ACSC programs and advice are being migrated to (see sidebar)

Hardening Microsoft Windows 8.1 Update Workstations

Download ACSC Protect: Hardening Microsoft Windows 8.1 Update Workstations (PDF), January 2019
First published 2015; updated 2017, 2018 and January 2019


Workstations are often targeted by an adversary using malicious web pages, emails with malicious attachments and removable media with malicious content in an attempt to extract sensitive information. Hardening workstations is an important part of reducing this risk.

This document provides guidance on hardening workstations using Enterprise editions of Microsoft Windows 8.1 Update. Some Group Policy settings used in this document may not be available or compatible with Professional, Core or RT editions of Microsoft Windows 8.1 Update.

While this document refers to workstations, most Group Policy settings are equally applicable to servers (with the exception of domain controllers) using Microsoft Windows Server 2012 R2. The names and locations of Group Policy settings used in this document are taken from Microsoft Windows 8.1 Update; some differences may exist for earlier versions of Microsoft Windows.

Before implementing recommendations in this document, thorough testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible.

This document is intended for information technology and information security professionals within organisations looking to undertake risk assessments or vulnerability assessments as well as those wishing to develop a hardened standard operating environment for workstations.

Download ACSC Protect: Hardening Microsoft Windows 8.1 Update Workstations (PDF), January 2019

Contact details

Organisations or individuals with questions regarding this advice can contact the ACSC by emailing or calling 1300 CYBER1 (1300 292 371).

In August 2018 ACSC launched a new website,, to reflect its new organisation.

Cyber security programs and advice are being migrated to Information and advice on this site remains current.

Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

Information for Australian businesses
Information for individual Australian citizens
Information for Federal, State and Local government agencies