Exercise Core Function
In this exercise, I focused on hardening a standalone Windows 10 workstation using the Local Group Policy Editor. The goal was to define session lock policies to automatically lock the machine after inactivity, preventing unauthorized access and reducing security risks. The key configuration involved setting the Interactive logon: Machine inactivity limit to 15 seconds.
What I Studied
The lab involved navigating the Local Group Policy Editor to apply session lock settings:
- Using
gpedit.mscto configure the machine inactivity limit - Running
gpupdate /forceto immediately apply policy changes - Verifying functionality by leaving the system idle for 15 seconds
Key concepts reinforced include endpoint hardening, access control, and policy-based security enforcement.
What I Learned
Key observations and lessons from this exercise:
- Hands-on GPO configuration builds practical skills in endpoint security
- Immediate verification confirms policy effectiveness
- Even small policies significantly reduce exposure to unauthorized access
Why It Matters
Enforcing session locks is critical for enterprise security and compliance:
- Reduces risk of unauthorized access to unattended systems
- Supports operational security best practices
- Reinforces the importance of defense-in-depth measures at the endpoint
How It Maps to the Job/Framework
- NICE (PR.PT-001 / Protect and Defend roles): Improves endpoint policy enforcement and operational security
- ASD Cyber Skills Framework – Secure Configuration Management: Demonstrates practical application of endpoint hardening techniques
Key Takeaways
- Local Group Policy allows precise control over session behavior without Active Directory
- Automatic session locks reduce the window for unauthorized access
- Hands-on configuration reinforces real-world endpoint security skills
- Small, simple policies can have a large impact on overall security posture
See my report below for a complete technical summary and validation of this lab exercise: