Windows Server Installation  Ensure the system does not shut down during installation.  Use the Security Configuration Wizard to create a system configuration based on the specific role that is needed.  Ensure that all appropriate patches, hotfixes and service packs are applied promptly. Security patches resolve known vulnerabilities that attackers could otherwise exploit to compromise a system. After you install Windows Server, immediately update it with the latest patches via WSUS or SCCM.  Enable automatic notification of patch availability. Whenever a patch is released, it should be analyzed, tested and applied in a timely manner using WSUS or SCCM. User Account Security Hardening  Ensure your administrative and system passwords meet password best practices. In particular, verify that privileged account passwords are not be based on a dictionary word and are at least 15 characters long, with letters, numbers, special characters and invisible (CTRL ˆ ) characters interspersed throughout. Ensure that all passwords are changed every 90 days.  Configure account lockout Group Policy according to account lockout best practices.  Disallow users from creating and logging in with Microsoft accounts.  Disable the guest account.  Do not allow “everyone” permissions to apply to anonymous users.  Do not allow anonymous enumeration of SAM accounts and shares.  Disable anonymous SID/Name translation.  Promptly disable or delete unused user accounts. 4