Etiam Condimentum

Etiam euismod iaculis dui, id pellentesque nibh lacinia id. Nam eleifend, sapien eu blandit scelerisque, arcu odio tempus urna, in lacinia augue metus eu massa.

This is a great subject for discussion.

Other things to keep in mind are BACKUPS!! My PCs are backed up every night to a NAS Share for which the credentials are not available in Windows credential cache. Meaning even though the share is visible, the only thing that can log into it is the backup software which maintains its own credential lockbox.

NASes can be backed up as well using similar means — using a dedicated share that only it has credentials to, or using a PC as an agent.

Finally, I never tell Windows to remember my NAS login credentials. If I remember to log out of my Windows account, there is no possibility of ransomware getting easy access to private shares the next session, even if they are mapped, as the ransomware can’t access the drive until a user authentication completes.