PCs Backup software that can isolate backup destination to protect from Ransomware virus.
-
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?
I feel hurt. LOL.
While I agree with this, the OP asked for a specific solution. He didn't say... How do I make sure I don't loose any data from my end user PCs?
Additionally, we just learned that he doesn't have the PCs attached to a domain. This means there is a likelihood that he doesn't have a shared admin credential over all machines ( but it's possible he does), also he's missing out on things like GPOs.
I do have admin account on all workstations with same credentials. Yeah, missing out GPOs.
And a massive security hole in the organizations computer systems. . . .
Why is that? What makes this a larger hole than a domain admin account?
-
@Dashrender This is a real issue, mostly because of the configuration settings within the software.
Most of the CAD (AutoCAD etc) have a setting to download the files locally, and then update the source directory at save time. Along with keeping a local copy for recovery reasons.
Mostly though people fail to configure the software to use this.
-
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender This is a real issue, mostly because of the configuration settings within the software.
Most of the CAD (AutoCAD etc) have a setting to download the files locally, and then update the source directory at save time. Along with keeping a local copy for recovery reasons.
Mostly though people fail to configure the software to use this.
While I've never seen a setting like that - in this type of situation that TOTALLY makes sense and solves the problem of performance.
-
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?
I feel hurt. LOL.
While I agree with this, the OP asked for a specific solution. He didn't say... How do I make sure I don't loose any data from my end user PCs?
Additionally, we just learned that he doesn't have the PCs attached to a domain. This means there is a likelihood that he doesn't have a shared admin credential over all machines ( but it's possible he does), also he's missing out on things like GPOs.
I do have admin account on all workstations with same credentials. Yeah, missing out GPOs.
And a massive security hole in the organizations computer systems. . . .
Why is that? What makes this a larger hole than a domain admin account?
A domain admin account can have its password reset globally from 1 location, a local user admin account has to be touched on every system. And thus every system is susceptible to having local system files tampered / stolen etc etc with compromised local admin credentials.
-
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?
I feel hurt. LOL.
We do have file server on Windows server and users have been given access on and working with. But the issue is with CAD files they work, even do not suggest them to work directly on shared folder which take the performance down, so now they have working data (which is important).
Now, your question will be if you have Windows Server, why network is not in domain, and my answer is "so many computers are Home Edition", working on to make all Professional Edition.
If the business is running Home Edition licenses of Windows, you have bigger issues. You know you can't implement AD on Home, so you'd have to upgrade those to professional (or beyond).
I'm assuming the Windows licensing is adhered to the computers, which means you can't move it from device to device (legally). So you have a few choices, purchase a MAK license, and re-image and upgrade each user system to Windows Professional.
Starting with Windows Vista, one could purchase a key that would "upgrade" a version from Home to Pro - no reinstall required.
Or try your hand at a linux distro, and see if all of your software is functional on said linux distro.
He's a CAD shop - are there many Linux friendly CAD solutions?
There are a few options of CAD software for linux, I haven't looked recently to find out if AutoCAD (etc) supports RedHat. I think they do.....
Now to google..
-
Now speaking of Linux - The OP mentions that he has a Windows Server file server. Instead of making that an AD server as well, he might consider moving his server infrastructure completely to Linux and use SAMBA to provide AD functionality to his Windows clients. This could save a boat load in the long run. You'll still need Windows Pro on the workstations to use any AD functionality, but the server side licensing would be gone.
-
Yep.. the audodesk family is supported on Linux.
-
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?
I feel hurt. LOL.
We do have file server on Windows server and users have been given access on and working with. But the issue is with CAD files they work, even do not suggest them to work directly on shared folder which take the performance down, so now they have working data (which is important).
Now, your question will be if you have Windows Server, why network is not in domain, and my answer is "so many computers are Home Edition", working on to make all Professional Edition.
If the business is running Home Edition licenses of Windows, you have bigger issues. You know you can't implement AD on Home, so you'd have to upgrade those to professional (or beyond).
I'm assuming the Windows licensing is adhered to the computers, which means you can't move it from device to device (legally). So you have a few choices, purchase a MAK license, and re-image and upgrade each user system to Windows Professional.
Starting with Windows Vista, one could purchase a key that would "upgrade" a version from Home to Pro - no reinstall required.
Or try your hand at a linux distro, and see if all of your software is functional on said linux distro.
He's a CAD shop - are there many Linux friendly CAD solutions?
OpenSCAD is one... I'm sure there are others.
-
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?
I feel hurt. LOL.
While I agree with this, the OP asked for a specific solution. He didn't say... How do I make sure I don't loose any data from my end user PCs?
Additionally, we just learned that he doesn't have the PCs attached to a domain. This means there is a likelihood that he doesn't have a shared admin credential over all machines ( but it's possible he does), also he's missing out on things like GPOs.
I do have admin account on all workstations with same credentials. Yeah, missing out GPOs.
And a massive security hole in the organizations computer systems. . . .
Why is that? What makes this a larger hole than a domain admin account?
A domain admin account can have its password reset globally from 1 location, a local user admin account has to be touched on every system. And thus every system is susceptible to having local system files tampered / stolen etc etc with compromised local admin credentials.
You can also remotely change the local admin account through a script, assuming you know what those credentials are. So no visit needed.
Don't get me wrong, the OP should definitely get Windows Pro and use some type of AD.
-
Which is actually awesome, because this just means that you don't even need to pay for end-user licensing, as both CentOS and RedHat are supported.
So you could have a full Linux environment running enterprise software on CentOS.
-
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
... but the server side licensing would be gone.
Isn't that where a large chunk of the licensing fees go anyhow? Server License & CALs?
-
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?
I feel hurt. LOL.
While I agree with this, the OP asked for a specific solution. He didn't say... How do I make sure I don't loose any data from my end user PCs?
Additionally, we just learned that he doesn't have the PCs attached to a domain. This means there is a likelihood that he doesn't have a shared admin credential over all machines ( but it's possible he does), also he's missing out on things like GPOs.
I do have admin account on all workstations with same credentials. Yeah, missing out GPOs.
And a massive security hole in the organizations computer systems. . . .
Why is that? What makes this a larger hole than a domain admin account?
A domain admin account can have its password reset globally from 1 location, a local user admin account has to be touched on every system. And thus every system is susceptible to having local system files tampered / stolen etc etc with compromised local admin credentials.
You can also remotely change the local admin account through a script, assuming you know what those credentials are. So no visit needed.
Don't get me wrong, the OP should definitely get Windows Pro and use some type of AD.
And assuming you have access to the user system, if it's offline (because it's unplugged or wireless is toggled off) you'd have no access.
But this goes into the "you've lost physical control of the device" so meh... different subject entirely.
-
@dafyre said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
... but the server side licensing would be gone.
Isn't that where a large chunk of the licensing fees go anyhow? Server License & CALs?
Yes, User/Client CALs is the bulk of how Microsoft makes their money. The individual OS licensing is beer money, essentially.
-
What CAD programs are you supporting @openit ? The Autodesk family has never been supported on Home versions of Windows from what I can see in their offerings...
Though this doesn't mean that it doesn't install..
-
@dafyre said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
... but the server side licensing would be gone.
Isn't that where a large chunk of the licensing fees go anyhow? Server License & CALs?
Really those fees aren't really all THAT high. Standard Windows Server is $850 for two VMs on a single host. So $425 ea. CALs are around $35/ea
Compare these fees to O365 or third party spam filtering, etc, it's right in line with what you pay for everything else for the end user. Is it extra cost that you can get away from, sure, but is it so crippling as to need to completely avoid it at near or any costs? I don't think so.
Now here's where I'll point out that Scott will say that we need to consider the business, and make proper business decisions to know if Windows is the right solution for us or not. I think he would say that if the company can't afford Windows Pro, then it really can't afford Windows at all.
-
@Dashrender I would say that the business is not trying to operate as a business, and just purchasing the cheapest equipment or has a BYOD policy so users can bring in whatever and then it's IT's job to "make it work" no matter how crippled it is.
I very much doubt that the business is truthfully purchasing Windows # Home....
-
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender I would say that the business is not trying to operate as a business, and just purchasing the cheapest equipment or has a BYOD policy so users can bring in whatever and then it's IT's job to "make it work" no matter how crippled it is.
I very much doubt that the business is truthfully purchasing Windows # Home....
Really? To bad you didn't get that job at the MSP - you'd likely be exposed to small time shops that only buy their machines from Best Buy where you can't get Windows Pro - Where $100 represents 1/5 of the total cost of the machine, of course - those businesses fail to understand that often those computers last about 1/2 as long as better business class machines, and definitely won't be getting support for the next OS - but I guess that concern is actually gone, with Windows 10 being the last version of Windows and all
-
@DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender I would say that the business is not trying to operate as a business, and just purchasing the cheapest equipment or has a BYOD policy so users can bring in whatever and then it's IT's job to "make it work" no matter how crippled it is.
I very much doubt that the business is truthfully purchasing Windows # Home....
There's nothing wrong with the BOYD, as long as IT is allowed to create an IT environment that is meant to support it - again hosted apps and things like Citrix NFUSE.
-
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
I would like to ask you, with what would you suggest based on my requirements mentioned in my Post ?
I really think that Veeam Endpoint Backup is likely the way to go. As @JaredBusch pointed out, the risk of compromise through ransomware, while important to consider, does not exist today and planning around it is foolish. If you are backing up to NAS, just snapshot to protect against that. The product is commercial, enterprise and completely free and that's not going to change in any reasonable future.
Use PDQ Deploy and you can roll it out quickly and easily to your entire fleet without needing Active Directory.
I see, so two things coming to my mind 1. Urbackup or 2. Veeam Free with NAS (which should have snapshot facility. But still stuck at central mgmt, don't know if backup is working or failing
I do think you should also consider Appassure if you're going the workstation backup route. I think it was like $100 for the license and maybe $15/year for support and is completely centrally managed.
-
@openit do you have the NAS already? If not, you could build a SAM-SD style box, install your backup solution on that box directly and backup locally.
I mention this just to make sure those reading this thread are aware that you don't have to have a Server and a NAS when looking at the isolated backup model.
