Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    New Lounger
    Join Date
    Feb 2016
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How to disable downloading on employee's computer?

    So, an employee here keeps getting malware and trojans on her computer. I have had to debug it 3 times in the last 5 months and most recently her computer was almost unusable. I am not in IT, nor am I very good at it without googling the issue first. The problem I'm having is that our work requires us to download semi-frequently. We do graphic design/printing, and some customers send files that need to be downloaded or we need to download fonts to match a certain job. I looked up most of the viruses that she got and found they are usually from free software. I don't want to completely disable downloading or make it obvious that I am restricting her computer, but I want to make it so she cannot download any programs and I cannot afford to spend another day fixing her computer when I could be doing actual work. Her computer is also linked to a lot of expensive equipment and software. Her computer houses our network and our backup files, in fact for me to access client files I need to be networked to her computer. Any ideas?

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    SD,

    Welcome to the Lounge as a new poster!

    The first thing I'd do is get her a new computer and move the one she is currently using to serve strictly as a file server for the others in the office. This will mitigate the risk some. You definitely do NOT want your very important business files on a computer that regularly gets infected and as there is no practical way to stop her from downloading selected files it is IMHO the best first step.

    Next, on her new computer I would install a Hosts File that would limit her from going to known bad sites to download again not a complete solution but another link in the chain.

    Next I'd install a multi layered malware defense like Windows Defender (free with current versions of Windows), Malwarebytes Premium, EMET. There are other tools but I've used these for quite some time w/o problems.

    Even with this level of protection, short of disconnecting her from the internet, there is no silver bullet. I would advise job counseling with a very strong emphasis on the impact following the rules has on her continued employment.

    HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  3. The Following 3 Users Say Thank You to RetiredGeek For This Useful Post:

    csmart4125 (2016-02-29),eikelein (2016-03-03),Fascist Nation (2016-02-22)

  4. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,199
    Thanks
    48
    Thanked 987 Times in 917 Posts
    I'd have sacked her after the 3rd infection - you only get 2 warnings.
    Plus what RG said.

    cheers, Paul

    p.s. If she can install programs she must have admin rights. Take them away immediately.

  5. The Following 5 Users Say Thank You to Paul T For This Useful Post:

    CLiNT (2016-02-22),csmart4125 (2016-02-29),eikelein (2016-03-03),Fascist Nation (2016-02-22),Frank S (2016-03-01)

  6. #4
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Quote Originally Posted by Paul T View Post
    If she can install programs she must have admin rights. Take them away immediately.
    Paul, thanks I missed a BIG one there!
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  7. #5
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,078
    Thanks
    0
    Thanked 259 Times in 248 Posts
    Another vote? I go along with all the above. There is no reason for an employee to have the most critical computer, that's part of why there's Servers running Networks.

  8. #6
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,640
    Thanks
    147
    Thanked 883 Times in 844 Posts
    Yes, it's either all or nothing with being able to download anything and you would do that by creating a local user account for her without admin rights for her to log in with.

    Whenever she tries to download anything, a UAC will pop up where she will have to enter the admin password, but this would entail you also creating an admin account on her computer with your password.

    If she's getting that much malware and Trojans then I would question the effectiveness of your antivirus program.

    I use Norton Security Deluxe and if anything untoward is attached to a download, it will block it or the download.

    A lot of freeware has adware bundled with it and for the most time can be avoided by unchecking the boxes that will bundle these unwanted programs - provided you look for them before hitting Next or Install.

    Unchecky is a program that can do that for, but it isn't infallible so I've heard and some of the PuPs install anyway whether you uncheck their boxes or not and in some cases, the PuP is embedded in the program.

    http://unchecky.com/

    Can you remember the names of any of the infections you have had to deal with ?

  9. #7
    New Lounger
    Join Date
    Feb 2016
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    wow, quick replies! I will have a discussion with my boss about having the computer as a server only vs. making her use an account without admin rights. I do not have say in the firing process, i just get to deal with the mess, lucky me. We are working on getting another computer for her to use as her primary computer, then the one with our files will just sit in the other room to print jobs. We have a complicated RIP software, Versaworks, on that computer and if we move it to another computer we will risk losing custom profiles we made in it. Once we get the new computer she will share an office with me and be monitored pretty closely, but until then she works in the production room out of sight.

    I appreciate the tips and will look into them to see whats best for us. Thanks again

  10. #8
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 406 Times in 378 Posts
    I have observed that some people seem to get more viruses / spyware than others. Occasionally, you find someone who never gets infected. I would find the person in the company who rarely if ever gets infected, and I would let that person, and that person only, do the downloading. And as mentioned by others, I would get one computer that the downloading occurs on, and connect only that one computer to the internet, with the very best antivirus protection on it. And I would not put that computer on the company network; use flash drives to move stuff between that computer and other computers. And be sure to regularly backup everyone's data.

    In this scenario, there would be two extra computers -- one would be the file server, and the other would be the internet-connected computer. These two computers would not be used by anyone, except that the internet-connected computer would be for downloading/uploading files; and it would be used only by someone who is not prone to spyware/viruses.

    Also, users should not be allowed to install anything except approved software.

    Sometimes you have to get radical in order to stop these sorts of infections from occurring. If your company is not willing to take radical, strong action, the problem will continue. It is up to your company to decide this; there isn't much you can do about it if your company doesn't make the decision to do it.
    Last edited by mrjimphelps; 2016-02-22 at 13:12.

  11. The Following User Says Thank You to mrjimphelps For This Useful Post:

    eikelein (2016-03-03)

  12. #9
    New Lounger
    Join Date
    Feb 2016
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Our company is so small that it is the boss, who oversees another company, myself and the girl who collects viruses. one would think that with so few people this issue would not occur. We have decided that we will get her a new computer asap and have the important computer available exclusively for print jobs and once she has a new computer in my office the internet access on the other computer will be heavily restricted and/or disabled. I appreciate everyone's advice. you have been a big help in determining what we need to do

  13. #10
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    I don't want to completely disable downloading or make it obvious that I am restricting her computer, but I want to make it so she cannot download any programs and I cannot afford to spend another day fixing her computer when I could be doing actual work. Her computer is also linked to a lot of expensive equipment and software. Her computer houses our network and our backup files, in fact for me to access client files I need to be networked to her computer. Any ideas?
    If you're not the companies IT tech or her boss then it's not ANY of your business.
    What she NEEDS a sit down and some very clearly laid out stern warnings from those directly in charge.
    YOU could find yourself on the street with HER if they find out you were tampering with any of their expensive systems that were infected.



    THINK ABOUT THAT INSTEAD.

    And if you actually are her boss then that's on you for allowing this to continue.
    If you can't sit her down and do what needs to be done then get someone who can.
    Last edited by CLiNT; 2016-02-22 at 14:38.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  14. The Following User Says Thank You to CLiNT For This Useful Post:

    eikelein (2016-03-03)

  15. #11
    New Lounger
    Join Date
    Feb 2016
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by CLiNT View Post
    If you're not the companies IT tech or her boss then it's not ANY of your business.
    What she NEEDS a sit down and some very clearly laid out stern warnings from those directly in charge.
    YOU could find yourself on the street with HER if they find out you were tampering with any of their expensive systems that were infected.


    THINK ABOUT THAT INSTEAD.
    hey man, calm down. I am her direct supervisor, and I was asked by the company owner to fix the issue. As far as my boss the owner, is concerned I am the IT department, the supervisor, lead customer service etc. I am beating around the bush with her because I have been asked to. Thanks for the lecture though.

  16. #12
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Thanks for the lecture though.
    No problem. She must be valuable, otherwise she'd be out of there.
    Thanks for the clarification.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  17. #13
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    ALL of the above initial recommendations are sound and easily implemented. [excluding the firing suggestions which I can imagine those saying it have stood in your shoes and had to deal with a similar employee more than once...understandable but not an option.] And should be.

    Another option would be to switch to OpenDNS as your DNS Server. Their business Enterprise, (especially) Insight and Umbrella can be of use. Effectively it would allow you to block sites she has access to and well as some OpenDNS intercepting of potential malware passing through their system on the way to you. This is no substitute for hardening off her PC and the rest of your network however. Just another layer and some oversight capabilities. I am not certain however, if it is intended for small networks.
    https://www.opendns.com/enterprise-security/

    How-to Install & Configure Windows 7, Security Guide [list #3]
    Tech Support Guy
    https://forums.techguy.org/threads/h...-guide.1022742
    Last edited by Fascist Nation; 2016-02-22 at 20:52.

  18. The Following User Says Thank You to Fascist Nation For This Useful Post:

    csmart4125 (2016-02-29)

  19. #14
    2 Star Lounger csmart4125's Avatar
    Join Date
    May 2012
    Location
    Michigan
    Posts
    199
    Thanks
    121
    Thanked 9 Times in 7 Posts
    Retired Geek,

    Your suggestions about Antimalware applications are excellent. A variation suggested to me by two other computer gurus would be to use AVAST free in lieu of Windows Defender.

    Would you use something to remove spyware?

    I'm finding this conversation to be of great interest as I'm a medical and science writer who needs his computers. When I have a heavy workload, I employ others and may face this problem down the road.

    Charles

  20. #15
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Charles,

    On occasion I'll run SuperAnti-Spyware but I always browse with NoScript, uBlock Origin, Disconnect, WOT and a good dose of common sense and thus usually don't have a problem w/spyware. A little dose of CCleaner to clean out cookies I may temporarily let through also.

    HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  21. The Following User Says Thank You to RetiredGeek For This Useful Post:

    csmart4125 (2016-03-02)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •