Hello everyone! I'm new to the sysadmin world, currently juggling various roles at a small managed service provider. Earlier this year, I set up Windows Server 2022 for a local branch of a large company, which was quite a leap for me since it was my first experience with Windows Server in an enterprise environment. I've been diving deep into system administration and I'm eager to secure the server effectively without altering the current infrastructure, as our client is hesitant to invest in more servers.
The server in question is a third-party hosted all-in-one setup acting as a domain controller, RDP session host, and storage, supporting daily operations like POS and PSQL for about 15 users. I've made numerous efforts towards securing it, including an RDP whitelist for restricted traffic, limiting open ports, preventing users from running unauthorized programs, and regularly monitoring for suspicious activity.
I'm also concerned about user habits, as they often save passwords and are resistant to changing this practice. I have implemented some security features, but I'm reaching out for more advice on how I can enhance the server's security given the constraints. Any insights would be appreciated!
2 Answers
A couple of things to consider that you might not have implemented yet:
1. Multi-Factor Authentication (MFA) would significantly enhance security.
2. Limit external connections from any countries outside your own.
3. Consider using an AppLocker to restrict which applications can run on your system.
Honestly, it sounds like you're doing a fantastic job, especially for someone who's fairly new to sysadmin. The RDP whitelist and minimizing open ports are solid moves. Also, blocking users from running shells or installers is a clever way to keep things secure. You've got a good handle on things!
Thank you! I appreciate the feedback!
Great points! I can't implement MFA for all users, but I will for the admins. I'll also look into whitelisting external connections, and I’m curious about AppLocker – could you elaborate on that?