Hardening Microsoft Windows 8.1 Update Workstations

Download ASD Protect Hardening Microsoft Windows 8.1 Update Workstations (820K PDF), May 2017
First published July 2015; second edition December 2016, third edition May 2017


Workstations are often targeted by an adversary using malicious webpages, emails with malicious attachments and removable media with malicious content in an attempt to extract sensitive information. Hardening the operating environments of workstations is an important part of reducing this risk.

This document provides guidance on hardening Enterprise editions of Microsoft Windows 8.1 Update operating environments. Some Group Policy settings used in this document may not be available or compatible with Professional, Core or RT editions of Microsoft Windows 8.1 Update.

While this document refers to workstations, most Group Policy settings are equally applicable to servers using Microsoft Server 2012 R2. The names and locations of Group Policy settings used in this document are taken from Microsoft Windows 8.1 Update; some differences may exist for earlier versions of Microsoft Windows.

Before implementing recommendations in this document, thorough testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible.

This document is intended for information technology and information security professionals within organisations looking to undertake risk assessments or vulnerability assessments as well as those wishing to develop a hardened Standard Operating Environment for workstations.

Table of contents


Australian government customers with questions regarding this advice can contact ASD Advice and Assistance.

Australian businesses and other private sector organisations seeking further information should contact CERT Australia.