Best practices for configuring security features in Windows Server have changed in recent years. We’ve just said (official) good-bye to Windows Server 2008 R2, and we should be getting ready to say good-bye to Server 2012 R2 as support ends in three years. It’s harder for those older servers to deal with today’s threats, such as new ways to gain access through tampering with and spoofing code-signing certs.
Here are nine security settings that no longer have the same impact, depending on what server or cloud platform you are using, and the settings or policies you should be using in addition to them or in their place.
1. Old advice: Rename the administrator account
Once upon a time, the main guidance was renaming the administrator account. This was even made into a wizard process on some server platforms. A few years ago, attackers would go after account names, and if you renamed the administrator account to something else, you would make it harder for attackers. Today, renaming the administrator account is no longer as impactful because attackers can use phishing and harvesting of credentials left behind on systems to gain a toe-hold into your system.
New advice: Use different admin passwords
Instead, I recommend that you don’t use the same local administrator password across your network. Want to make it easy for ransomware attackers to perform lateral movement in your network? Use the same password on each workstation. You should deploy the Local Administrators Password Solution (LAPS) to ensure that there is a random password assigned. While deploying it, don’t forget that attackers know to review for users with “all extended rights” that can view passwords and all computers with LAPS enabled.