Experts are always suggesting to configure a server by best practices. This application will keep an eye to check vulnerabilities, unused open ports which are suspicious and should be blocked. It also tells us if there is any vulnerabilities setup issue with any particular roles that we have installed on our Server and gives us results in the form of information, warning and errors.

There are two ways to run Best practices on Windows Servers.

1. GUI base
2. Powershell scripts

Method 1  GUI Base

By running Best Practice Analyser GUI is quite simple and here you can see steps to run it. First go to Server Manager  > Local Server > Tasks > Start BPA Scan

The results will show like below:

We can filter to see only Warning and Errors. We can review errors and warnings one by one and Microsoft suggests articles to resolve issue.

Method 2 PowerShell

By using Powershell commands we can generate report easily in CSV format and review.

Run Powershell as Administrator

Run below commands one by one

Import-Module BestPractices

Invoke-BPAModel Microsoft/Windows/DirectoryServices

Get-bparesult Microsoft/Windows/DirectoryServices | ConvertTo-CSV | set-content “C:\BPA_Report.csv”