Hi,
I am running a Windows 2000 Domain with five Widows 2000 Terminal Servers. The servers still run a number of legacy 16-bit applications which only work when users are 'Power Users'. A very huge negative side effect is that they now have enough permissions to install software. Yesterday Winad (malware) showed up on one of my Terminal Servers, lifting both CPU's to 100% utilization. I want to prevent users from installing software. I know most spyware and malware is installed through IE using ActiveX applet's and other types of scripts. What is the best way to block this? Should I deny the installation of unsigned software or should I raise the security settings of IE6?
Thanks,
Jeffrey Kusters
MCSA, MCSE, CCNA
I am running a Windows 2000 Domain with five Widows 2000 Terminal Servers. The servers still run a number of legacy 16-bit applications which only work when users are 'Power Users'. A very huge negative side effect is that they now have enough permissions to install software. Yesterday Winad (malware) showed up on one of my Terminal Servers, lifting both CPU's to 100% utilization. I want to prevent users from installing software. I know most spyware and malware is installed through IE using ActiveX applet's and other types of scripts. What is the best way to block this? Should I deny the installation of unsigned software or should I raise the security settings of IE6?
Thanks,
Jeffrey Kusters
MCSA, MCSE, CCNA