• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
14240 Sullyfield Circle #K Chantilly, VA 20151
  • Client Login
  • Remote Support
  • Tools
  • Blog
  • Contact
  • (703) 204-2958
Taking Care of Your Business Site Logo

TCB Inc

Northern VA Managed IT Services Provider

  • (703) 204-2958
  • Request A Consultation
  • About
    • Careers
    • Client Support
    • New User Request
    • Partners
  • Compliance Audits
    • CMMC
    • FedRAMP
    • FISMA
    • NIST 800-171
    • NIST 800-53
    • OMB Circular A-130
  • IT Security
    • Cloud Security
    • Incident Response
    • Network Assessment
    • Network Monitoring
    • Penetration Testing
    • Risk Management
  • Managed IT
    • Data Backup & Disaster Recovery
    • Hosting
    • IT Assessments
    • IT Help Desk
    • Network Installation & Integration
    • Outsourced IT Support
    • Spam Filtering
  • IT Consulting
    • CTO Consulting
    • Cybersecurity Consulting
    • Database Consulting
    • Integration Consulting
    • Website Consulting
  • Resources
    • Careers
    • Client Login
    • Remote Support
    • Tools
  • About
  • Our Partners
  • Request A Consultation

Best Practices for Maintaining Windows Server 2020

February 3, 2020 by TCB

As it goes, Windows Server is more focused on ease of use and deployment rather than on security. However, you can extract the best value out of your server by adopting some best practices and built-in features

Make the Most Out of Credential Guard and Remote Credential Guard

Credential guard technology came into being with the introduction of Windows Server 2016. It helps in protecting in-memory hashes and Kerberos tickets.

The technology makes use of virtualization-based security to run an isolated process for storing credentials. This is done through a process called Isaiso.exe such that the stored credentials are not stored by the operating system and other applications.

Similar to credential guard, remote credential guard helps in protecting credentials during remote desktop connection sessions when you fear that credentials could be leaked.

Activate Windows Firewall

Windows Firewall is a built-in feature of Windows. However, most administrators tend to turn it off and this compromises the security of the server.

This is why it is highly recommended to turn on the Windows Firewall for all profiles, and only allow filtered traffic to enter.

Manage User Account Control

Similar to the Windows firewall, do not turn off the UAC as well. Additionally, move the UAC slider to the top and keep your servers updated. This might make way for a few extra clicks, but in the end, it is all worth it, keeping the security of your system in mind.

Manage user account control pop up

Enable BitLocker

To keep the security of your server top-notch, it is highly recommended to enable BitLocker whenever you can. This is because it is easier to get around physical security, especially in remote offices where multiple people can access the server.

Your employees could pull out any unencrypted hard drive from the server and get access to the sensitive data on the go.

This could happen with VMDK/VHD files as well wherein an administrator with notorious intentions could download the crucial data and read them.

Audit Logs and Backups

Audit logs and backups play an important role in reverse engineering. These logs contain a record of malicious activities, if any, including log on attempts. Although the default logfile in Windows only records a few hours or days, you can increase the log size of your files accordingly and adopt the required retention measures.

Ideally, your log file should contain events from critical systems, Syslog server and the like.

As important it is to maintain audit logs, it is equally critical to manage backups as well. What if your system gets compromised by ransomware or someone steals your information, you must have a backup to make things work and restore the required data.

The Wrap Up

This is how you can maintain Windows Server 2020 and boost its security with the help of best practices and built-in features. Sounds like a tough task or too busy on other important business matters? Let us take care of it for you. tcbinc.com is an expert in maintaining windows server and enhancing its performance.

Do you have any queries? Let us know in the comments below.

categories iconBackup & Disaster Recovery

Primary Sidebar

Get In Touch

Call us at 703-204-2958 or request a consultation, and we will respond to you in a timely manner.
  • This field is for validation purposes and should be left unchanged.

Footer

TCB, Inc.

14240 Sullyfield Circle #K Chantilly, VA 20151 (703) 204-2958
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Company

  • About
  • Blog
  • Client Support
  • Contact
  • New User Request
  • Partners

Resources

  • Careers
  • Client Login
  • Remote Support
  • Tools

Managed IT Services

  • Data Backup & Disaster Recovery
  • Network Installation & Integration
  • Hosting
  • IT Assessments
  • IT Help Desk Support
  • IT Security
  • Spam Filtering

© 2025 TCB, Inc. ยท Website Privacy Policy & Terms of Use