How to secure a windows server

Rename Administrator account. Get creative and use words which cannot be easily guessed. I've used names of my fav villains in the Bollywood like Gabbar, Dang, Dong, Kesaria, Shakaal. ;)

Disable Guest Account: Never allow guest authentication on any system and always keep the guest account disabled

Disable Unwanted Services: Do not keep unwanted services active on the server. Ensure that all such are either disabled or removed.

Run MBSA Periodically: Microsoft Baseline Security  Analyser Tool helps you with setting up the server security in accordance to Microsoft's recommendation

Secure Your Server Hardware: Ensure that your servers are always under lock and key and that the access to the physical servers are limited and controlled.

Account Lockout Policy: Keep an account lockout policy in place to ensure that an intruder does not try indefinitely to crack your passwords.

Password Complexity & Age: Ensure that your user passwords are complex. We suggest a minimum of 6-8 characters (upper case, lower case and numbers) and that the password needs to be changed every 30-45 days. Also ensure that the passwords are not repeated for at least 20 times.

Backup: Ensure that your backup tapes are password protected. This will ensure that your backup will be useless to anyone who gets their hands on your backups. Randomly DO test that your backups perform a restore.

Granting Privileges: Do not keep unnecessary privileges to 'Everyone' or 'Authenticated Users'. Ensure that the privileges are granted as per the requirement of the individual or group.

Secure Your Administrative Password: NEVER EVER write down your administrative passwords or share it with people who are not authorized to access the servers. In worse case scenarios, if you need to , change the password immediately. It's not that you don't trust your vendors or colleagues BUT it's always better to be SAFE than SORRY