Hardening of the server can be achieved through implementing security procedures, correct and proper configuration management and addition of third party products if necessary.

Proper Configuration

The First and the most important hardening technique is the proper configuration of the server. This includes setting up password policies, account policies, proper configuration of the registry etc.

Password Policies

Some of the major problem in NT security is password theft and password guess to break into a system. A good password policy can help users to create good password and restrict them from using the same password again and again. The following guidelines will help in creating a good password policy.

While creating a password the user should use letters, numbers & special characters.
Maximum Password Age: Set the maximum password age to 60 days. This forces the user to change password once in 60 days.
Minimum Password Age: Set the minimum password age to 3 days. This restricts the user from changing he password and again changing it back to the old days. Since the minimum is 3 days. Normally the user will get used to the new password within 3 days and may not have a tendency to go back to the old password.
Enforce Password History: A user shouldn't use the same password until he uses five different passwords. This means, since the minimum password age is 3 days, it would take him 3x5 15 days to go back to the old password. This discourages a user from using the same password again.

Account Lockout Policy

Account Lockout: Lockout should be set to 5 failed attempts. Reset count after 10 minutes. This will reduce the attack of password guessing over a given period of time.
Lockout duration: Lockout duration should be 10 minutes. Care should be taken while setting the duration since it can lead to wastage of resources.

Local Users and Groups

Rename the administrator and establish a duplicate. An attacker will be always looking for the most privileged account. The duplicated administrator account should not have any privileges.
Replace the Everyone user group with the authenticated user group for all network share and directories. This restricts unauthenticated users in accessing the directories and files.
The guest account should be disabled if it is not required.

Windows Registry

Remote registry access: Windows provide the ability to access the registry from a given location. An attacker can take advantage of it if the value is not set. Set the value to 1 to prevent it.

Setting of Legacy Notice: It is good to set a legacy notice to warn the attackers that they will be prosecuted to the maximum extent possible for intrusions.

Last login Name shouldn't be displayed: when we press Ctrl + Del + Alt to login, in the user name field we can see the name of the last user who logged in to the system. This can make the job of an attacker to be easier by guessing the password. Set the value to 1 to restrict this.

Network

The network is the hacker's way to the internet. If the network is not configured properly the hacker can find the loopholes and can reach his target easily. A proper network security is the first line of defense against attacks.

Turn off the following services if they are not needed: FTP, RAS, IP Forwarding, and GOPHER.
Disable protocols that are not needed, including TCP/IP, NetBIOS, and NetBEUI.
Disable Server, Alerter, and Messenger services.
Block RPC port 135 at your firewall.
Block nbname port 137 at your firewall.
Block nbdatagram port 138 at your firewall.
Block nbsession port 139 at your firewall.

Beyond all these certain other things are also there.

Never install any software on any machine which is not from a trusted source.
It is particular that you install the latest service packs and Hot Fixes.
Always use NTFS file system. Since FAT file system cannot offer security it is always recommended to use NTFS file system.
It is recommended not to have CD-Rom Drives & Floppy Drives on Server so that unauthorized copying or theft of data can be avoided.
Always ensure that only concerned persons have access in the server room.