troubleshooting Question

Desktop security policy

Avatar of jpresto
jpresto asked on
OS Security
6 Comments1 Solution224 ViewsLast Modified:
I have a customer who's fed up with malware cleanups, and wants to lock down his computers to prevent installation of these apps.  Currently its a combination of 2000/XP machines, Trend Micro AV Corporate.

My feeling is that tweaking security settings in IE will block only a fraction of these installs. So I wanted to throw this question out there: assuming we can tolerate a pretty tight configuration (by that, I mean blocking application installs altogether, no activeX, etc), what else would you recommend to implement on business desktops?

Here's my own stab at a list:
- Configure computer for automatic updates, reboot as necessary
- Set up local policies locking down IE and computer in general (something like this: http://www.markusjansson.net/exp.html probably not as restrictive). Has anyone seen any other similar configs around?
- Set firefox as default browser (I'm not so sure about this - if I can't automatically manage firefox updates it may be as dangerous as a fully patched IE)
- Maintain antivirus

So - does anyone have an established policy set/apps (including server group policies) for their business?

Thanks - Joe
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros