While many of the strategies for hardening computers apply to all computers, some are especially important for workstations. In general, workstation computers act as clients, and not servers. When hardening workstation computers, one of the main goals is to ensure the computer maintains a clean identity and doesn’t attempt to violate your security policy.

One of the more common issues with workstation computers is malware. Since workstations tend to connect to many Internet resources and run many software programs, they run into malware frequently. Removing malware is often far more difficult than preventing it. Ensure that every workstation computer has up-to-date anti-malware software installed and that its database of known malware is up to date as well.

In addition to ensuring workstations are protected from malware, it is important to mitigate as many other vulnerabilities as possible. Most workstation installations add many unneeded programs and services. And no single program effectively analyzes a workstation’s role and recommends changes to make it more secure. Review all running services and programs and disable the ones you don’t need. Likewise, review the Windows Firewall settings to only allow network traffic for the services and applications your workstations really need.