TitanHQ

Top things to consider when deploying workstations

How to securely deploy workstations.

Don’t overlook the importance of making sure your workstations are as secure as possible. Here is a list of the top things to consider when deploying workstations.

1. Workstation List

Keep a list of all workstations, just like the server list, that includes who the workstation was issued to and when its lease is up or it’s reached the end of its depreciation schedule. Don’t forget those service tags!

2. Assigned User

Track where your workstations are by making sure that each user’s issued hardware iskept up-to-date.

3. Naming Convention

It’s very helpful when looking at logs if a workstation is named for the user who has it. That makes it much easier to track down when something looks strange in the logs.

4. Network Configuration

You’ll probably assign IP addresses using DHCP, but you will want to make sure your scopes are correct, and use a GPO to assign any internal DNS zones that should be searched when resolving flat names. 

5. Patching

Since your users are logged on and running programs on your workstations, and accessing the Internet, they are at much higher risk than servers, so patching is even more important. Make sure all workstations are fully up-to-date before they are deployed, update your master image frequently, and ensure that all workstations are being updated by your patch management system.

6. Anti-virus

Here’s how to handle workstation antivirus: 100% coverage of all workstations; workstations check a central server for updates at least every six hours, and can download them from the vendor when they cannot reach your central server. All workstations report status to the central server, and you can push updates when needed - Easy.

7. Host Intrusion Prevention / Firewall

Consider using a host intrusion prevention or personal firewall product to provide more
defense for your workstations, especially when they are laptops that frequently connect
outside the corporate network.

8. Remore Access

Like servers, pick one remote access method and stick to it, banning all others. The more ways to get into a workstation, the more ways an attacker can attempt to exploit the machine.Ensure that only authorized users can access the workstation remotely, and that they must use their unique credential, instead of some common admin/password combination.

 
9. Power Saving

Consider deploying power saving settings through GPO to help extend the life of your hardware, and save on the utility bill. Make sure that you have Wake-On-LAN compatible network cards so you can deploy patches after hours if necessary.

10. Domain Joined

All workstations should be domain joined so you can centrally administer them with unique credentials.

11. Administrator Account renamed and password set

Use a script to create random passwords, and store them securely where they can be retrieved in an emergency.

12. Local Group Memberships set and permissions assigned

Set appropriate memberships in either local administrators or power users for each workstation.

13. Correct OU with appropriate policies

Organize your workstations in Organizational Units and manage them with Group Policy as much as possible to ensure consistent management and configuration.

14. Confirm it's reporting to managment consoles

Validate that each workstation reports to your antivirus, patch management and any other consoles before you turn it over to the user, and then audit frequently to ensure all workstations report

15. Backup / Restores

You probably won’t perform regular full backups of your workstations, but consider folder redirection or Internet based backups to protect critical user data.

16. Local Encryption

There is no excuse for letting any laptop or portable drive out of the physical confines of the office without encryption in place to protect confidential data. Whether you use Bitlocker, TrueCrypt, or hardware encryption, make is mandatory that all drives are encrypted.

17. Vulnerability Scan

Perform regular vulnerability scans of a random sample of your workstations to help ensure your workstations are up to date. These server deployment tips will go a long way in helping you secure your servers
against all threats. Good luck in your continued fight to protect your company’s network from attack!

Interested in learning more? Get our free guide on how to Prevent IP blacklisting. Download now

Sign up for a free SpamTitan  trial here.

Get Your 30 Day FREE Trial
TitanHQ

Talk to Our Email and DNS Security Team

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us