Client rollout you can do it yourself by using unattended setup through the network. The only thing that can be a problem is the number of different hardware types. But I believe the you can easily simply the installations and standardize them easily (which is a good thing I believe). A benefit is in case of reinstallation. In the beginning it's a bit searching your way, but once you get hold on the process, it's quiet fun to set up :-)
But you will need another solution for the deployment of patches etc. which comes afterwards when the clients are already in production, but I believe that you can find one which meets your requirements etc. very easy ;-) Regards, Bart >-----Original Message----- >From: Creamer, Mark [mailto:[EMAIL PROTECTED] >Sent: Thursday, September 30, 2004 08:55 PM >To: [EMAIL PROTECTED] >Subject: RE: [ActiveDir] OT:spyware > >Yes, but have you *met* your son yet? > > > ><mc> > > _____ > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >Kern, Tom >Sent: Thursday, September 30, 2004 4:41 PM >To: [EMAIL PROTECTED] >Subject: RE: [ActiveDir] OT:spyware > > > >I exaggerate a bit. > > > >I have a staff of 3 to do basic help desk for 400 users here in NYC and another 100 >upstate. > >i'm the only one who supports server side stuff- >AD,Exchange,AV,Firewall,Routers/switches,DR >testing,blackberry,etc. and help desk if the other 3 are too busy. > >so its not as bad as it seems. > >I had enough time to get married and have a 18 month old boy :) > > > >Thanks for all your help. you guys are great. > > -----Original Message----- > From: Dan DeStefano [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 30, 2004 3:21 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT:spyware > > We do not use RIS. > > Ghost is not just for client deployments. It can be used to roll out/roll back > patches, >software packages, backup user files/settings, etc, etc. And for a single admin in a >400-user >environment I believe this is a near necessity. Are you really the only admin in a >400-user >environment? Do you have any help at all? How do you have any time for a personal >life? > > > > _________________________ > > > > Daniel DeStefano > > PC Support Specialist > > > > IAG Research > > 345 Park Avenue South, 12th Floor > > New York, NY 10010 > > T. 212.871.5262 > > F212.871.5300 > > > > www.iagr.net <http://www.iagr.net/> > > Measuring Ad Effectiveness on Television > > > > The information contained in this communication is confidential, may be > privileged and is >intended for the exclusive use of the above named addressee(s). If you are not the >intended >recipient(s), you are expressly prohibited from copying, distributing, disseminating, >or in any other >way using any of the information contained within this communication. If you have >received this >communication in error, please contact the sender by telephone 212.871.5262 or by >response via e-mail. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Behalf Of Kern, Tom > Sent: Thursday, September 30, 2004 11:01 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT:spyware > > We don't push out enough clients to merit ghost. About 5-10 a month. > > We just get the preinstalled os with HP and run thru the mini setup > and install >AV,Office,patch,etc. > > > > Do you think ghost would be better in this environment? > > > > Do you guys use RIS at all? > > > > > _____ > > > From: Dan DeStefano [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 30, 2004 9:40 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT:spyware > > > > For the last part, have you thought about desktop imaging using a > product such as >Symantec Ghost or Altiris Client Management Suite? Then you could create standard >desktop images for >your clients. Then you could implement folder redirection to redirect users' My >Documents folders to >their home folders on the network and, if you want, enable roaming profiles so that >user profiles are >stored on a server. Then configure the NTFS permissions on the client machines so >that the only place >locally that users can write to would be their user profile directory (users would >obviously need to >be restricted users on the local machines, not administrators). This would make the >data on the client >machines expendible, so if you have an outbreak and the machine gets totally borked, >you could simply >re-image it. There are other aspects to this as well - if the user's roaming profile >or home folder is >infected you would have to clean it, but that can be done from your workstation and >you wouldn't have >to visit every machine. > > > > Just an idea > > > > _________________________ > > > > Daniel DeStefano > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Behalf Of Kern, Tom > Sent: Wednesday, September 29, 2004 5:52 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT:spyware > > As re: Symantec, a lot of the viruses I've been getting lately > have been >viruses that are over a year old and defs have been out for awhile so I'm puzzled as >to why I keep >getting infected. > > > > The spyware/adware I think may be virus related and not web > "push" related, >but I'm not positive. > > > > When you say "policy", you are referring to locking down > desktops or a written >set of standards provided by IT or upper management? > > > > Its diffcult for me to block web sites on content as I work > for a large liquor >distribution firm where many sales reps and managers have to go to bar/club or liquor >sites that have >content which result in a lot of false positives for me. > > > > Finally, we have over 400 users and if I really had a large > outbreak(100+ >pc's), I really don't know how I would take care of it. I'm the only admin and going >to each pc to >clean individually would be insane. > > How would I take care of that? > > Its thoughts like that which keep me up at night... > > > > Thanks > > > > > > > > > _____ > > > From: Mulnick, Al [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 29, 2004 5:29 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT:spyware > > > > There are examples out there of viruses elevating privileges > if that's what >you're asking. The goal of virus defense is to limit the impact not necessarily >prevent every single >infection. Things happen and you have to either decide to limit the amount of damage >a virus or >errant user or hacker, etc can do or you have to bet that you are catching everything >before it >happens. > > > > Not only in your experience, but logically, you cannot prevent > everything. >Virus defs lag exploits because one has to exist before the other. Turns out the >virus usually exists >before the def does, right? > > > > Your spyware problem is different. It could be a lot of > things, or it could >be that this is a symptom of a larger issue. Can't quite tell from the thread >information so far. > > > > Typical antivirus strategy has been to go after the "four > sectors" file and >print, smtp, desktops, and mail groupware servers. The web adds another sector to go >after and >changes the paradigm from a pull to a push type of flow. The users actively go after >content vs. >having it sent to them. > > > > Spyware may is not all bad though, right? Some of it is > undesirable such as >tracking cookies etc. Some of it leads to malware and really sucks to get rid of. >Ask any IT person >with a non-tech teenage neighbor ;) > > > > Best bet is to start with a policy and work back from there to > a strategy and >then to an execution plan. If your current strategy isn't working, it might be worth >it to revisit the >planning and then design the solution and deploy it to meet those requirements and >direction. Why not >just jump to action? I say this because you may be able to treat the symptoms now, >but you'll just be >waiting for the next one with no clear reaction plan or alternatives when it hits. > > > > My $0.02 anyway. > > > > > > > > > _____ > > > From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Wednesday, September 29, 2004 5:16 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT:spyware > > When a user gets a virus, that virus will execute under that > user's security >context. So a regular user should NOT have a virus write to those keys. > > True? > > > > Or can a virus somehow get localsystem access? > > > > Thanks > > > > As to Symantec, I know this is not the forum for this, but I'm > pretty much at >my limit with their products. I get infected by viruses that came out a year or 6 >months ago AND all >our definitions are up to date. > > I could chalk it up to my fault as an admin, if someone could > just explain to >me how I can be infected by a virus I already have the defs for. > > I assume the real time auto protect service is made to start > BEFORE any virus >or worm does. > > Oh well. End of rant. > > > > > > > > > _____ > > > From: Dan DeStefano [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 29, 2004 5:00 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT:spyware > > > > Remember that Ad-Aware can only be legally used in > non-commercial >environments. Spybot S&D and Spyware Blaster are both free to both home and corporate >users, so I >usually use these instead of Ad-Aware. > > Regular users should not be able to write to the >hklm\software\microsoft\windows\current version\run key unless you have changed the >key's permissions. > > > > > > Daniel DeStefano > > > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom > Sent: Wednesday, September 29, 2004 4:14 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] OT:spyware > > Lately I my users have been plagued with spyware and > adware. What do >you guys do to fight this? > > Can Spybot be pushed out as an msi via a gpo? Or > ad-aware? > > Should I set the killbit on all the local active x > controls? > > Should I prevent active x and javascripting in IE thru > a gpo? > > > > I'm running win2k/xp clients, but mostly win2k. > > > > Finally, when you get a worm or a virus that writes to > the >hklm\software\microsoft\windows\currentversion\run key, does the worm/virus run under >the user's >security context? > > Meaning, if the user is just a local user and thus has > no privileges >to write to those keys, shouldn't the worm or virus not be able to as well? > > > > Thanks and sorry for the deluge of questions, OT as > they are. > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
