Educause Security Discussion mailing list archives
Re: Compromised Windows Machine Remediation
From: Gary Dobbins <dobbins () ND EDU>
Date: Wed, 6 Oct 2004 16:31:55 -0500
We use an escalating set of repair services. For students, they are first offered access to repair info via the webpage (to which they are redirected when trying to surf if they're blocked) Failing that, the student may contact our Help Desk, who attempt to assist by phone and/or VNC remote control. Or, the student may contact an in-dorm support person (a member of the OIT Residential Computer Assistant program) who have been trained by OIT and can provide support/remediation on a best-effort basis. If HD is unable to resolve and believes special attention is needed, an OIT staff professional may be dispatched. Also at as-available and best-effort level. When systems are so bad as to be unrepairable by those means, the owners are referred, either by HD or RCA, to the OIT for-fee service department, who will do what it takes (incl O/S reinstall with data backup) to repair the system. If you follow this route, it's good to be sure students expectations for support include the possibility of best-effort services being unsuccessful, resulting in referral to non-free repair services. Mike Wiseman wrote:
Hello, I am interested in hearing about experiences with 'cleaning' user-owned and managed computers. When a student laptop/desktop has been blocked from the network due to infection, what do they do? Do institutions provide a help desk environment where the work is done? or do they provide resources for the student for 'self-help'? Is the student on their own to resolve the problems? Is anyone using 'fee-for-service'? If so, what is the user guaranteed to receive? All of the above are used to some extent by departments here. This September, staff have been overloaded with repairing laptops. Also, with the implementation of network registration and patch status checking, sometimes the testing involved will fail on machines that are badly infected and we want to direct the users appropriately. Thanks, Mike Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
-- ------------------------------------------------------------ Gary Dobbins, CISSP -- Director, Information Security University of Notre Dame, Office of Information Technologies ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Compromised Windows Machine Remediation Mike Wiseman (Oct 06)
- <Possible follow-ups>
- Re: Compromised Windows Machine Remediation Theresa Semmens (Oct 06)
- Re: Compromised Windows Machine Remediation Jefferson, Ronnie V. (Oct 06)
- Re: Compromised Windows Machine Remediation Drews, Jane E (Oct 06)
- Re: Compromised Windows Machine Remediation Gary Dobbins (Oct 06)