Configuring firewall - disable traffic on all ports except RDP.
Outbound allow only desired applications.
Users with limited accounts.
Policy software restriction.
how to protect your server from attacks from outside?
What attacks are you afraid of?
And how not to be stuck with?
The meaning of the question unclear.