Windows Pre-OS Hardening Procedures

Run a Vulnerability scan on the system in question as well as a virus scan using any or all of the following:

Once you have ensured the server is not compromised proceed with the following:

  • Install only options/services required
  • Install latest OS service patches as recommended at

http://v4.windowsupdate.microsoft.com/en/default.asp

  • Install all needed "critical updates"
  • Install all needed "Windows OS updates"
  • If office is installed Install latest Office updates as recommended at

http://office.microsoft.com/productupdates/

http://www.microsoft.com/downloads/info.aspx?na=22&p=10&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3dfd513435-fa6d-407c-bedc-5fd03e5b7d6c%26DisplayLang%3den

  • Run Microsoft Baseline Security Analyzer (MBSA) that can be found at

http://www.microsoft.com/downloads/details.aspx?FamilyId=4B4ABA06-B5F9-4DAD-BE9D-7B51EC2E5AC9&displaylang=en