1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pop quiz that just came up after a discussion with some users

Discussion in 'The Lounge - Off Topic' started by Gingerdave, Aug 20, 2008.

  1. Gingerdave

    Gingerdave Megabyte Poster

    991
    44
    74
    Your user has a laptop and works in a site with a single server, which in turn is connected via VPN to all of our other sites. The user wants a docking station ordered of said laptop and the following comes up in conversation:

    "Oh yeah, and I keep getting Virus alerts."
    "sorry what?"
    "Yeah Virus alerts, been getting them for weeks - but I didnt think it important enough to bother you guys with.."
    "......."

    So here is the question for you tech savvy people, do you:

    A) Explain to the user that Viruses destroy systems, and that in his misguided attempt to spare us some work he may have compromised the entire network, and he should disconnect from the network at once and not connect again until the problem resolves itself.

    B)Hop on a train to Liverpool, head to the office, kick the door in and with the strength of your divine fury and attempt to beat some sense into the user with said laptop.

    C) Hang the phone, head to your server room and cry while you say goodbye to your faithful companions who have served you well, putting them out of arms way "for their own good"

    D) Panic.

    so what would you guys do?
     
    Certifications: A+,MCP, MCDST, VCP5 /VCP-DV 5, MCTS AD+ Net Inf 2008, MCSA 2008
    WIP: MCSA 2012
  2. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Haha sounds like fun...

    B though, definitely B. :p :p


    ...Reminds me of the time when one of our users did something stupid.

    From the users computer I log on using RDP to our file and print server to check printer settings for our main printer.

    Then I log on to our exchange server to check queues from the same computer.

    I turn around to answer a question from one of our directors who has found me by wandering around the office...

    I turn back around and....

    The user has only managed to shutdown both servers, causing mahem to the 300+ other people now unable to work, with the Director of the company standing behind me.

    When I asked WTFH she was playing at she simply answered - "I thought you wanted me to shut it down."

    ...

    I was not pleased. :x:x:x

    Suffice it to say, don't give them a chance to do anything stupid. Treat users like sheep. Very stupid sheep. :p
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  3. Arroryn
    Honorary Member

    Arroryn we're all dooooooomed

    4,009
    186
    209
    There is an unfortunate option E:

    "The user is of such a status that no matter what you say, it won't make a blind lot of difference. For the stability of the network, you should take their laptop off them and give them a typewriter and some crayolas. But depressingly enough you know that will never, ever happen."
     
    Certifications: A+, N+, MCDST, 70-410, 70-411
    WIP: Modern Languages BA
  4. dales

    dales Gigabyte Poster

    1,997
    46
    97
    definately B we need to form a elite team of "user trainers". everyone wins, you get to go on a company paid jolly to liverpool and you get to impose extreme violence on said user, and user gets a new office in the post room where they can cause less damage sorting mail.

    [​IMG]
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  5. twizzle

    twizzle Gigabyte Poster

    1,838
    33
    104
    I would go for option F...

    Tell them that i would love to help them by remotley connecting to thier system, but currently my system is unavailable due to there being a virus loose within the network possibly loaded from some users laptop a few weeks ago. Rest assured that once this problem has been permenatley removed, i will do all i can to help you out, but thi smay be some time.


    Of course the short answer also appeals to me, go round there and shove thier laptop and virus where the sun dont shine, and ask "Does that hurt or affect you in anyway?"
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,
  6. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    What about option g:

    Fire, and lots of it.
     
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal
  7. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Being serious here, I would choose A, but something needs to be proactively done. The problem will not resolve itself no matter how much you wish it to.

    I would then look at creating a punishment group in AD with very restrictive GPOs and put the user in it for 1 week.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  8. dales

    dales Gigabyte Poster

    1,997
    46
    97
    Yes seriously though something will need to be done. what av system do you have in place as I would assume any corporate size email solution would email the sys admin when a virus is detected on a client. Ours does which gives me hours of entertainment when i say "so what were you looking at when this happened":oops: .

    said laptop now really cannot be trusted on the network and ideally would require a reimage, which may teach the user if they had stored anything locally. Perhaps now would be a good time to send out an all user email reminding people of the dangers of using a works pc for recreational web browsing and what to do should a virus be detected. Perhaps users boss should also be cc'd into any "advice" you send them about their compromised workstation.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  9. Gingerdave

    Gingerdave Megabyte Poster

    991
    44
    74
    We are using Mcaffe enterprise, which normally provides very good protection against viruses and unwanted programs.

    No notification was sent which worries me, however the user rang off just after that comment as there was meeting he needed to get to, so I dont know if they are virus alerts, spyware in the form of those annoying pop ups which say you are infected please use product X to solve it.

    Passed it along to my supervisor who is threatening to catch a flight from London to Liverpool and take the laptop off the user.

    Until we can get hold of them not much more can be done as its not on the network atm.

    I do like the idea of a Sin Bin OU, I have a couple of people who would be in there permanently. :twisted:
     
    Certifications: A+,MCP, MCDST, VCP5 /VCP-DV 5, MCTS AD+ Net Inf 2008, MCSA 2008
    WIP: MCSA 2012
  10. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    That's one of the pleasures of an Enterprise-class AV solution: if a user gets virus alerts, you get virus alerts. If you're not getting them... I suggest switching to a different solution.

    Personally, I'd choose bits and pieces of A... then I'd figure out where WE in IT went wrong with regards to user education and in blocking this sort of thing from entering our network in the first place. Gateway AV, e-mail purification, and Web filtering go a long way to preventing what we like to call "user stupidity" when, in truth, it's only partially their fault - we must take some of the blame.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  11. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    The best suggestion I have heard all week :)
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  12. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Too true mate. After all, that's our job and it's what we get paid for.:twisted:
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685

Share This Page

Loading...