Re: Compromised Windows Machine Remediation

[Gary Dobbins <dobbins () ND EDU>]

We use an escalating set of repair services.

For students, they are first offered access to repair info via the webpage
(to which they are redirected when trying to surf if they're blocked)

Failing that, the student may contact our Help Desk, who attempt to assist
by phone and/or VNC remote control.  Or, the student may contact an in-dorm
support person (a member of the OIT Residential Computer Assistant program)
who have been trained by OIT and can provide support/remediation on a
best-effort basis.  If HD is unable to resolve and believes special
attention is needed, an OIT staff professional may be dispatched.  Also at
as-available and best-effort level.

When systems are so bad as to be unrepairable by those means, the owners
are referred, either by HD or RCA, to the OIT for-fee service department,
who will do what it takes (incl O/S reinstall with data backup) to repair
the system.

If you follow this route, it's good to be sure students expectations for
support include the possibility of best-effort services being unsuccessful,
resulting in referral to non-free repair services.


Mike Wiseman wrote:
> Hello,
>
> I am interested in hearing about experiences with 'cleaning' user-owned
> and managed
> computers. When a student laptop/desktop has been blocked from the
> network due to
> infection, what do they do? Do institutions provide a help desk
> environment where the work
> is done? or do they provide resources for the student for 'self-help'?
> Is the student on
> their own to resolve the problems? Is anyone using 'fee-for-service'? If
> so, what is the
> user guaranteed to receive?
>
> All of the above are used to some extent by departments here. This
> September, staff have
> been overloaded with repairing laptops. Also, with the implementation of
> network
> registration and patch status checking, sometimes the testing involved
> will fail on
> machines that are badly infected and we want to direct the users
> appropriately.
>
> Thanks,
>
> Mike
>
> Mike Wiseman
> Manager - Computer Security Administration
> Computing and Networking Services
> University of Toronto
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/groups/.

--

  ------------------------------------------------------------
  Gary Dobbins, CISSP -- Director, Information Security
  University of Notre Dame, Office of Information Technologies

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.