Windows Server Hardening
As a best practice, we recommend using the Microsoft security baseline and CIS benchmarks for secure configuration of ICM servers. Use the latest Microsoft security baseline and Level 1 CIS benchmark profile to lower the attack surface without impacting the functionality and performance.
Apply the security policy in the form of Group Policy Object (GPO) into a separate Organizational Unit(OU) that contains ICM servers. Name the OU as Cisco_ICM_Servers (or a similar clearly identifiable name) and ensure to name these servers in accordance with your corporate policy.
![](/c/dam/en/us/td/i/300001-400000/340001-350000/340001-341000/340643.jpg)
After applying the security policy at the OU level, block any differing policies from being inherited at the Unified ICM/Unified Contact Center Enterprise Servers OU. You can override a blocking inheritance, a configuration option at the OU object level, by selecting the Enforced/No Override option at a higher hierarchy level. The application of group policies must follow a thought-out design that starts with the most common denominator. These group policies must be restrictive at the appropriate level in the hierarchy.