Security Baseline for Windows Server 2019


In order to improve the University security posture from being compromised, our servers need to be hardened to minimize our hacking risk.  The recommended Windows Server Hardening policies will serve as a Security Baseline on Windows servers for departmental IT staff aligning the security to a certain extent.


  • Windows Server 2019

Recommended Policy Set

  • Developed based on Centre for Internet Security (CIS) Benchmark
  • Security Baseline for Windows Server hardening, no matter domain-joined or not
  • Tested on Windows Web Server, File Server and SQL server


  • Download policy set at LAN Administrators’ Resources Website
  • One policy set for Domain Controllers and Member Servers (Domain-joined servers), and another policy set for Standalone Servers (Workgroup servers)




Last Update on: Feb 2022