Operating Systems/Windows/Windows Server/Windows Server X

From Vista Ridge Cyberpatriot
Revision as of 22:35, 5 February 2026 by 128.254.249.16 (talk) (→‎Checklist)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Windows Home vs Windows Server[edit | edit source]

The main difference you'll notice between Windows Home editions and Windows Server is the presence of the "Server Manager" program. This is a powerful dashboard for finding vulnerabilities and managing services. However, it's worth noting that the Server Manger isn't much used in the early rounds of competition, essentially making Windows Server a secondary Windows 10 system early on.

Checklist[edit | edit source]

    • Disable file sharing for C Drive
    • SMTP service stopped and disabled
  • See Windows 10 Checklist for other vulns




Checklist: 1. User & Account Management (Local + Domain) 

 -Remove unauthorized local users

 -Remove unauthorized domain users

 -Verify Domain Admins (VERY carefully)

 -Verify Enterprise Admins (if present)

 -Verify Administrators group (local & domain)

 -Rename Administrator account

 -Disable Guest account

 -Disable built-in Administrator (after alternate admin exists)

 -Ensure all users have passwords

 -Remove users from:

 -Remote Desktop Users

 -Backup Operators

 -Server Operators

 -Check service accounts (do not delete blindly)

Never delete domain accounts unless README explicitly allows it!!!

2. Password & Account Policies (Domain > Local) Domain Password Policy (Highest Priority) 

 -Enforce password history: 24

 -Minimum password length: 12–14

 -Password complexity: Enabled

 -Maximum password age: 30–60 days

 -Minimum password age: 1–5 days

 -Reversible encryption: Disabled

Location:
 -Group Policy Management → Default Domain Policy

 -Account Lockout Policy

 -Lockout threshold: 5

 -Lockout duration: 30–60 minutes

 -Reset lockout counter: 30–60 minutes

3. Audit Policy (Domain GPO) 

 -Enable Success + Failure for:

 -Account Logon

 -Logon/Logoff

 -Account Management

 -Policy Change

 -Privilege Use

 -System Events

 -Computer Configuration → Policies → Windows Settings → Security Settings → Advanced Audit Policy

4. Windows Defender / AV 

 -Enable Windows Defender Antivirus

 -Enable Real-time protection

 -Enable Cloud protection

 -Enable Automatic sample submission

 -Remove suspicious exclusions

 -Run Quick Scan or Full Scan

 -Enable Tamper Protection (if available)

5. Firewall (CRITICAL on Servers) 

 -Enable Firewall for:

 -Domain

 -Private

 -Public

 -Block inbound connections by default

 -Remove unnecessary Allow rules

 -Disable rule groups:

 -File & Printer Sharing (if not required)

 -Remote Assistance

 -Media streaming

Enable logging:

 -Dropped packets

 -Successful connections

6. Roles & Features (BIG POINT AREA) Review Installed Roles 

 -Remove roles not explicitly required:

 -Web Server (IIS)

 -FTP Server

 -Print Services

 -Remote Desktop Services

 -Hyper-V

 -Windows Deployment Services

 -SNMP

 -Fax Server

Never remove AD DS or DNS unless told!!!

7. IIS / Web Server (Only If Installed) 

 -Disable directory browsing

 -Disable FTP

 -Remove default website

 -Remove sample files

 -Enable request filtering

 -Enable logging

Enforce HTTPS if required

Disable WebDAV

8. Services (Server-Specific)

Disable or set to Manual (unless required):

Telnet

FTP

Remote Registry

SNMP

SSDP Discovery

UPnP Device Host

Peer Name Resolution

Peer Networking Grouping

Bluetooth Support Service

Windows Error Reporting (optional)

9. Remote Access & Networking

Disable Remote Assistance

Restrict Remote Desktop

Enable Network Level Authentication

Limit RDP users

Disable SMBv1

Enable SMB signing

Disable LLMNR

Disable NetBIOS over TCP/IP

10. Group Policy – Security Options

Enable / Configure:

Do not display last user name

Require Ctrl+Alt+Del

Disable LM hash storage

Digitally sign communications (always)

Disable anonymous SID enumeration

Disable AutoAdminLogon

Disable shutdown without logon

UAC: All settings enabled

11. File System & Shares

Review Shared Folders

Remove unauthorized shares

Verify share permissions ≠ NTFS permissions

Remove Everyone: Full Control

Check:

C:\Users

C:\Temp

C:\Windows\Temp

Remove unauthorized scripts/executables

12. Prohibited Software (Server Common)

Remove unless explicitly required:

TeamViewer

AnyDesk

VNC

Wireshark

Nmap

Angry IP Scanner

Metasploit

Cain & Abel

BitTorrent

OpenVPN / Hamachi

13. Scheduled Tasks & Startup

Review Task Scheduler

Remove suspicious tasks

Check:

Startup folders

Registry Run keys

14. Windows Updates

Enable automatic updates

Install all available updates

Verify updates are not paused

Restart server (if allowed)

15. Forensics Questions (DO THESE EARLY)

Read README immediately

Search for:

Unauthorized users

Hidden services

Malicious scheduled tasks

Odd event log entries

Answer questions as you harden

16. End-Game Point Hunting

Re-check:

Domain Admins

Firewall rules

Services

Defender status

Run final Defender scan

Reboot (if allowed)

Re-read README one last time

Retrieved from "https://cypat.rainbowunicorn.org/index.php?title=Operating_Systems/Windows/Windows_Server/Windows_Server_X&oldid=399"