As part of the Windows Server 2012 R2 VM provisioning (recommended):
After a Windows Server 2012 R2 VM has been provisioned:
A copy of the 'Security Configuration Assessment Report for the Windows Server 2012 R2 template can be found
here. In addition to the changes documented in the assessment report, Windows Firewall is configured to only allow incoming Remote Desktop connections from
Well-known UW-Madison Campus IP address ranges.
To make changes to this configuration (e.g., updating the Windows Update settings), changes must be made using the Group Policy Object Editor:
- Login to the Windows VM using Remote Desktop
- Open the Microsoft Management Console (mmc.exe)
- File -> Add/Remove Snap In...
- Group Policy Object Editor
- Add >
- Group Policy Object: Local Computer
- Finish
- OK
Microsoft provide additional details on the Windows settings available for configuration via group policy at
Group Policy Settings Reference for Windows and Windows Server
About the Center for Internet Security
"The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls."
About the CIS Microsoft Windows Server 2012 R2 Benchmark
"[The CIS Microsoft Windows Server 2012 R2 Benchmark] provides prescriptive guidance for establishing a secure configuration posture for CIS Microsoft Windows Server 2012 R2.