Use this as a weekly or monthly baseline review.
- Enable MFA for all interactive users
- Restrict local admin membership
- Disable legacy protocols where possible
- Enable audit policy for process/account changes
- Validate EDR health checks
- Rotate privileged credentials on schedule
- Disable unused identities
- Validate backup + restore process
- Patch critical vulnerabilities first
- Keep an evidence folder with exports
Get-LocalGroupMember -Group "Administrators" | Export-Csv .\local_admins.csv -NoTypeInformation