Re: Virus recovery strategies?

"njem" <> wrote in message
news:741ae05d-6d71-4526-87a6-...
> I deal with small businesses, from a server and a dozen stations down
> to one pc. Viruses are getting nastier, getting past assorted
> protections, not getting removed easily. I'm doing more wiping and
> starting over. So I'm brainstorming strategies and wondering what
> folks here think. One strategy would be to put something like
> DeepFreeze on the PCs. (What that is and context of my situation given
> below.) Then when infections come I can recover quickly. Of course
> that takes a little more management; turning off the "freeze" when
> updates are applied, being sure there's no infection before doing that
> and updating the frozen image. Another strategy that combines with
> saving hardware money is to set workers to do more work via terminal
> service right off a server. There are also products for just a
> keyboard, mouse, video box so you can have many stations off one
> server or PC. That might be cheaper hardware (though the host has to
> be up to it) and simplify administration, but when it gets infected
> then everyone is down until it's fixed.
>

Deploy Windows 7 via MDT. This can be done from a USB stick in small
networks. Keep the user data on a server that is locked down and never used
as a workstation. Only allow users to have standard user accounts. If a PC
gets infected it's usually limited to the account that was running at the
time if the account is a standard user. Usually you can logon with an
administrator account, wipe that account out and the infection is gone.
Re-create the account, the data is on the server so you're done. If the
malware does escape from the user account wipe the machine and redeploy from
the USB stick. Deploying win7 with a few apps in the image only takes about
half an hour plus whatever time to download updates. If you update the image
once in a while getting the updates isn't too bad.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

I usually just redirect My Documents to save space on the server. As these
are work computers I tell them pictures and music are at their own risk and
may be lost at any time. If they have pictures they need for business use I
tell them to save to a shared folder on the server set up for this purpose.
That way you can monitor the folder, set quotas, etc. If you use .pst files
then you can move them to My Documents.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/


"njem" <> wrote in message
news:a3cf8088-30f0-4376-90aa-...
> On Mar 8, 11:07 pm, "Kerry Brown" <ke...@kdbNOSPAMsys-tems.c*a*m>
> wrote:
>>
>> Deploy Windows 7 via MDT. This can be done from a USB stick in small
>> networks. Keep the user data on a server that is locked down and never
>> used
>> as a workstation. Only allow users to have standard user accounts. If a
>> PC
>> gets infected it's usually limited to the account that was running at the
>> time if the account is a standard user. Usually you can logon with an
>> administrator account, wipe that account out and the infection is gone.
>> Re-create the account, the data is on the server so you're done. If the
>> malware does escape from the user account wipe the machine and redeploy
>> from
>> the USB stick. Deploying win7 with a few apps in the image only takes
>> about
>> half an hour plus whatever time to download updates. If you update the
>> image
>> once in a while getting the updates isn't too bad.
>>
>
> I like the idea of being able to delete the user account (and profile)
> and get rid of some viruses.
>
> On that note I assume the safe way to keep user data on a server is to
> redirect just Documents and related folders (Pictures), maybe
> contacts, desktop, and favorites, and if it's local outlook then
> outlook would need to be directed to keep its PST files on the server.
> The rest of the profile you don't want on the server. (In small
> installations there isn't much need for roaming profiles.) Especially
> since you want to be able to delete the profile separate from user
> data.