Our Windows network has multiple drives that by default have read/write access available to the everyone group and has been that way for years. However, one particular group of staff have been more prone to clicking virus e-mails or links.
What would be the best and ideally efficient way to limit the potential exposure and damage this group could do if a ransomware or other malicious file were to try to run on their PCs?
Changing the drives from everyone read/write would take a long time, but may be the best option? I haven't really used deny group options, so maybe I go that route?
They're local admins on their PCs, so maybe I need to change that as well.
Thanks.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.