110 likes | 128 Views
Explore how PNNL manages Windows desktops efficiently through deployment services, enhancing security and future readiness while simplifying user interface. Get insights on image updates, configuration settings, security measures, and more.
E N D
How PNNL Manages Windows Desktops Will Jorgensen
Windows Deployment Services Universal Image! Simpler user interface Quickly update image for new hardware
Federal Desktop Core Configuration (FDCC) • Start October 2008 • Classified impact to three levels • 80% of settings classified as low • Deployed December 2008 • Only 2 exceptions
Least User Access BeyondTrust Privilege Manager for XP 2 year deployment Elevated installer processes Allow “run elevated” ActiveX control white lists De-elevate IE
Obstacles Broken permissions (File System & Registry) User Training! More calls to the Help Desk Agent instability
Benefits Additional security layer Better positioned for the future
Windows Firewall • Block all workstation-to-workstation traffic • Except RDP and ICMP • Help Desk can grant exceptions • Benefits • Prevents spread from compromised host • Eliminates spurious network traffic
AntiVirus Protection Upgraded to Symantec Endpoint Protection 11 Silent push via SMS
Software Patching • Windows Server Update Services (WSUS) • Available externally • Microsoft SMS • Patch most common vulnerabilities
Where are we going • SCCM • Available externally • IPS (Symantec Network Threat Protection) • Device Certificates • Network Access Protection • Software Virtualization (App-V)
Discussion • Questions • Will@pnl.gov • Scott.Snyder@pnl.gov