[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 467
  • Last Modified:

Local Admin account and Virus issue

This month has been a hard month dealing with the level of sophisticated viruses.  All of my users are Local Admins because it's easier to make changes.  We also don't have WSUS on our server so installing updates is easier.  Is there another local policy I can create that would allow Window Updates and more basic freedom but not so proned to getting infected?  If I could somehow change this, I would have way less viruses.

Thanks
0
T0DD
Asked:
T0DD
  • 4
  • 2
  • 2
  • +1
1 Solution
 
Andres PeralesCommented:
WSUS has nothing to do with viruses, Yes you should have WSUS installed and pushing to updates and patches to your client workstations, you can tell WSUS and your clients to approve updates from WSUS Server put pull update from Microsoft.
But this is a virus issue, you need to have Anti-Virus installed on all of your computers and managed from a central location is prefered.
Microsoft has ForeFront Client Security - http://www.microsoft.com/forefront/clientsecurity/en/us/default.aspx
Remember to protect your servers too...
Symantec and Symantec Anti-Virus Corparate Edition
McAffe has Total Protect.
You need anti-virus.
0
 
T0DDAuthor Commented:
You completely misunderstood what I was asking.  I have users set to the local admin account, so they can install updates and have other privileges.  Wsus is not an option for our setup as we have limited storage.  Antivirus is installed on all our computers.  But the Vundo Variants still infect users who have the local admin right.  

My question is, how can I create a local policy on the machine that would NOT be a total lock down like the "Power User" group and still give them wiggle room?  The local admin account is horrible as it will let all sort of stuff installed even WITH active protection on.
0
 
Stinky9000Commented:
it seems that your antivirus is not working or there is a computer that you are missing which keeps installing the virus on the computers.

My suggestion = New Antivirus
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
Donald StewartNetwork AdministratorCommented:
"Wsus is not an option for our setup as we have limited storage."
 
Sure is !
You can set it up so that it doesnt store the updates locally(they can still download from microsoft). This way you  can still control your update approvals.
0
 
T0DDAuthor Commented:
We are using Vipre and they've admitted that the virus which infected us UACd.sys a (rootkit) is hard to stop and that most AV software only stops some of it since other files within it are encrypted and not scan able.  Correct me if I'm wrong, but it seems that the latest viruses are just way to sophisticated for AV, especially if the installs are encrypted.  And while our AV software finds stuff, other stuff has managed to still get pass it.  

My only other layer of defense is to change all the users back to "Limited" and call it good.  But I'm curious if anyone has some tips since, i.e. Firefox releases updates weekly, so updates on a limited account can only be made by me which in turns makes more work for me.

I just want a solid network that is virus-free and something that I don't have to always go to do manual update stuff.  Is this possible?   (Thanks Dstewartjr for the Wsus tip, I wasn't aware of that feature.)
0
 
Stinky9000Commented:
hmm about how many Users do you have?
0
 
T0DDAuthor Commented:
I have about 60 users.  I guess I can buy patch management software, but it's probably beyond my budget.  
0
 
Andres PeralesCommented:
Patch Management and Virus Management are two separate products...
WSUS will handle you patches and patche management... as dstewart mentioned you can configure WSUS to pull patches from Microsoft all you would control is the approval and disapproval of which patches to have the clients install!
Virus Management you will need to purchase something to manage that!  there are different options for that...and if you want to stop your users from going to websites they shouldn't and downloaded stuff then block those sites OpenDNS have a decent free solution http://www.opendns.com/solutions/smb/
Good Luck!
0
 
T0DDAuthor Commented:
Purchased Lumension Patchlink as this will provide more secruity than just Microsoft Updates.  i.e. java, adobe reader & flash, firefox, CS4 etc.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now