Workstations are often targeted by adversaries using malicious websites, emails or removable media in an attempt to extract sensitive information.
The Australian Cyber Security Centre (ACSC) has produced updated guidance to help information technology managers securely configure workstations (and similar devices) running Microsoft Windows operating systems.
The advice Hardening Microsoft Windows 10 version 1909 Workstations provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10 version 1909. Before implementing recommendations in this document, thorough testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible.
While the advice refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server version 1909 or Microsoft Windows Server 2019.
Security features discussed in the guidance, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 10 version 1909 – some differences will exist for earlier versions of Microsoft Windows 10.
The ACSC recommends information technology managers apply this guidance as hardening workstations is an important part of reducing cyber security risks.