This short document outlines some steps which can be performed on an Lync 2010 environment if you wish to do some environment hardening.
General Windows Hardening:
- Disable NTFS 8 Dot 3
- Disable COM, LTP and Floppy
- Disable NetBIOS
- Windows Hardening: Disable the Print Spooler Service
- Make sure you are using Microsoft Updates rather Windows Updates
- Disable the “X-AspNet-Version” header
- Upgrade Diffie-Hellman Prime to 2048 bit as explained here.
- Enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP (see here)
- Disable the “WinHTTP Web Proxy Auto-Discovery Service” service and set any needed proxy by hand