DYAC. Cryptlocker. On Fri, Mar 6, 2015 at 8:55 AM, Jonathan Link <[email protected]> wrote:
> We were hit with a actor locker variant that installed under the user > profile, without admin rights. Had the person been logged on all of our > network drives would have been encrypted. Staying logged in without > actually doing work at a workstation is a worst practice. > > On Friday, March 6, 2015, David McSpadden <[email protected]> wrote: > >> Agreed. >> >> I have some that leave them on overnight. >> >> I have some that multiple users use during a day. >> >> Just wanting to make sure this folder is empty at start for each user. >> >> >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Jonathan Link >> *Sent:* Friday, March 06, 2015 8:49 AM >> *To:* [email protected] >> *Subject:* Re: [NTSysADM] logon script >> >> >> >> And, users shouldn't stay logged on for extended periods, in any event. >> That's just a bad idea in a lot of ways. >> >> >> >> On Fri, Mar 6, 2015 at 8:42 AM, Micheal Espinola Jr < >> [email protected]> wrote: >> >> If its a logon script, it will only run if its actually a logon event - >> not a switch active user event. >> >> >> -- >> Espi >> >> >> >> >> >> On Fri, Mar 6, 2015 at 5:31 AM, David McSpadden <[email protected]> wrote: >> >> I have a GP (ad 2012) that states everytime a computer is turned on >> delete all files from folder X. >> >> That is working. >> >> I have been asked to also create a GP to delete all files from folder x >> if a switch user of logon event occurs. Some workstations are shared but >> are required to be logged on to with the current user (no sharing of >> passwords). >> >> So my question is this. If I add a logon script to the GP with the >> delete of files from folder x occur after every locked desk sign on? (We >> have password protected screensavers that come on every 15 minutes.) >> >> >> >> Thanks >> >> David >> >> This e-mail and any files transmitted with it are property of Indiana >> Members Credit Union, are confidential, and are intended solely for the use >> of the individual or entity to whom this e-mail is addressed. If you are >> not one of the named recipient(s) or otherwise have reason to believe that >> you have received this message in error, please notify the sender and >> delete this message immediately from your computer. Any other use, >> retention, dissemination, forwarding, printing, or copying of this email is >> strictly prohibited. >> >> >> >> Please consider the environment before printing this email. >> >> >> >> >> >> This e-mail and any files transmitted with it are property of Indiana >> Members Credit Union, are confidential, and are intended solely for the use >> of the individual or entity to whom this e-mail is addressed. If you are >> not one of the named recipient(s) or otherwise have reason to believe that >> you have received this message in error, please notify the sender and >> delete this message immediately from your computer. Any other use, >> retention, dissemination, forwarding, printing, or copying of this email is >> strictly prohibited. >> >> Please consider the environment before printing this email. >> >
