Workstation Configuration Policy

Version: 1.00Issue Date: 12/23/2014

This Workstation Configuration Policy is required to provide basic standards for workstations to keep them secure. The use of this policy will help prevent security incidents, compromise of data, and possible damage to the organization.

1.0 Overview

Workstation Security is a very important part of organizational computer security since workstations are normally located in a more trusted area of the network and individuals may use them to examine or modify sensitive data.

2.0 Purpose

This Workstation Configuration Policy is intended to provide basic and minimum standards of configuration and control for workstations. This Workstation Configuration Policy defines workstation standard configurations for deployment in the organization.

3.0 Scope

This Workstation Configuration Policy applies to all workstations owned by the organization or on organizational premises. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Other Policies

Policies related to this policy and that must be followed include:

  • Account Management Policy - Any local accounts must be created according to this policy. Normally, the user will use their network account to access the local system.
  • Approved Application Policy - All applications must be approved as per this policy before being installed on any workstation.
  • Asset Control Policy - All workstations must be tracked according to this policy.
  • Audit Trail Policy - Audit logs on workstations must be configured according to this policy.
  • Browser Configuration Policy - Specifies allowed internet browser configuration settings.
  • Equipment and Media Disposal Policy - When disposed of, workstations must be disposed of according to this policy.
  • Software Licensing Policy - Licensing must be legal and tracked to ensure legality.
  • Software Tracking Policy - All software must be tracked and logged.
  • Computer Naming Policy - Workstations must be names as specified in this policy.
  • Patch Management Policy - All workstations must have patches applied in a timely manner
  • Virus Protection Policy - All workstations must operate with current anti-virus protection and virus definition libraries must be current.
  • Logon Banner Policy - Workstations must display the required logon banner at the time of user logon.
  • Security Incident Response Policy - The Incident Response Policy must be followed to be sure incidents are quickly concluded and cannot re-occur.

5.0 Requirements

  • Workstations shall only operate operating systems that are approved by the organization according to the Approved Application Policy.
  • Workstations shall only operate programs that are approved by the organization according to the Approved Application Policy.
  • Operating systems shall be updated on a regular basis to keep workstations up to date with the latest approved versions of operating systems. The updating of systems may be phased according to budgeting and as equipment ages and is replaced so long as security is not compromised. All operating systems must be supported by the vendor.
  • Users shall not have administrative rights to the workstation unless need dictates the necessity. Rights shall be limited to the minimum required to perform the job function.
  • User access to the control panel, administrative tools, items in the start menu, and the system registry shall be limited according to the workstation configuration procedure.
  • The system shall be configured to show file extensions for known file types so users can see the file types they are opening and are less likely to be tricked into opening executable files when they think they are opening text files.

6.0 Enforcement

Since workstation security is a very important part of organizational computer security, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

7.0 Other Requirements

  • Create a workstation configuration procedure detailing the access normal users may have to the control panel, administrative tools, start menu items, and the system registry. The procesure should also specify hardening and services that should be turned off unless a specific need for them exists.
  • Refer to the Asset Control Policy for requirements for putting equipment into service.


Approved by:__________________________ Signature:_____________________ Date:_______________