8. What are the methods for hardening a Windows system?
- Change default RDP port (3389)
- Disallow anonymous enumeration of SAM accounts and shares
- Block registry editing tools via Group Policy
- Enable auditing: object access, directory service, system events
- Block port 445 vulnerability
- Set password‑protected screensaver
- Enforce password complexity: minimum 8 chars, max age 30 days
- Enable firewall, disable ICMP echo but allow necessary services
- Disable default administrative shares