Thanks for that pointer. I might be making some nominations..... I have done lots of hacking of registry etc, but at some point you have to cut your losses. I think when before we started the lock down there were about 3,500 PC's with local admin rights. We are now down to between 20 and 30. This is less than 1% of our PCs. Its now a managable problem and its under control. From being our number one problem its gone down to being below (well almost below) the radar.
Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: 15 September 2006 14:53 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Protecting against Spyware/Adware www.threatcode.com ....and those business critical apps are? Have you tried hacking up the registry to get them to work? Dave Wade wrote: > Chris, > I guess I have three "comments" on this:- > 1) Putting user in "Power users" does "cut down on the potential", > however even on a properly configured machine users can usually > install personal browser extensions containing SpyWare. > 2) Spy ware hangs around for a long time. Our users used to have admin > rights so there is a lot of "legacy" spyware around > 3) We still have business critical applications that won't run without > admin rights. Often these are tightly integrated in a large suite of > applications, e.g. the Call Centre management suit, so we still have > some machines where users have admin rights. I know this sucks but > there is certainly no cash available to replace these apps.... > Dave. > > ---------------------------------------------------------------------- > -- > *From:* [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] *On Behalf Of *Chris > Pohlschneider > *Sent:* 14 September 2006 20:15 > *To:* ActiveDir@mail.activedir.org > *Subject:* RE: [ActiveDir] OT: Protecting against Spyware/Adware > > I have not done a lot of research on this, but if you have users in > either the power users or regular users group, won't that cut down > tremendously on the potential of getting adware/spyware? > > ---------------------------------------------------------------------- > -- > > *From:* [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] *On Behalf Of *Chinnery, > Paul > *Sent:* Thursday, September 14, 2006 11:04 AM > *To:* ActiveDir@mail.activedir.org > *Subject:* RE: [ActiveDir] OT: Protecting against Spyware/Adware > > We're using CounterSpy Enterprise from Sunbelt Software. Like you, we > have seen aperformance hit* on computers with just 128 meg of memory > but that goes away when we add more memory. The only issue I ran into, > other than performance, was it blocked a cookie that was necessary for > our payroll department. However, once I "okayed" that cookie, it was > fine. > > *According to Sunbelt, the next version is supposed to reduce the > performance impact. > > -----Original Message----- > *From:* [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of *Chris > Pohlschneider > *Sent:* Thursday, September 14, 2006 10:44 AM > *To:* ActiveDir@mail.activedir.org > *Subject:* [ActiveDir] OT: Protecting against Spyware/Adware > > Just curious what other people are using for protecting against > adware/spyware? We are using Webroot Spysweeper right now, but I > see some performance hits on computers running this software and > it does work, but it causes headaches will installing some apps > that we approve. Any suggestions are appreciated. > > Chris Pohlschneider > > Holloway Sportswear IT > > 937-494-2559 > > 937-497-7300 (Fax) > > [EMAIL PROTECTED] > > > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. As a public body, the Council may be required to > disclose this email, or any response to it, under the Freedom of > Information Act 2000, unless the information in it is covered by one > of the exemptions in the Act. > > If you receive this email in error please notify Stockport e-Services > via [EMAIL PROTECTED] and then permanently remove it from > your system. > > Thank you. > > http://www.stockport.gov.uk > ********************************************************************** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx