This month has been a hard month dealing with the level of sophisticated viruses. All of my users are Local Admins because it's easier to make changes. We also don't have WSUS on our server so installing updates is easier. Is there another local policy I can create that would allow Window Updates and more basic freedom but not so proned to getting infected? If I could somehow change this, I would have way less viruses.