Skip to main content

5.5 Workstations & Endpoints

5.5 Workstations & Endpoints

  • Configuration Standards:

    • a. Disable Windows Management Instrumentation (WMI), PowerShell, and Secure Shell (SSH) on workstations. SSH may be temporarily enabled by a DTC technician for troubleshooting and disabled upon task completion.

    • b. Disable PowerShell Remoting on servers.

    • c. Enable SSH on servers for secure remote management.

  • Security Agents:

    • d. Deploy Managed Detection and Response (MDR) or Endpoint Detection and Response (EDR) agents.

    • e. Install VPN clients where applicable.

    • f. Deploy DNS content filtering agents on laptops.

  • User Lockout Policy:

    • g. Trigger a 5-minute lockout period after 10 failed login attempts.

  • Screen Lock Policy:

    • h. Activate screen lock after 12 hours of inactivity.

  • Software Maintenance:

    • i. Deploy operating system patches according to the [Patch Schedule Link].

    • j. Install drivers as per the [Driver Schedule Link].

    • k. Deploy essential third-party applications following the [Essential Apps Schedule Link].

    • l. Install Line of Business (LOB) applications according to the [LOB Apps Schedule Link].

Technical Controls:

Control ID Description Tools/Methods
a Disable WMI, PowerShell, and SSH on workstations; enable SSH temporarily for troubleshooting. DTC's RMM, Microsoft Windows PowerShell, SOP
b Disable PowerShell Remoting on servers. DTC's RMM
c Enable SSH on servers for secure remote management. DTC's RMM
d Deploy MDR/EDR agents on endpoints. DTC's RMM, Blackpoint SNAP Agent
e Install VPN clients where applicable. DTC's RMM, Cloudflare WARP, ZeroTier
f Deploy DNS content filtering agents on laptops. DTC's RMM, DNSFilter Roaming Agent
g Implement a 5-minute lockout after 10 failed login attempts. DTC's RMM
h Activate screen lock after 12 hours of inactivity. DTC's RMM
i Deploy operating system patches as per schedule. DTC's RMM, SOP
j Install drivers according to the deployment schedule. DTC's RMM, SOP
k Deploy essential third-party applications per schedule. DTC's RMM, SOP
l Install Line of Business (LOB) applications as scheduled. DTC's RMM, SOP
Back to top