General Security Settings  Disable unneeded services. Most servers have the default install of the operating system, which often contains extraneous services that are not needed for the system to function and that represent a security vulnerability. Therefore, it is critical to remove all unnecessary services from the system.  Remove unneeded Windows components. Any unnecessary Windows components should be removed from critical systems to keep the servers in a secure state.  Enable the built-in Encrypting File System (EFS) with NTFS or BitLocker on Windows Server.  If the workstation has significant random access memory (RAM), disable the Windows swapfile. This will increase performance and security because no sensitive data can be written to the hard drive.  Do not use AUTORUN. Otherwise, untrusted code can be run without the direct knowledge of the user; for example, attackers might put a CD into the machine and cause their own script to run.  Display a legal notice like the following before the user logs in: “Unauthorized use of this computer and networking resources is prohibited…”  Require Ctrl+Alt+Del for interactive logins.  Configure a machine inactivity limit to protect idle interactive sessions.  Ensure all volumes are using the NTFS file system.  Configure Local File/folder permissions. Another important but often overlooked security procedure is to lock down the file-level permissions for the server. By default, Windows does not apply specific restrictions on any local files or folders; the Everyone group is given full permissions to most of the machine. Remove this group and instead grant access to files and folders using role-based groups based on the least-privilege principle. Every attempt should be made to remove Guest, Everyone and ANONYMOUS LOGON from the user rights lists. With this configuration Windows will be more secure.  Set the system date/time and configure it to synchronize against domain time servers.  Configure a screen saver to lock the console's screen automatically if it is left unattended. 7