Windows Server versions
Many servers hosting workloads that contain sensitive data run critical services, and host applications are likely to run in Windows environments. Any security breach inside the server environment has the potential to cause significant damage and loss of data. Windows Server contains many security controls built directly into its operating system, but they may not necessarily be enabled by default.
Just like with Windows clients, there is no one solution or collection of settings that provides a silver bullet in terms of defense for servers. It will require adding security layers that introduce boundaries to make it more difficult for attackers to break through. The number of layers varies by organization and it's up to your company to determine what features to enable that fit your security stature. During the hardening process, enable small subsets of controls at a time, followed by performing rigorous testing and validation to ensure functionalities...
