Difference between revisions of "Operating Systems/Windows/Windows Server/Windows Server X"
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | === | + | === Windows Home vs Windows Server === |
| + | The main difference you'll notice between Windows Home editions and Windows Server is the presence of the "Server Manager" program. This is a powerful dashboard for finding vulnerabilities and managing services. However, it's worth noting that the Server Manger isn't much used in the early rounds of competition, essentially making Windows Server a secondary Windows 10 system early on. | ||
| − | + | ===Checklist=== | |
| − | + | *Server Manger | |
| − | + | **[[File and Storage Servers|File Shares]] | |
| − | + | **[[Windows Server Updates|Updates]] | |
| − | + | **[[Windows Server Manager Dashboard|Dashboard Monitoring]] | |
| − | |||
| − | |||
| − | * | ||
| − | ** | ||
| − | |||
| − | ** | ||
| − | |||
| − | * | ||
| − | |||
| − | |||
| − | * | ||
| + | **Disable file sharing for C Drive | ||
| + | **SMTP service stopped and disabled | ||
| + | *See [[Operating Systems/Windows/Windows Desktop/Windows 10 (Desktop)|Windows 10 Checklist]] for other vulns | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | Checklist: | |
| − | + | 1. User & Account Management (Local + Domain) | |
| + | |||
| + | -Remove unauthorized local users | ||
| + | |||
| + | -Remove unauthorized domain users | ||
| + | |||
| + | -Verify Domain Admins (VERY carefully) | ||
| + | |||
| + | -Verify Enterprise Admins (if present) | ||
| + | |||
| + | -Verify Administrators group (local & domain) | ||
| + | |||
| + | -Rename Administrator account | ||
| + | |||
| + | -Disable Guest account | ||
| + | |||
| + | -Disable built-in Administrator (after alternate admin exists) | ||
| + | |||
| + | -Ensure all users have passwords | ||
| + | |||
| + | -Remove users from: | ||
| + | |||
| + | -Remote Desktop Users | ||
| + | |||
| + | -Backup Operators | ||
| + | |||
| + | -Server Operators | ||
| + | |||
| + | -Check service accounts (do not delete blindly) | ||
| + | |||
| + | Never delete domain accounts unless README explicitly allows it!!! | ||
| + | |||
| + | 2. Password & Account Policies (Domain > Local) | ||
| + | Domain Password Policy (Highest Priority) | ||
| + | |||
| + | -Enforce password history: 24 | ||
| + | |||
| + | -Minimum password length: 12–14 | ||
| + | |||
| + | -Password complexity: Enabled | ||
| + | |||
| + | -Maximum password age: 30–60 days | ||
| + | |||
| + | -Minimum password age: 1–5 days | ||
| + | |||
| + | -Reversible encryption: Disabled | ||
| + | |||
| + | Location: | ||
| + | -Group Policy Management → Default Domain Policy | ||
| + | |||
| + | -Account Lockout Policy | ||
| + | |||
| + | -Lockout threshold: 5 | ||
| + | |||
| + | -Lockout duration: 30–60 minutes | ||
| + | |||
| + | -Reset lockout counter: 30–60 minutes | ||
| + | |||
| + | 3. Audit Policy (Domain GPO) | ||
| + | |||
| + | -Enable Success + Failure for: | ||
| + | |||
| + | -Account Logon | ||
| + | |||
| + | -Logon/Logoff | ||
| + | |||
| + | -Account Management | ||
| + | |||
| + | -Policy Change | ||
| + | |||
| + | -Privilege Use | ||
| + | |||
| + | -System Events | ||
| + | |||
| + | -Computer Configuration → Policies → Windows Settings → Security Settings → Advanced Audit Policy | ||
| + | |||
| + | 4. Windows Defender / AV | ||
| + | |||
| + | -Enable Windows Defender Antivirus | ||
| + | |||
| + | -Enable Real-time protection | ||
| + | |||
| + | -Enable Cloud protection | ||
| + | |||
| + | -Enable Automatic sample submission | ||
| + | |||
| + | -Remove suspicious exclusions | ||
| + | |||
| + | -Run Quick Scan or Full Scan | ||
| + | |||
| + | -Enable Tamper Protection (if available) | ||
| + | |||
| + | 5. Firewall (CRITICAL on Servers) | ||
| + | |||
| + | -Enable Firewall for: | ||
| + | |||
| + | -Domain | ||
| + | |||
| + | -Private | ||
| + | |||
| + | -Public | ||
| + | |||
| + | -Block inbound connections by default | ||
| + | |||
| + | -Remove unnecessary Allow rules | ||
| + | |||
| + | -Disable rule groups: | ||
| + | |||
| + | -File & Printer Sharing (if not required) | ||
| + | |||
| + | -Remote Assistance | ||
| + | |||
| + | -Media streaming | ||
| + | |||
| + | Enable logging: | ||
| + | |||
| + | -Dropped packets | ||
| + | |||
| + | -Successful connections | ||
| + | |||
| + | 6. Roles & Features (BIG POINT AREA) | ||
| + | Review Installed Roles | ||
| + | |||
| + | -Remove roles not explicitly required: | ||
| + | |||
| + | -Web Server (IIS) | ||
| + | |||
| + | -FTP Server | ||
| + | |||
| + | -Print Services | ||
| + | |||
| + | -Remote Desktop Services | ||
| + | |||
| + | -Hyper-V | ||
| + | |||
| + | -Windows Deployment Services | ||
| + | |||
| + | -SNMP | ||
| + | |||
| + | -Fax Server | ||
| + | |||
| + | Never remove AD DS or DNS unless told!!! | ||
| + | |||
| + | 7. IIS / Web Server (Only If Installed) | ||
| + | |||
| + | -Disable directory browsing | ||
| + | |||
| + | -Disable FTP | ||
| + | |||
| + | -Remove default website | ||
| + | |||
| + | -Remove sample files | ||
| + | |||
| + | -Enable request filtering | ||
| + | |||
| + | -Enable logging | ||
| + | |||
| + | Enforce HTTPS if required | ||
| + | |||
| + | Disable WebDAV | ||
| + | |||
| + | 8. Services (Server-Specific) | ||
| + | |||
| + | Disable or set to Manual (unless required): | ||
| + | |||
| + | Telnet | ||
| + | |||
| + | FTP | ||
| + | |||
| + | Remote Registry | ||
| + | |||
| + | SNMP | ||
| + | |||
| + | SSDP Discovery | ||
| + | |||
| + | UPnP Device Host | ||
| + | |||
| + | Peer Name Resolution | ||
| + | |||
| + | Peer Networking Grouping | ||
| + | |||
| + | Bluetooth Support Service | ||
| + | |||
| + | Windows Error Reporting (optional) | ||
| + | |||
| + | 9. Remote Access & Networking | ||
| + | |||
| + | Disable Remote Assistance | ||
| + | |||
| + | Restrict Remote Desktop | ||
| + | |||
| + | Enable Network Level Authentication | ||
| + | |||
| + | Limit RDP users | ||
| + | |||
| + | Disable SMBv1 | ||
| + | |||
| + | Enable SMB signing | ||
| + | |||
| + | Disable LLMNR | ||
| + | |||
| + | Disable NetBIOS over TCP/IP | ||
| + | |||
| + | 10. Group Policy – Security Options | ||
| + | |||
| + | Enable / Configure: | ||
| + | |||
| + | Do not display last user name | ||
| + | |||
| + | Require Ctrl+Alt+Del | ||
| + | |||
| + | Disable LM hash storage | ||
| + | |||
| + | Digitally sign communications (always) | ||
| + | |||
| + | Disable anonymous SID enumeration | ||
| + | |||
| + | Disable AutoAdminLogon | ||
| + | |||
| + | Disable shutdown without logon | ||
| + | |||
| + | UAC: All settings enabled | ||
| + | |||
| + | 11. File System & Shares | ||
| + | |||
| + | Review Shared Folders | ||
| + | |||
| + | Remove unauthorized shares | ||
| + | |||
| + | Verify share permissions ≠ NTFS permissions | ||
| + | |||
| + | Remove Everyone: Full Control | ||
| + | |||
| + | Check: | ||
| + | |||
| + | C:\Users | ||
| + | |||
| + | C:\Temp | ||
| + | |||
| + | C:\Windows\Temp | ||
| + | |||
| + | Remove unauthorized scripts/executables | ||
| + | |||
| + | 12. Prohibited Software (Server Common) | ||
| + | |||
| + | Remove unless explicitly required: | ||
| + | |||
| + | TeamViewer | ||
| + | |||
| + | AnyDesk | ||
| + | |||
| + | VNC | ||
| + | |||
| + | Wireshark | ||
| + | |||
| + | Nmap | ||
| + | |||
| + | Angry IP Scanner | ||
| + | |||
| + | Metasploit | ||
| + | |||
| + | Cain & Abel | ||
| + | |||
| + | BitTorrent | ||
| + | |||
| + | OpenVPN / Hamachi | ||
| + | |||
| + | 13. Scheduled Tasks & Startup | ||
| + | |||
| + | Review Task Scheduler | ||
| + | |||
| + | Remove suspicious tasks | ||
| + | |||
| + | Check: | ||
| + | |||
| + | Startup folders | ||
| + | |||
| + | Registry Run keys | ||
| + | |||
| + | 14. Windows Updates | ||
| + | |||
| + | Enable automatic updates | ||
| + | |||
| + | Install all available updates | ||
| + | |||
| + | Verify updates are not paused | ||
| + | |||
| + | Restart server (if allowed) | ||
| + | |||
| + | 15. Forensics Questions (DO THESE EARLY) | ||
| + | |||
| + | Read README immediately | ||
| + | |||
| + | Search for: | ||
| + | |||
| + | Unauthorized users | ||
| + | |||
| + | Hidden services | ||
| + | |||
| + | Malicious scheduled tasks | ||
| + | |||
| + | Odd event log entries | ||
| + | |||
| + | Answer questions as you harden | ||
| + | |||
| + | 16. End-Game Point Hunting | ||
| + | |||
| + | Re-check: | ||
| + | |||
| + | Domain Admins | ||
| + | |||
| + | Firewall rules | ||
| + | |||
| + | Services | ||
| + | |||
| + | Defender status | ||
| + | |||
| + | Run final Defender scan | ||
| + | |||
| + | Reboot (if allowed) | ||
| + | |||
| + | Re-read README one last time | ||
Latest revision as of 22:35, 5 February 2026
Windows Home vs Windows Server[edit | edit source]
The main difference you'll notice between Windows Home editions and Windows Server is the presence of the "Server Manager" program. This is a powerful dashboard for finding vulnerabilities and managing services. However, it's worth noting that the Server Manger isn't much used in the early rounds of competition, essentially making Windows Server a secondary Windows 10 system early on.
Checklist[edit | edit source]
- Server Manger
- Disable file sharing for C Drive
- SMTP service stopped and disabled
- See Windows 10 Checklist for other vulns
Checklist:
1. User & Account Management (Local + Domain)
-Remove unauthorized local users
-Remove unauthorized domain users
-Verify Domain Admins (VERY carefully)
-Verify Enterprise Admins (if present)
-Verify Administrators group (local & domain)
-Rename Administrator account
-Disable Guest account
-Disable built-in Administrator (after alternate admin exists)
-Ensure all users have passwords
-Remove users from:
-Remote Desktop Users
-Backup Operators
-Server Operators
-Check service accounts (do not delete blindly)
Never delete domain accounts unless README explicitly allows it!!!
2. Password & Account Policies (Domain > Local) Domain Password Policy (Highest Priority)
-Enforce password history: 24
-Minimum password length: 12–14
-Password complexity: Enabled
-Maximum password age: 30–60 days
-Minimum password age: 1–5 days
-Reversible encryption: Disabled
Location: -Group Policy Management → Default Domain Policy
-Account Lockout Policy
-Lockout threshold: 5
-Lockout duration: 30–60 minutes
-Reset lockout counter: 30–60 minutes
3. Audit Policy (Domain GPO)
-Enable Success + Failure for:
-Account Logon
-Logon/Logoff
-Account Management
-Policy Change
-Privilege Use
-System Events
-Computer Configuration → Policies → Windows Settings → Security Settings → Advanced Audit Policy
4. Windows Defender / AV
-Enable Windows Defender Antivirus
-Enable Real-time protection
-Enable Cloud protection
-Enable Automatic sample submission
-Remove suspicious exclusions
-Run Quick Scan or Full Scan
-Enable Tamper Protection (if available)
5. Firewall (CRITICAL on Servers)
-Enable Firewall for:
-Domain
-Private
-Public
-Block inbound connections by default
-Remove unnecessary Allow rules
-Disable rule groups:
-File & Printer Sharing (if not required)
-Remote Assistance
-Media streaming
Enable logging:
-Dropped packets
-Successful connections
6. Roles & Features (BIG POINT AREA) Review Installed Roles
-Remove roles not explicitly required:
-Web Server (IIS)
-FTP Server
-Print Services
-Remote Desktop Services
-Hyper-V
-Windows Deployment Services
-SNMP
-Fax Server
Never remove AD DS or DNS unless told!!!
7. IIS / Web Server (Only If Installed)
-Disable directory browsing
-Disable FTP
-Remove default website
-Remove sample files
-Enable request filtering
-Enable logging
Enforce HTTPS if required
Disable WebDAV
8. Services (Server-Specific)
Disable or set to Manual (unless required):
Telnet
FTP
Remote Registry
SNMP
SSDP Discovery
UPnP Device Host
Peer Name Resolution
Peer Networking Grouping
Bluetooth Support Service
Windows Error Reporting (optional)
9. Remote Access & Networking
Disable Remote Assistance
Restrict Remote Desktop
Enable Network Level Authentication
Limit RDP users
Disable SMBv1
Enable SMB signing
Disable LLMNR
Disable NetBIOS over TCP/IP
10. Group Policy – Security Options
Enable / Configure:
Do not display last user name
Require Ctrl+Alt+Del
Disable LM hash storage
Digitally sign communications (always)
Disable anonymous SID enumeration
Disable AutoAdminLogon
Disable shutdown without logon
UAC: All settings enabled
11. File System & Shares
Review Shared Folders
Remove unauthorized shares
Verify share permissions ≠ NTFS permissions
Remove Everyone: Full Control
Check:
C:\Users
C:\Temp
C:\Windows\Temp
Remove unauthorized scripts/executables
12. Prohibited Software (Server Common)
Remove unless explicitly required:
TeamViewer
AnyDesk
VNC
Wireshark
Nmap
Angry IP Scanner
Metasploit
Cain & Abel
BitTorrent
OpenVPN / Hamachi
13. Scheduled Tasks & Startup
Review Task Scheduler
Remove suspicious tasks
Check:
Startup folders
Registry Run keys
14. Windows Updates
Enable automatic updates
Install all available updates
Verify updates are not paused
Restart server (if allowed)
15. Forensics Questions (DO THESE EARLY)
Read README immediately
Search for:
Unauthorized users
Hidden services
Malicious scheduled tasks
Odd event log entries
Answer questions as you harden
16. End-Game Point Hunting
Re-check:
Domain Admins
Firewall rules
Services
Defender status
Run final Defender scan
Reboot (if allowed)
Re-read README one last time