A freshly provisioned Windows VPS comes with default settings that are convenient for setup but insecure for production use. Attackers actively scan the internet for exposed Windows servers with weak configurations. This guide provides ten essential security settings you should apply immediately after deploying your Windows VPS<\/a>.<\/p>\n\n\n\n The built-in Administrator account is a known target for brute-force attacks. Create a new local admin account with a different name, add it to the Administrators group, then disable the original Administrator account.<\/p>\n\n\n\n PowerShell command:<\/strong><\/p>\n\n\n\n Weak passwords are the most common entry point for server compromises. Configure password policies that require complexity, minimum length, and regular rotation.<\/p>\n\n\n\n Navigate to Local Security Policy \u2192 Account Policies \u2192 Password Policy<\/strong> and set:<\/p>\n\n\n\n RDP runs on port 3389 by default, making it a prime target for automated scanners. Changing the port reduces attack surface significantly. This requires a registry modification:<\/p>\n\n\n\n Remember to update your RDP client to connect to the new port (ServerIP:3390).<\/p>\n\n\n\n NLA requires users to authenticate before a full RDP session is established, reducing the risk of denial-of-service attacks and credential harvesting. Enable it via:<\/p>\n\n\n\n System Properties \u2192 Remote \u2192 Remote Desktop \u2192 Advanced<\/strong> \u2014 check “Require computers to use Network Level Authentication to connect.”<\/p>\n\n\n\n Or via PowerShell:<\/p>\n\n\n\n Windows Firewall with Advanced Security provides host-based filtering. Configure it to block all inbound traffic except the minimum required services:<\/p>\n\n\n\n Windows Server comes with Windows Defender built in, but it may not be fully enabled by default. Verify it is active:<\/p>\n\n\n\n Schedule weekly quick scans and monthly full scans using Task Scheduler. Keep virus definitions updated automatically via Windows Update.<\/p>\n\n\n\n Unpatched vulnerabilities are the leading cause of server compromises. Configure Windows Update to install security patches automatically:<\/p>\n\n\n\n Every installed Windows component is a potential attack vector. Remove roles and features you do not need:<\/p>\n\n\n\n Common roles to remove if unused: Print Server, Windows Media Services, Telnet Client, TFTP Client, Internet Storage Name Service, and XPS Viewer.<\/p>\n\n\n\n Brute-force attacks rely on unlimited login attempts. Configure account lockout to stop them:<\/p>\n\n\n\n Local Security Policy \u2192 Account Policies \u2192 Account Lockout Policy<\/strong>:<\/p>\n\n\n\n You cannot secure what you do not monitor. Enable auditing for critical security events:<\/p>\n\n\n\n Monitor Event Viewer logs daily \u2014 pay attention to Event ID 4625 (failed logins), Event ID 4648 (explicit credential use), and Event ID 1102 (security log cleared). Set up email alerts for these events using Task Scheduler triggers.<\/p>\n\n\n\n Beyond these ten settings, consider these advanced measures:<\/p>\n\n\n\n Apply these ten security settings to every Windows VPS you deploy. They take under an hour to configure and eliminate the vast majority of common attack vectors. For a reliable Windows VPS<\/a> to practice these security measures, choose a provider that offers full Administrator access and snapshots so you can revert if a configuration change causes issues.<\/p>\n","protected":false},"excerpt":{"rendered":"1. Rename the Default Administrator Account<\/h3>\n\n\n\n
# Create a new admin account\nNew-LocalUser -Name \"ops-admin\" -Password (Read-Host -AsSecureString)\nAdd-LocalGroupMember -Group \"Administrators\" -Member \"ops-admin\"\n\n# Disable the default Administrator account\nDisable-LocalUser -Name \"Administrator\"<\/code><\/pre>\n\n\n\n2. Enforce Strong Password Policies<\/h3>\n\n\n\n
\n
3. Change the Default RDP Port<\/h3>\n\n\n\n
# Change RDP port (e.g., to 3390)\nSet-ItemProperty -Path \"HKLM:\\System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\" -Name \"PortNumber\" -Value 3390\n\n# Restart the service\nRestart-Service TermService -Force\n\n# Add firewall rule\nNew-NetFirewallRule -DisplayName \"RDP-3390\" -Direction Inbound -LocalPort 3390 -Protocol TCP -Action Allow<\/code><\/pre>\n\n\n\n4. Enable Network Level Authentication (NLA)<\/h3>\n\n\n\n
Set-ItemProperty -Path \"HKLM:\\System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\" -Name \"UserAuthentication\" -Value 1<\/code><\/pre>\n\n\n\n5. Configure Windows Firewall Properly<\/h3>\n\n\n\n
\n
6. Install and Configure Windows Defender Antivirus<\/h3>\n\n\n\n
# Check Defender status\nGet-MpComputerStatus | Select-Object AntivirusEnabled, RealTimeProtectionEnabled, AMServiceEnabled\n\n# Ensure real-time protection is on\nSet-MpPreference -DisableRealtimeMonitoring $false<\/code><\/pre>\n\n\n\n7. Enable Windows Update and Configure Automatic Patching<\/h3>\n\n\n\n
\n
8. Remove Unnecessary Windows Roles and Features<\/h3>\n\n\n\n
# List installed roles and features\nGet-WindowsFeature | Where-Object Installed\n\n# Remove features (example: remove Print and Document Services)\nRemove-WindowsFeature -Name Print-Services<\/code><\/pre>\n\n\n\n9. Configure Account Lockout Policies<\/h3>\n\n\n\n
\n
10. Enable Auditing and Monitoring<\/h3>\n\n\n\n
# Enable advanced audit policies\nauditpol \/set \/subcategory:\"Logon\" \/success:enable \/failure:enable\nauditpol \/set \/subcategory:\"Account Logon\" \/success:enable \/failure:enable\nauditpol \/set \/subcategory:\"Process Creation\" \/success:enable\nauditpol \/set \/subcategory:\"Registry\" \/failure:enable\nauditpol \/set \/subcategory:\"File System\" \/failure:enable<\/code><\/pre>\n\n\n\nAdditional Recommendations<\/h3>\n\n\n\n
\n
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned<\/code> to prevent unsigned scripts from running.<\/li>\n<\/ul>\n\n\n\n