Skip to main content



How can we help you?


Druva Documentation

Hardening steps for inSync server storage node running on Windows 2008 R2

Heads up!

We've transitioned to a new documentation portal to serve you better. Access the latest content by clicking here.


This article applies to:

  • OS: Windows 2008 R2
  • Product edition: inSync On-Premises

This procedure provides the hardening steps for inSync server storage node running on Windows 2008 R2.


Druva inSync Server Hardening steps for inSync Master/storage Node running on 2008 R2:

  1. Log on to the server as an Administrator and launch the Server Manager console.
  2. Click Run Security Configuration Wizard link present under Security Information.

  3. Click Next on the welcome page of the Security Configuration Wizard. 

  4. Select Create a new security policy on the Configuration Action page.

  5. Retain the existing server and click Next.

  6. Click Next when the Processing Security Configuration Database page displays Processing complete.
  7. On Role-Based Service Configuration page, click Next.

  8. Ensure Remote SCW configuration and Analysis role are selected and clear the rest, then click Next.
    Remote SCW Configuration and analysis role is required only when you want to manage the Security configuration centrally/remotely.

  9.  On the Select Client Features page, select the following and click Next.
    • Background Intelligent Transfer Service
    • DNS Client
    • Microsoft Networking Client
    • Time Synchronisation
    • Windows Update

  10. On the Select Administration and Other Options page, select the following and clear the remaining options.
    • Local Application Installation
    • Microsoft Fibre Channel Platform Registration Service (Required only if any system disk/volumes are FC based)
    • Microsoft iSCSI Initiator Service (Required only if any system disk/volumes are iSCSI based)

  11. On the Select Additional Services page, select the following checked and clear the remaining.
    • On inSync Master
      • Druva inSync Master Config Server
      • Druva inSync Master Control Panel
      • Druva inSync Master Sync Server
      • Performance Counter DLL Host
      • Power

    • On Storage Node:
      • Druva inSync Storage Node
      • Performance Counter DLL Host
      • Power
  12. On the Handling Unspecified Services page, select Disable the service and click Next.

  13. Click Next on the Confirm Service Changes page.

  14. Click Next on the Network Security page.
  15. Select the following rules and clear the rest on the Network Security Rules page.
    • Core Networking – DNS (UDP-Out)
    • Core Networking – IPHTTPS (TCP-In)
    • Core Networking – IPHTTPS (TCP-Out)
    • File and Printer Sharing (SMB-Out)
  16. Click Add and add the rules to allow incoming TCP for Backup/Sync port (e.g.2081) and Admin UI port (e.g. 2088) on all connections.
  17. Click Add again and add the rule allow ICMP (ping) only from inSync Master and click Next.
  18. Select the Skip this section on the Registry Settings page and click Next.

  19. Select Skip this section on the Audit Policy page and click Next.

  20. Click Next on the Save Security Policy page.
  21. On Security Policy File Name page:
    1. Click Browse.
    2. Enter the policy name as DruvaHardening and click Save.
    3. Click Next.

  22. Select Apply Now and click Next.

  23. After the application is complete, click Next on the Applying Security Policy page. 

  24. Click Finish and restart the server.