For Terminal Servers or Citrix servers, websites don't run as admins, users run as admins. Actually, users should, in theory, NEVER run as an admin on these types of servers. I wrote an article on how to do a basic Terminal Server/Citrix Server lockdown group policy. You can find it at http://www.dabcc.com/Webster . Every environment is different but my article should give you a good starting off point to either create a GPO or to compare your current GPO against.
Webster From: justino garcia [mailto:[email protected]] Subject: Re: how to clean (malware) from a rooted terminal server? OH now they want proof before rebulding that it has malware (more over a rootkit), so that if it does then we do rebulid. Also how would I setup GPO policy or a policy were one website paragon should be the only website to run in administrator mode. On Thu, Apr 15, 2010 at 5:58 PM, justino garcia <[email protected]> wrote: Thanks people, I hope this suggestion are heard, issue is they have avast until feb 2012, but let see. Also can I have my policy master server For viper (which I have customer on, but with enterprise 4.0), also have both a mix of enterprise 4.0 and premium 4.0??? On Thu, Apr 15, 2010 at 5:51 PM, Sherry Abercrombie <[email protected]> wrote: And then lock it down tighter. A user had to have downloaded something that caused this. We do not allow that on our Citrix servers. On Thu, Apr 15, 2010 at 4:47 PM, Ben Scott <[email protected]> wrote: On Thu, Apr 15, 2010 at 5:39 PM, justino garcia <[email protected]> wrote: > how to clean a rooted terminal server? Boot from trusted media, copy off anything you want to save. Then erase all hard disks, and reinstall the operating system and all software from scratch. Once an attacker has gained system privilege on your computer, it's not your computer anymore. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
