We use 2008 terminal server. We had a user somehow get a virus downloaded and running on his session. It installed itself in the C:\programdata folder of the terminal server. We cleaned it by running malwarebytes on the terminal server and deleting his profile.
Is there any was to lock this down so it can't happen again?