ruhkus

<div>
If the users are local admin on all PCs, that is super bad because malware running on a person's account could wipe out every device they have local admin access on, without even needing to do privilege escalation.&nbsp;
</div>


<div>
Local admin only on the PC they primarily use. Yeah, I may just have to suck it up and make the network permission changes, but there's a lot of random folders created over the years that I'll have to figure out how to handle as well. So I guess I shouldn't consider Deny permissions?
</div>


<div>
If you can’t immediately revoke local admin rights without an uproar, perhaps you can “migrate” toward that end by using two accounts for every user, a regular user that they will login with and use day to day, and an admin user that’s only used when necessary. Windows will automatically prompt the end user to provide admin credentials when needed by the regular user account. &nbsp;Perhaps you can change all current logins to standard users and then create second admin accounts so they retain their current user, groups, and password, etc.
</div>


Network Engineer 

kevinhsieh

Jackie Man

<div>
assuming you use O365, I’d recommend looking into departmental fileshares via teams. so many benefits.
</div>


<div>
<div class="content wysiwyg-content">
Our Windows network has multiple drives that by default have read/write access available to the everyone group and has been that way for years. However, one particular group of staff have been more prone to clicking virus e-mails or links.<br />
<br />
What would be the best and ideally efficient way to limit the potential exposure and damage this group could do if a ransomware or other malicious file were to try to run on their PCs?<br />
<br />
Changing the drives from everyone read/write would take a long time, but may be the best option? I haven't really used deny group options, so maybe I go that route?<br />
<br />
They're local admins on their PCs, so maybe I need to change that as well.<br />
<br />
Thanks.
</div>
</div>


Our Windows network has multiple drives that by default have read/write access available to the everyone group and has been that way for years. However, one particular group of staff have been more prone to clicking virus e-mails or links.

What would be the best and ideally efficient way to limit the potential exposure and damage this group could do if a ransomware or other malicious file were to try to run on their PCs?

Changing the drives from everyone read/write would take a long time, but may be the best option? I haven't really used deny group options, so maybe I go that route?

They're local admins on their PCs, so maybe I need to change that as well.

Thanks.

Best way to restrict network drive access for a group of people?

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Ransomware

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.

Network Management

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.