Exercise Core Function
In this exercise, I focused on securely configuring Windows Remote Management (WinRM) on a standalone Windows 10 virutal machine (VM) using Local Group Policy. The goal was to enforce encrypted communication, disable weak authentication methods, and prevent storage of administrative credentials for safe remote administration.
What I Studied
The lab involved navigating the Local Group Policy Editor to apply security settings for WinRM.
Key tools and techniques applied:
- Using
gpedit.mscto configure WinRM Client and Service policies - Running
winrm quickconfigandwinrm get winrm/configto validate settings - Ensuring firewall and network profile configuration supports remote management
What I Learned
Key observations and lessons from this exercise:
- Hands-on GPO configuration builds confidence in endpoint security hardening
- Verification through PowerShell confirms policy enforcement (
[Source="GPO"]) - Network profile and firewall settings are critical for enabling remote management
Why It Matters
Securing WinRM is vital for enterprise defense and compliance:
- Prevents unauthorized access and credential exposure
- Supports baseline endpoint hardening prior to deployment
- Reinforces operational understanding of secure remote administration
How It Maps to the Job/Framework
- NICE (OM-ADM-001 / System Administration): Strengthens policy enforcement and endpoint access control
- ASD Cyber Skills Framework – Advanced Beginner: Demonstrates practical application of secure system configuration and validation
Key Takeaways
- Disable Basic and Digest authentication to eliminate cleartext credentials
- Require encrypted traffic for all remote management
- Validate applied settings through PowerShell outputs
- Local Group Policy ensures consistent and repeatable endpoint hardening
- Skills learned are directly applicable to enterprise cybersecurity operations
See my report below for a complete technical summary and validation of this lab exercise: