ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    PCs Backup software that can isolate backup destination to protect from Ransomware virus.

    IT Discussion
    9
    170
    19.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @Dashrender
      last edited by

      @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

      I feel hurt. LOL.

      While I agree with this, the OP asked for a specific solution. He didn't say... How do I make sure I don't loose any data from my end user PCs?

      Additionally, we just learned that he doesn't have the PCs attached to a domain. This means there is a likelihood that he doesn't have a shared admin credential over all machines ( but it's possible he does), also he's missing out on things like GPOs.

      I do have admin account on all workstations with same credentials. Yeah, missing out GPOs.

      And a massive security hole in the organizations computer systems. . . .

      Why is that? What makes this a larger hole than a domain admin account?

      A domain admin account can have its password reset globally from 1 location, a local user admin account has to be touched on every system. And thus every system is susceptible to having local system files tampered / stolen etc etc with compromised local admin credentials.

      DashrenderD 1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @Dashrender
        last edited by

        @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

        @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

        @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

        @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

        Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

        I feel hurt. LOL.

        We do have file server on Windows server and users have been given access on and working with. But the issue is with CAD files they work, even do not suggest them to work directly on shared folder which take the performance down, so now they have working data (which is important).

        Now, your question will be if you have Windows Server, why network is not in domain, and my answer is "so many computers are Home Edition", working on to make all Professional Edition.

        If the business is running Home Edition licenses of Windows, you have bigger issues. You know you can't implement AD on Home, so you'd have to upgrade those to professional (or beyond).

        I'm assuming the Windows licensing is adhered to the computers, which means you can't move it from device to device (legally). So you have a few choices, purchase a MAK license, and re-image and upgrade each user system to Windows Professional.

        Starting with Windows Vista, one could purchase a key that would "upgrade" a version from Home to Pro - no reinstall required.

        Or try your hand at a linux distro, and see if all of your software is functional on said linux distro.

        He's a CAD shop - are there many Linux friendly CAD solutions?

        There are a few options of CAD software for linux, I haven't looked recently to find out if AutoCAD (etc) supports RedHat. I think they do.....

        Now to google..

        travisdh1T 1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender
          last edited by

          Now speaking of Linux - The OP mentions that he has a Windows Server file server. Instead of making that an AD server as well, he might consider moving his server infrastructure completely to Linux and use SAMBA to provide AD functionality to his Windows clients. This could save a boat load in the long run. You'll still need Windows Pro on the workstations to use any AD functionality, but the server side licensing would be gone.

          dafyreD 1 Reply Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403
            last edited by

            Yep.. the audodesk family is supported on Linux.

            1 Reply Last reply Reply Quote 1
            • dafyreD
              dafyre @Dashrender
              last edited by

              @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

              @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

              @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

              @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

              Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

              I feel hurt. LOL.

              We do have file server on Windows server and users have been given access on and working with. But the issue is with CAD files they work, even do not suggest them to work directly on shared folder which take the performance down, so now they have working data (which is important).

              Now, your question will be if you have Windows Server, why network is not in domain, and my answer is "so many computers are Home Edition", working on to make all Professional Edition.

              If the business is running Home Edition licenses of Windows, you have bigger issues. You know you can't implement AD on Home, so you'd have to upgrade those to professional (or beyond).

              I'm assuming the Windows licensing is adhered to the computers, which means you can't move it from device to device (legally). So you have a few choices, purchase a MAK license, and re-image and upgrade each user system to Windows Professional.

              Starting with Windows Vista, one could purchase a key that would "upgrade" a version from Home to Pro - no reinstall required.

              Or try your hand at a linux distro, and see if all of your software is functional on said linux distro.

              He's a CAD shop - are there many Linux friendly CAD solutions?

              OpenSCAD is one... I'm sure there are others.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @DustinB3403
                last edited by

                @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

                I feel hurt. LOL.

                While I agree with this, the OP asked for a specific solution. He didn't say... How do I make sure I don't loose any data from my end user PCs?

                Additionally, we just learned that he doesn't have the PCs attached to a domain. This means there is a likelihood that he doesn't have a shared admin credential over all machines ( but it's possible he does), also he's missing out on things like GPOs.

                I do have admin account on all workstations with same credentials. Yeah, missing out GPOs.

                And a massive security hole in the organizations computer systems. . . .

                Why is that? What makes this a larger hole than a domain admin account?

                A domain admin account can have its password reset globally from 1 location, a local user admin account has to be touched on every system. And thus every system is susceptible to having local system files tampered / stolen etc etc with compromised local admin credentials.

                You can also remotely change the local admin account through a script, assuming you know what those credentials are. So no visit needed.

                Don't get me wrong, the OP should definitely get Windows Pro and use some type of AD.

                DustinB3403D 1 Reply Last reply Reply Quote 0
                • DustinB3403D
                  DustinB3403
                  last edited by

                  Which is actually awesome, because this just means that you don't even need to pay for end-user licensing, as both CentOS and RedHat are supported.

                  So you could have a full Linux environment running enterprise software on CentOS.

                  1 Reply Last reply Reply Quote 1
                  • dafyreD
                    dafyre @Dashrender
                    last edited by

                    @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                    ... but the server side licensing would be gone.

                    Isn't that where a large chunk of the licensing fees go anyhow? Server License & CALs?

                    DustinB3403D DashrenderD 2 Replies Last reply Reply Quote 0
                    • DustinB3403D
                      DustinB3403 @Dashrender
                      last edited by

                      @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

                      I feel hurt. LOL.

                      While I agree with this, the OP asked for a specific solution. He didn't say... How do I make sure I don't loose any data from my end user PCs?

                      Additionally, we just learned that he doesn't have the PCs attached to a domain. This means there is a likelihood that he doesn't have a shared admin credential over all machines ( but it's possible he does), also he's missing out on things like GPOs.

                      I do have admin account on all workstations with same credentials. Yeah, missing out GPOs.

                      And a massive security hole in the organizations computer systems. . . .

                      Why is that? What makes this a larger hole than a domain admin account?

                      A domain admin account can have its password reset globally from 1 location, a local user admin account has to be touched on every system. And thus every system is susceptible to having local system files tampered / stolen etc etc with compromised local admin credentials.

                      You can also remotely change the local admin account through a script, assuming you know what those credentials are. So no visit needed.

                      Don't get me wrong, the OP should definitely get Windows Pro and use some type of AD.

                      And assuming you have access to the user system, if it's offline (because it's unplugged or wireless is toggled off) you'd have no access.

                      But this goes into the "you've lost physical control of the device" so meh... different subject entirely.

                      1 Reply Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403 @dafyre
                        last edited by DustinB3403

                        @dafyre said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        ... but the server side licensing would be gone.

                        Isn't that where a large chunk of the licensing fees go anyhow? Server License & CALs?

                        Yes, User/Client CALs is the bulk of how Microsoft makes their money. The individual OS licensing is beer money, essentially.

                        1 Reply Last reply Reply Quote 0
                        • DustinB3403D
                          DustinB3403
                          last edited by

                          What CAD programs are you supporting @openit ? The Autodesk family has never been supported on Home versions of Windows from what I can see in their offerings...

                          Though this doesn't mean that it doesn't install..

                          1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @dafyre
                            last edited by

                            @dafyre said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                            @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                            ... but the server side licensing would be gone.

                            Isn't that where a large chunk of the licensing fees go anyhow? Server License & CALs?

                            Really those fees aren't really all THAT high. Standard Windows Server is $850 for two VMs on a single host. So $425 ea. CALs are around $35/ea

                            Compare these fees to O365 or third party spam filtering, etc, it's right in line with what you pay for everything else for the end user. Is it extra cost that you can get away from, sure, but is it so crippling as to need to completely avoid it at near or any costs? I don't think so.

                            Now here's where I'll point out that Scott will say that we need to consider the business, and make proper business decisions to know if Windows is the right solution for us or not. I think he would say that if the company can't afford Windows Pro, then it really can't afford Windows at all.

                            DustinB3403D scottalanmillerS 2 Replies Last reply Reply Quote 1
                            • DustinB3403D
                              DustinB3403 @Dashrender
                              last edited by

                              @Dashrender I would say that the business is not trying to operate as a business, and just purchasing the cheapest equipment or has a BYOD policy so users can bring in whatever and then it's IT's job to "make it work" no matter how crippled it is.

                              I very much doubt that the business is truthfully purchasing Windows # Home....

                              DashrenderD 2 Replies Last reply Reply Quote 1
                              • DashrenderD
                                Dashrender @DustinB3403
                                last edited by

                                @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                @Dashrender I would say that the business is not trying to operate as a business, and just purchasing the cheapest equipment or has a BYOD policy so users can bring in whatever and then it's IT's job to "make it work" no matter how crippled it is.

                                I very much doubt that the business is truthfully purchasing Windows # Home....

                                Really? To bad you didn't get that job at the MSP - you'd likely be exposed to small time shops that only buy their machines from Best Buy where you can't get Windows Pro - Where $100 represents 1/5 of the total cost of the machine, of course - those businesses fail to understand that often those computers last about 1/2 as long as better business class machines, and definitely won't be getting support for the next OS - but I guess that concern is actually gone, with Windows 10 being the last version of Windows and all 😉

                                1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @DustinB3403
                                  last edited by

                                  @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                  @Dashrender I would say that the business is not trying to operate as a business, and just purchasing the cheapest equipment or has a BYOD policy so users can bring in whatever and then it's IT's job to "make it work" no matter how crippled it is.

                                  I very much doubt that the business is truthfully purchasing Windows # Home....

                                  There's nothing wrong with the BOYD, as long as IT is allowed to create an IT environment that is meant to support it - again hosted apps and things like Citrix NFUSE.

                                  1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @openit
                                    last edited by

                                    @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                    @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                    @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                    I would like to ask you, with what would you suggest based on my requirements mentioned in my Post ?

                                    I really think that Veeam Endpoint Backup is likely the way to go. As @JaredBusch pointed out, the risk of compromise through ransomware, while important to consider, does not exist today and planning around it is foolish. If you are backing up to NAS, just snapshot to protect against that. The product is commercial, enterprise and completely free and that's not going to change in any reasonable future.

                                    Use PDQ Deploy and you can roll it out quickly and easily to your entire fleet without needing Active Directory.

                                    I see, so two things coming to my mind 1. Urbackup or 2. Veeam Free with NAS (which should have snapshot facility. But still stuck at central mgmt, don't know if backup is working or failing 😞

                                    I do think you should also consider Appassure if you're going the workstation backup route. I think it was like $100 for the license and maybe $15/year for support and is completely centrally managed.

                                    1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender
                                      last edited by

                                      @openit do you have the NAS already? If not, you could build a SAM-SD style box, install your backup solution on that box directly and backup locally.

                                      I mention this just to make sure those reading this thread are aware that you don't have to have a Server and a NAS when looking at the isolated backup model.

                                      openitO 1 Reply Last reply Reply Quote 0
                                      • travisdh1T
                                        travisdh1 @DustinB3403
                                        last edited by

                                        @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                        @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                        @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                        @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                        @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                        Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

                                        I feel hurt. LOL.

                                        We do have file server on Windows server and users have been given access on and working with. But the issue is with CAD files they work, even do not suggest them to work directly on shared folder which take the performance down, so now they have working data (which is important).

                                        Now, your question will be if you have Windows Server, why network is not in domain, and my answer is "so many computers are Home Edition", working on to make all Professional Edition.

                                        If the business is running Home Edition licenses of Windows, you have bigger issues. You know you can't implement AD on Home, so you'd have to upgrade those to professional (or beyond).

                                        I'm assuming the Windows licensing is adhered to the computers, which means you can't move it from device to device (legally). So you have a few choices, purchase a MAK license, and re-image and upgrade each user system to Windows Professional.

                                        Starting with Windows Vista, one could purchase a key that would "upgrade" a version from Home to Pro - no reinstall required.

                                        Or try your hand at a linux distro, and see if all of your software is functional on said linux distro.

                                        He's a CAD shop - are there many Linux friendly CAD solutions?

                                        There are a few options of CAD software for linux, I haven't looked recently to find out if AutoCAD (etc) supports RedHat. I think they do.....

                                        Now to google..

                                        The CAD software I'm familiar with (IDEAS, Medusa, PRO-E, CATIA) almost all started out on UNIX. PRO-E is the only exception in my short list. Autodesk was always looked at as the "newbies toy"

                                        1 Reply Last reply Reply Quote 0
                                        • openitO
                                          openit @DustinB3403
                                          last edited by

                                          @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                          @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                          @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                          Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

                                          I feel hurt. LOL.

                                          We do have file server on Windows server and users have been given access on and working with. But the issue is with CAD files they work, even do not suggest them to work directly on shared folder which take the performance down, so now they have working data (which is important).

                                          Now, your question will be if you have Windows Server, why network is not in domain, and my answer is "so many computers are Home Edition", working on to make all Professional Edition.

                                          If the business is running Home Edition licenses of Windows, you have bigger issues. You know you can't implement AD on Home, so you'd have to upgrade those to professional (or beyond).

                                          I'm assuming the Windows licensing is adhered to the computers, which means you can't move it from device to device (legally). So you have a few choices, purchase a MAK license, and re-image and upgrade each user system to Windows Professional.

                                          Or try your hand at a linux distro, and see if all of your software is functional on said linux distro.

                                          Around 50% are Home Edition, not all. Yes, no domain for Home Edition. I guess, no need to reinstall os to convert.

                                          openitO 1 Reply Last reply Reply Quote 0
                                          • openitO
                                            openit @openit
                                            last edited by

                                            @dafyre @DustinB3403 @Dashrender

                                            Cad we are using is from AutoDesk.

                                            1. Moving to linux could be an option, even Autodesk is supported for linux (say CentOS), that's very big deal, because user knows Windows and we, IT have little knowledge on Linux. To save money I never want to do that, as I learnt from different scenarios and from forums, at the end of the IT will fallen into problems, Management never sees ( if Manager is from IT background, then maybe exceptional case) how many bucks you saved by using free or open source, but loss or downtime, so plans about Linux.

                                            2. Even myself, I love opensource software and plays around CentOS, pfsense, Zentyal, and so many. I believe I can set it up properly and get it run, but difficult part is troubleshooting if any issue occurs, so no to Linux as of now at least.

                                            3. For sure, I need to push the task of bringing the network under domain.

                                            4. On one hand, by seeing issues with Ransomware, I have started to think about Backup for local pc data and other big issue I need to think about is "Users security awareness". And if I plan to migrate to Linux, then I would be gone 🙂 LOL

                                            DashrenderD DustinB3403D scottalanmillerS 4 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 9
                                            • 6 / 9
                                            • First post
                                              Last post