The best ways to protect VPS/VDS on Windows Server

VDS/VPS on Windows servers are popular solutions among a diversity of users mainly because of the easiness of management and almost intuitive user interface. In addition to a user-friendly approach, clients of the Windows servers are getting more security because of the regular updates.

Despite the basic security characteristics, it is possible to make your user experience even more protected by just adding a few measures. Here in the article, we will share some easy security practices for safeguarding your VPS on a Windows server so if that topic sounds interesting just continue reading and you will get all the insights.

Essential Security Practices for Safeguarding Your VPS/VDS on Windows Server

Let’s dive into our top 5 recommendations about safeguarding of the VPS/VDS that can significantly minimize the risks of hacking into your system. These practices are easy to implement so literally anyone can make some simple changes after reviewing our guidance.  

We will focus mainly on direct desktop practices such as changing the password, restricting remote desktop connection, and more.

1. Eliminate the Default Administrator Account for Enhanced Security

Usually, VPS/VDS on Windows is with the default admin account, and that is quite helpful when you are initially installing OS. However, this can become really problematic and cause major issues in the near future. The main risks are connected with the risks of brute-force hackers that work by trying to automatically guess the credentials with the purpose of entering the system. For all online hackers, the default administrator account can be really helpful in their illegal activity. There are various approaches to the minimization of these risks, and probably the easiest one is to disable the default account.

Here, we will share the process of disabling an account in Windows server version 2019, the procedure for other versions might be slightly different, but the general concept is the same.

Step 1: Identify and Access the Default Administrator Account

For the identification and accessing of the default admin account, you should initially enter the server manager. Once you’ve entered the manager and you see the dashboard details press Tools which is on the right top part of your screen. After that, you need to select a computer manager.

In the left part of the computer management window, you will immediately see the local users where you can find your default account.

Step 2: Create a New User with Administrator Privileges

When still in the computer management window, in the local user’s menu, choose users and then right-click on the users. After that, you will see a couple of options so you need to press New user.

Step 3: Transfer Essential Roles to the New Administrator

The creation of the new admin and transferring the essential roles is a relatively easy task. After pressing New user, you will see a window where you need to add user name and password. Here you should be attentive not only with the choice of the password which we will discuss later in the article, but also select the proper username. Don’t use any obvious words such as root/administrator/admin1, but it is advisable to use a random combination of numbers or just your usual name.

At the bottom of the window, you will see some additional options where you need to choose only “Password never expire”. Options “user cannot change password” and “account is disabled” should not be selected.

Step 4: Disable the Default Administrator Account

To start disabling of administrator account on the Windows server, you should start by adding the newly created account to the administrators otherwise this process could be started.

In the computer management, return to the local users select the Groups, and press Administrators.

Step 5: Verify the Deactivation Process

For the proper deactivation process, once you have selected Administrators, you will see a window with administrators properties where you need to press Add and in another window that will appear after clicking Add, you will need to enter the object names to select (fill in the newly created user name) and press OK.

Step 6: Secure the Backup Admin Credentials

Now, we have almost completed the process, but before you fully disable the default administrator on your Windows VPS, you should sign out from the default admin account and enter the system again with the newly created username/password.  

Step 7: Test Access to Confirm Secure Setup

Now, once you entered the newly created account and everything works properly, you can disable the default administrator for the proper security confirmation. Enter Server Manager, select Tools, then Computer Manager, and in the Local users select Users. The process is similar to the one where you have just created a new user, just right-click on Administrator and choose properties. Once you are in the general section of the properties, you should tick “account is disabled” and press OK.

The disabling of the default administrator is an important step that can significantly safeguard your Windows VPS. For all the hackers the process of attacking a Windows server without the default administrator is so much harder.

In case, you have VPS on a Linux system, there are plenty of resources that can also help with securing VPS on this operating system.   

2. Secure Your Admin Account with a Robust Password

Now when your default administrator is disabled, the next important step is the usage of the robust password for the new admin user. There are plenty of detailed articles about the choice of secure passwords for your Windows VPS so you can check them as well.

We will share only basic recommendations that definitely work. The first crucial factor is the length of your password. Ideally, the longest possible password is considered to be the safest, but you can start with 10 symbols. Don’t use your name, date of birth, or other dictionary words and numbers that might be extremely predictable for the automatic tools. Moreover, don’t forget to use uppercase and lowercase characters to improve the security of your credentials.  

These are rather standard recommendations but don’t neglect them in case you want to maximize the security of your Windows VPS.

3. Customize Remote Desktop Ports for Added Protection

The most common method of accessing Windows VPS is by the Remote Desktop. Usually, Remote Desktop and all the other access software function on the basis of the default port (3389). This is not confidential information so all the hackers use default ports for accessing Windows VPSs. However, you can easily change the default value of the port and improve the security of the VPS.

To change this value, enter Registry Editor in Windows and that is fully irrelevant for the Linux users. When in the editor, you should change the following key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

All you need to do is to press PortNumber and select modify option. The advisable choice of the port number is a random combination that will be hard to detect by hackers. The only issue that might occur with the new port number is the possibility of firewall blockage. That’s why, you should consider the port number that isn’t used by another service or app, otherwise, it can cause a conflict.  

4. Remote Desktop Access by Limiting Connections to Specific IPs

One more good practice that can impact your Windows VPS security is to limit the number of IPs via Remote Desktop. This method is extremely helpful for the limited number of users who are always connected from a specific location. It might be your home IP address or office location, but it should be a static IP service. There might be some consequences of this method, in case users are trying to connect not with the same location.

Of course, this practice might not suit all users of Windows VPS, but those that do will definitely improve their security level.

To add specific IPs, enter Remote Desktop – Properties, choose the scope, in the remote IPs section press Add, and then specify the needed IP. After that press OK for the changes to be saved.  

5. Strengthen Your Security Setup with Firewall Management and Additional Safeguards

Most Windows VPS comes together with a standard Firewall, and it functions pretty well in case you are not hosting a website or launching an app with the availability of sensitive data. In case, you will be hosting a platform where your clients leave their credit card details or real names/locations, then it is highly recommended to use another software that is specifically created for dealing with sensitive information.

If you are in a small company or user group, you can improve Windows Firewall by selecting the “Deny All” policy. This is really secure approach by which you can block all the traffic except of those volume that comes with specific users. One major issue with this approach is the chances of blockage of the needed users, but this problem can be fixed.

Final Thoughts

Creating the highest possible security level on your Windows VPS fully depends on your meaningful steps. You can disable the default admin account, use the safest password, and customize remote desktop ports accordingly, but don’t forget that the main thing that influences VPS security is the choice of the most reliable and stable web provider.