- Enact a strong password policy. You can do this from the Local Security Policy under Administrative Tools. Make your passwords complex. While you're at this step, change the administrator password and force your users to change their passwords upon their next logon.
- Audit group memberships to make sure that no one has added himself (or has the ability to add himself) to powerful groups, such as domain admins.
- Make sure your file and terminal services machines are joined to your domain so they benefit from domain-level security.
This was first published in August 2007