End User Devices Security Guidance: Windows 7

Configuration guidance for the use of Windows 7 for remote working at OFFICIAL

This publication was withdrawn on

This content has been moved to the CESG website:


End User Device Security Guidance: Windows 7 (PDF Version)

This file may not be suitable for users of assistive technology.

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email Please tell us what format you need. It will help us if you say what assistive technology you use.


This guidance is for public sector organisations to follow when deploying end user devices for remote working at OFFICIAL.

Please send any feedback sent to the address

Published 23 January 2014
Last updated 11 November 2014 + show all updates
  1. Change in recommendations around VPN in line with Microsoft good practice. Modified firewall rules for Kerberos to help with DirectAccess deployment.

  2. Updated VPN recommendations following certification of Windows VPN client

  3. Group Policy settings updated to reflect feedback; Wording changes to maintain consistency across all the platforms.

  4. Minor correction in AppLocker Group Policy settings

  5. First published.