Hello,
It is always recommended to use following basic securities in windows VPS or a
dedicated server :
1) Create a new user as an administrator and then disable Administrator user. Set strong password to all users like Admin, Administrator or any user having Administrator privileges.
2) Change RDP port.
3) Setup IP restrictions to login to RDP using Windows Firewall.
We have already started using Random (strong) passwords to all windows or Linux VPS or dedicate server setups.
We can't implement these securities while server/vps setup because it is necessary to take approval from the client first.