Hi all,
We're a 400 student high school with all Mac clients. We do however, have a handful of Windows apps that only a few people need to run for state reporting, accounting and fundraising. Rather that deal with Bootcamp or Parallels, I've deployed a Dell rack-mount server running Win 2003 server and Terminal Services. Our users that need to run Windows apps simply connect using the Macintosh version of Microsoft's Remote Desktop Connection (RDC). Since there are only a handful of people that need this I've just created local accounts and have bypassed Active Directory. All has been working fine and it's a very clean solution for keeping things simple.
I have been concerned about security and protection for this Dell Server so I've installed the trial version of Avast Server Edition. Pretty straightforward so far but I haven't been able to find any documentation on the Avast Web Site for this version. So I've got a couple of questions that I'm hoping you experts can help me with.
1. During the initial configuration of Avast I have the option of setting up the installation as a stand-alone server or to support Terminal Services. I set it up for Terminal Services (TS) compatibility but when my Mac clients log-in, they see the Avast Blue Balls in their system tray. And it looks like they can configure the services or do whatever they want. I don't really want these TS users to have any access to Avast. Is it really necessary to configure Avast to support Terminal Services when the only true Window's machine in my network is the server itself? If Avast must be configured to support Terminal Services, how do I prevent the Blue Balls from showing in my user's trays?
2. The only other things I'm concerned about are either someone bringing in an infected PC laptop with a worm or Virus that might target our Dell Server, or a valid TS user running IE during a session and picking up some malware or worse. So to this end I have configured Avast services to run Network Shield, Script Blocking, Standard Shield and Web Shield. Does this sound about right? Are these all necessary given my concerns. I don't have anything else going on with the Dell....no Exchange, no AD, etc. I'm not worried about peer-to-peer stuff as these users aren't students and wouldn't know how to IM to save their lives :-))
Thanks in advance,
Dan