what do you guys do?

[!mitationRust]

Originally posted here by catch
I saw someone else suggest a migration away from MSIE... this is a terrible idea.

It will give you less control over the environment as a whole not more, as MSIE can be (and should be) configured and locked down via the domain policy.

Most of the rest about killing messenger etc looked good (and can also be done at the domian level.)

Security settings can and should be established in all corporate environments offering the capability. If someone tells you that it can't be done for whatever reason, talk to someone smarter or less lazy.

catch

Whatever happend to less = more security theory, atleast I've been reading my OS theory books.

[itsupportcenter]

Websense has premium groups, one of which is spyware, another of which is called productivity. You need both (how convenient) in order to effectively stop spyware. Easy to add to the websense server, seems to work pretty well.

[itsupportcenter]

Also, there is a client policy manager that can be set up to stop programs from running on the desktop. Doesn't remove anything, but it will stop unauthorized .exe's from running. You could probably get similar functionality from Windows 2000/2003 Group Policies by setting it to only allow specific programs to run, w/out the high price tag.