Start-up security for Windows servers

These three documents provides key best practices to help organisations achieve the secure implementation of a Windows Server 2016 (and later versions) intended to operate as an Active Directory member server, a standalone server not joined to an Active Directory domain, or a domain controller.

Publish the 03 October 2025 Updated 03 October 2025

ANSSI's Back to Basics aim to enlighten all our readers, whatever their level of technical knowledge, on the major challenges of cybersecurity. They reflect the agency's point of view at the time of publication, and are not intended as detailed recommendations, like our guides. Rather, they set out independent best practices that can be implemented in a complementary manner. These recommendations are likely to be regularly updated in line with developments in the threat environment, the technologies used, our feedback, etc.

PDF

Back to Basics - Start-up security for a member server - v1.0

PDF

Back to Basics - Start-up security for a standalone server - v1.0

PDF

Back to Basics - Start-up security for a domain controller - v1.0

Search

About French Cybersecurity Agency (ANSSI)

Regulation

Scientific standing – the key roles of expertise

Incident Response

Start-up security for Windows servers