I'm well aware of the benefits, it's my experience that they outweigh the risks. People can still RDP into workstations without the user being logged in. I do it with my computer at work all the time. If a user is done with a workstation, hopefully they close all the open apps and have saved data, because if they need to restart that workstation, for any reason, any unsaved data is going to be lost.
On Fri, Mar 6, 2015 at 8:59 AM, David McSpadden <[email protected]> wrote: > So we discussed requiring each user to logoff before a new user logging > on. > > We also discussed shutting off each before leaving out each day. > > It is still just a discussion though. > > Some work from home and they rdp into their machines so nothing is > installed on laptops or home pc’s that require Company software other than > VPN client. > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Jonathan Link > *Sent:* Friday, March 06, 2015 8:55 AM > > *To:* [email protected] > *Subject:* Re: [NTSysADM] logon script > > > > We were hit with a actor locker variant that installed under the user > profile, without admin rights. Had the person been logged on all of our > network drives would have been encrypted. Staying logged in without > actually doing work at a workstation is a worst practice. > > On Friday, March 6, 2015, David McSpadden <[email protected]> wrote: > > Agreed. > > I have some that leave them on overnight. > > I have some that multiple users use during a day. > > Just wanting to make sure this folder is empty at start for each user. > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Jonathan Link > *Sent:* Friday, March 06, 2015 8:49 AM > *To:* [email protected] > *Subject:* Re: [NTSysADM] logon script > > > > And, users shouldn't stay logged on for extended periods, in any event. > That's just a bad idea in a lot of ways. > > > > On Fri, Mar 6, 2015 at 8:42 AM, Micheal Espinola Jr < > [email protected]> wrote: > > If its a logon script, it will only run if its actually a logon event - > not a switch active user event. > > > -- > Espi > > > > > > On Fri, Mar 6, 2015 at 5:31 AM, David McSpadden <[email protected]> wrote: > > I have a GP (ad 2012) that states everytime a computer is turned on delete > all files from folder X. > > That is working. > > I have been asked to also create a GP to delete all files from folder x if > a switch user of logon event occurs. Some workstations are shared but are > required to be logged on to with the current user (no sharing of passwords). > > So my question is this. If I add a logon script to the GP with the delete > of files from folder x occur after every locked desk sign on? (We have > password protected screensavers that come on every 15 minutes.) > > > > Thanks > > David > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > > > Please consider the environment before printing this email. > > > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > > > Please consider the environment before printing this email. > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > Please consider the environment before printing this email. >
