servers to ensure that security vulnerabilities are fixed in a timely manner.  Keep all servers at the same revision level. Windows Server Preparation  Protect newly installed machines from hostile network traffic until the operating system is installed and hardened. Harden each new server in a DMZ network that is not open to the internet.  Set a BIOS/firmware password to prevent unauthorized changes to the server startup settings.  Disable automatic administrative logon to the recovery console.  Configure the device boot order to prevent unauthorized booting from alternate media. 3