Discuss some hardening techniques or products you have used for Workstations
List any observations, tips or questions about this lab that would prove helpful to fellow students prior to midnight on Wednesday and comment on other student posts with value added comments (not simply agreeing) by midnight Sunday for full credit consideration.
Based on the nature of a typical workstation hardening lab (which often involves policy configuration and testing), here are some helpful notes for fellow students:
Group Policy Processing Order is Key: If you are using a lab environment with Active Directory, remember that Local Policy < Site < Domain < OU (LSDOU) determines the final settings. If a hardening setting you apply at the local level isn't taking effect, check to see if a more restrictive or conflicting policy is being applied via a higher-level Group Policy Object (GPO). Run gpresult /r in the command line to confirm which GPOs are being applied.
Test the Least Privilege Principle Early: One of the most common pitfalls is locking yourself out. When implementing PoLP, do not log out of your administrative account until you have successfully tested the ability to perform necessary tasks (like running updates or approved software installations) using the standard user account.
AppLocker/Whitelisting Requires Auditing: If the lab involves Application Whitelisting (e.g., AppLocker), start in Audit Mode first. This allows the system to log what would have been blocked without actually enforcing the rule. This step is critical for identifying and adding necessary executables and scripts that might otherwise break the OS or core applications.
Workstation hardening involves securing computing devices to make them resistant to attacks and unauthorized access. This goes beyond standard antivirus and focuses on minimizing the attack surface.
I've used a combination of policy-based techniques (Group Policy/Scripting) and specific security products to harden workstations: