We were hit with a actor locker variant that installed under the user profile, without admin rights. Had the person been logged on all of our network drives would have been encrypted. Staying logged in without actually doing work at a workstation is a worst practice.
On Friday, March 6, 2015, David McSpadden <[email protected]> wrote: > Agreed. > > I have some that leave them on overnight. > > I have some that multiple users use during a day. > > Just wanting to make sure this folder is empty at start for each user. > > > > > > *From:* [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');> [mailto: > [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>] *On > Behalf Of *Jonathan Link > *Sent:* Friday, March 06, 2015 8:49 AM > *To:* [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');> > *Subject:* Re: [NTSysADM] logon script > > > > And, users shouldn't stay logged on for extended periods, in any event. > That's just a bad idea in a lot of ways. > > > > On Fri, Mar 6, 2015 at 8:42 AM, Micheal Espinola Jr < > [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > > If its a logon script, it will only run if its actually a logon event - > not a switch active user event. > > > -- > Espi > > > > > > On Fri, Mar 6, 2015 at 5:31 AM, David McSpadden <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > > I have a GP (ad 2012) that states everytime a computer is turned on delete > all files from folder X. > > That is working. > > I have been asked to also create a GP to delete all files from folder x if > a switch user of logon event occurs. Some workstations are shared but are > required to be logged on to with the current user (no sharing of passwords). > > So my question is this. If I add a logon script to the GP with the delete > of files from folder x occur after every locked desk sign on? (We have > password protected screensavers that come on every 15 minutes.) > > > > Thanks > > David > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > > > Please consider the environment before printing this email. > > > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > Please consider the environment before printing this email. >
