Implementing a Secure Administrator Workstation Using Device Guard

Abstract: Defenders must raise the cost for an adversary to obtain high-value domain credentials after an initial intrusion. One such way is through a dedicated administrator workstation for performing highly-privileged tasks subsequently referred to as a Secure Administrator Workstation (SAW). SAWs address credential theft techniques by limiting highly-privileged credentials to specific hardened systems. This guide will help DoD administrators configure a hardened admin workstation using Windows 10 and Device Guard.

Date Published:

Last Reviewed: 25 July 2016

Identifier: U-OO-800790-16

Creator: Vulnerability Solutions

Dissemination Control: N/A

Length: 8 page(s)

Format: pdf

Type: Guide/Plan; Configuration Guide

Tags: Windows; Device; Secure Guidance; Credential Management