1 / 11

How PNNL Manages Windows Desktops

How PNNL Manages Windows Desktops. Will Jorgensen. Windows Deployment Services. Universal Image! Simpler user interface Quickly update image for new hardware. Federal Desktop Core Configuration (FDCC). Start October 2008 Classified impact to three levels 80% of settings classified as low

dorian-yang
Download Presentation

How PNNL Manages Windows Desktops

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How PNNL Manages Windows Desktops Will Jorgensen

  2. Windows Deployment Services Universal Image! Simpler user interface Quickly update image for new hardware

  3. Federal Desktop Core Configuration (FDCC) • Start October 2008 • Classified impact to three levels • 80% of settings classified as low • Deployed December 2008 • Only 2 exceptions

  4. Least User Access BeyondTrust Privilege Manager for XP 2 year deployment Elevated installer processes Allow “run elevated” ActiveX control white lists De-elevate IE

  5. Obstacles Broken permissions (File System & Registry) User Training! More calls to the Help Desk Agent instability

  6. Benefits Additional security layer Better positioned for the future

  7. Windows Firewall • Block all workstation-to-workstation traffic • Except RDP and ICMP • Help Desk can grant exceptions • Benefits • Prevents spread from compromised host • Eliminates spurious network traffic

  8. AntiVirus Protection Upgraded to Symantec Endpoint Protection 11 Silent push via SMS

  9. Software Patching • Windows Server Update Services (WSUS) • Available externally • Microsoft SMS • Patch most common vulnerabilities

  10. Where are we going • SCCM • Available externally • IPS (Symantec Network Threat Protection) • Device Certificates • Network Access Protection • Software Virtualization (App-V)

  11. Discussion • Questions • Will@pnl.gov • Scott.Snyder@pnl.gov

More Related