Windows Server Hardening
As a best practice, we recommend using the Microsoft security baseline and CIS benchmarks for secure configuration of ICM servers. Use the latest Microsoft security baseline and Level 1 CIS benchmark profile to lower the attack surface without impacting the functionality and performance.
Apply the security policy in the form of Group Policy Object (GPO) into a separate Organizational Unit(OU) that contains ICM servers. Name the OU as Cisco_ICM_Servers (or a similar clearly identifiable name) and ensure to name these servers in accordance with your corporate policy.
After applying the security policy at the OU level, block any differing policies from being inherited at the Unified ICM/Unified Contact Center Enterprise Servers OU. You can override a blocking inheritance, a configuration option at the OU object level, by selecting the Enforced/No Override option at a higher hierarchy level. The application of group policies must follow a thought-out design that starts with the most common denominator. These group policies must be restrictive at the appropriate level in the hierarchy.