S.No.

Parameter Name Recommended Value Existing Value

1 Identification Labeled Servers Yes

2 No. of Partitions Minimum 2 2

3 OS Installation On C partition Yes

4 Application & Databases On D Partition Yes

5 Type of Partition NTFS Yes

6 Internet Information Services (IIS) Not to Install Not Installed

7 Simple Mail Transfer Protocol (SMTP) Not to Install Not Installed

8 Network News Transport Protocol (NNTP) Not to Install Not Installed

9 Guest Account Disabled Disabled

10 Individual Login Accounts For each Administrator

11 Service Pack Install Latest Available Yes

12 Critical OS Updates/Patches Should be installed Installed

13 Login Banner Enabled Yes

14 DoNotDisplayLastUserName Enabled Enabled

15 WinSync Installed and Configured Installed

16 NTSyslog Installed and Configured

17 Default Admin Share Disabled Disabled

18 System Restore Disabled Disabled

19 Minimum Password Length For Users 8 characters (Alpha numeric, & special characters)

20 Minimum Password Length For Administrators 14 characters (Alpha numeric, & special characters) 14 characters (Alpha numeric, & special characters)

21 Minimum Password Age 30 days 30 days

22 Maximum Password Age 45 days 45 days

23 Password History Maintenance 8 8

24 Password Complexity Requirement Set Set

Enable lockout after five failed attempts, reset the count after not Enabled lockout after five failed attempts, reset the count after 30
25 Account Lockout Policy less than 30 minutes, and set the lockout duration to 30 minutes. minutes, and set the lockout duration to 30 minutes.

26 Internet Browsing Disabled from the server except Terminal Servers Disabled

27 ScreenSaver Password Protected Yes

28 Screensaver and Wallpaper Same on all servers (As per Domain Policy)

29 Administrator Account Rename the account to a non-obvious name Renamed

30 Establish a Decoy Account named "Administrator" No privileges

 Name of Service Current Status Startup Type Recommended Status
.NET Runtime Optimization Service v2.0.50727_X86 Manual
Alerter Disabled (No change)
Application Experience Lookup Service Started Automatic
Application Layer Gateway Service Manual
Application Management Manual Disable
ASP.NET State Service Manual
Automatic Updates Started Automatic Disable
Background Intelligent Transfer Service Manual Disable
ClipBook Disabled Disable
COM+ Event System Started Automatic Disable
COM+ System Application Manual
Computer Browser Started Automatic Disable
Cryptographic Services Started Automatic
DCOM Server Process Launcher Started Automatic
DHCP Client Started Automatic Disable
Distributed File System Manual Disable
Distributed Link Tracking Client Started Automatic Disable
Distributed Link Tracking Server Disabled Disable
Distributed Transaction Coordinator Started Automatic
DNS Client Started Automatic (No change)
Error Reporting Service Started Automatic
Event Log Started Automatic (No change
File Replication Manual (No change)
Help and Support Started Automatic
HTTP SSL Started Manual
Human Interface Device Access Disabled
IIS Admin Service Started Automatic
IMAPI CD-Burning COM Service Disabled

Indexes content and properties

of files on the domain
controller to provide rapid
access to the file through a
flexible querying language. On
dedicated domain controllers,
disable this service to prevent
users from searching files and
file content if sensitive files
and folders are inadvertently
indexed.
Indexing Service Disabled
Intersite Messaging Disabled (No changes)
IPSEC Services Started Automatic Disable
Kerberos Key Distribution Center Disabled (No change)

Monitors and records client

access licensing for portions of
the operating system, such as
IIS, Terminal Services, and file
and print sharing, and for
products that are not a part of
the operating system, such as
Microsoft SQL Server or
Microsoft Exchange Server. On
a dedicated domain controller,
this service can be disabled.
License Logging Disabled
Logical Disk Manager Started Automatic (No change)
Logical Disk Manager Administrative Service Manual (No change)
McAfee Framework Service Started Automatic
Messenger Disabled (No change)
Microsoft Search Started Automatic
Microsoft Software Shadow Copy Provider Manual
MSSQLSERVER Started Automatic
MSSQLServerADHelper Manual
Net Logon Manual No change)
NetMeeting Remote Desktop Sharing Disabled Disable
Network Associates McShield Started Automatic
Network Associates Task Manager Started Automatic
Network Connections Started Manual (No change)
 Provides network transport and
security for Dynamic Data
Exchange (DDE) for programs
running on the domain
controller. This service can be
disabled when no DDE
applications are running locally
on the domain controller.
Network DDE Disabled

Used by Network DDE. This

service can be disabled when
Network DDE is disabled.
Network DDE DSDM Disabled
Network Location Awareness (NLA) Started Manual
Network Provisioning Service Manual
NT LM Security Support Provider Started Manual (No change)

Collects performance data for

the domain controller, writes
the data to a log, or generates
alerts. This service can be set
to automatic when you want to
log performance data or
generate alerts without an
administrator being logged on.
Performance Logs and Alerts Automatic
Plug and Play Started Automatic (No change)
Portable Media Serial Number Service Manual
Print Spooler Started Automatic Disable
Protected Storage Started Automatic (No change)
Remote Access Auto Connection Manager Manual Disable
Remote Access Connection Manager Started Manual Disable
Remote Desktop Help Session Manager Manual
Remote Procedure Call (RPC) Started Automatic (No change)

Enables RPC clients using the

RpcNs* family of application
programming interfaces (APIs)
to locate RPC servers and
manage the RPC name service
database. This service can be
disabled if no applications use
the RpcNs* APIs.
Remote Procedure Call (RPC) Locator Manual
Remote Registry Started Automatic
Should be enabled only on
servers that have backup
devices directly connected to
Removable Storage Started Manual them.
Resultant Set of Policy Provider Manual
Routing and Remote Access Disabled (No change)
Secondary Logon Started Automatic
Security Accounts Manager Started Automatic (No change)
Server Started Automatic Disable
Shell Hardware Detection Started Automatic
Smart Card Manual
SNMP Service Started Automatic
SNMP Trap Service Manual
Special Administration Console Helper Manual
SQLSERVERAGENT Started Automatic
System Event Notification Started Automatic (No change)
Task Scheduler Started Automatic Disabled
TCP/IP NetBIOS Helper Started Automatic (No change)
Telephony Started Manual Disable
Telnet Disabled Disable
 Allows multiple remote users
to be connected interactively
to the domain controller, and
provides display of desktops
and run applications. To
reduce the surface area of
attack, disable Terminal
Services unless it is used for
remote administration for
branch offices or headless
Terminal Services Started Manual domain controllers.
Terminal Services Session Directory Disabled
Themes Disabled
Uninterruptible Power Supply Manual Disable
Upload Manager Manual
Virtual Disk Service Manual
Volume Shadow Copy Manual
WebClient Disabled
Windows Audio Started Automatic
Windows Firewall/Internet Connection Sharing (ICS) Disabled
Windows Image Acquisition (WIA) Disabled
Windows Installer Manual (No change)
Windows Management Instrumentation Started Automatic Disable
Windows Management Instrumentation Driver Extensions Manual Disable
Windows Time Disable
Automatic Local Service
Windows User Mode Driver Framework Manual
WinHTTP Web Proxy Auto-Discovery Service Manual
Wireless Configuration Started Automatic
WMI Performance Adapter Manual
Workstation Started Automatic Disable
World Wide Web Publishing Service Started Automatic