1and1 Help Centre Categories

print article

Secure a Windows Server

Security measures vary greatly dependent on the use of the server. The security of the server can only be managed by the administrator of the machine (not by 1&1) and should be one of the first priorities when configuring a server.

Below are some suggested security measures which will increase the security of the server significantly while offering almost the same usability of the server.

Change the Administrator Password
Change the Windows administrator password of the machine upon first logging into the server via Remote Desktop. The initial password for the server may be located in the 1&1 Control Panel as well as in the E-mail to confirm the server's setup being completed. If your E-mail or 1&1 Control Panel were accessed by an unknown party, this could lead to the server becoming compromised.

Since the Administrator user cannot be locked from failed login attempts, it is suggested that the Administrator user be renamed.

Rename the Administrator User
The administrator user is the default user for all Windows Server operating systems and almost all brute-force password attacks will attempt to gain access as this user. While you may be able to set Account Lockout Policies for all other users, the Administrator user is exempt from these settings and can never be locked out. It is therefore suggested to rename the Windows administrator user.
Make Use of Firewalls
All 1&1 Dedicated Servers come with an external firewall configurable through the 1&1 Control Panel in addition to the Windows software firewall and the IPSec service, both configurable through the operating system.
Keep the Server Up-to-Date
Keeping both the operating system and software up to date with the latest versions/hotfixes/patches/updates ensures that any known vulnerabilities are not exploited on your server. Configure Windows Updates to Check for updates but let me choose when to download and install them.
Please note:
Updates may affect the functionality of the server, its services or software. Back up the server before applying any hotfixes, patches or updates.
Backup the Server
Preventing malicious actions to your server are the main priority, but to plan for recovery of the server is also important. Even if the server were not compromised, data loss can still occur via user error or hardware failure. Every 1&1 Dedicated Server comes with FTP backup space accessible from only within the 1&1 network and stored on a separate server in the data centre.
Set the Password and Account Lockout Policies
The Password Policy can be set to define rules on passwords for Windows users, while the Account Lockout Policy defines rules on locking an account after multiple failed passwords entered. This ensures that all users choose strong password and/or choose new passwords after a specified length of time and also to prevent against brute-force login attempts through Remote Desktop.
Step 1
Click Start > Administrative Tools > Local Security Policy. Start > Administrative Tools > Local Security Policy
Start > Administrative Tools > Local Security Policy
Step 2
Double-click Account Policies. Security Settings
Security Settings
Step 3
Choose either Password Policy or Account Lockout Policy to start configuring security settings. Refer to the Microsoft articles on how to creating a strong password policy and how to establishing an account lockout policy. Account Policies
Account Policies