Workstation recovery is the most overlooked part of recovery planning. Recovering all your servers and data without workstations is not useful. This becomes critical as office locations and workstations increase. Reinstalling the operating system and applications for 10 workstations can be brute forced, the same cannot be said for 100. The uncomfortable stares of employees waiting to get their workstations back up and running is an event you want to avoid.
Below are three workstation recovery options to consider in your recovery planning. All of these options require PROACTIVE planning and setup. Once a ransomware event occurs it is too late to go back and put any of this in place.
A NOTE BEFORE WE START:
Our Stringfellow Standard is to have no data (user or corporate) stored on workstations. This greatly simplifies workstation recovery and increases the safety of your data. This is not possible in all cases, but the goal should be to move all data to a cloud service when possible!
Cloud managed workstations
Workstations managed and controlled via cloud services are easy to recover and maintain. This requires intentional planning which is part of our Intelligent Technology Roadmaps. It allow large groups of workstations to be "reset" at once without having to physically touch them. It also speeds up workstation setup for new users in daily operations which is an added bonus.
Windows based workstations utilizing Microsoft Intune, Endpoint Protection Manager, and AutoPilot can be cloud managed. Cloud managed workstations can be reinstalled (including applications) with minimal user interaction during a recovery event. The time savings here are massive when you are talking about recovery of hundreds of workstations. All organizations should be working towards this workstation model.
Imaged backup of workstations
It is not always possible to remove (user) data from every workstation. Older applications may require local data storage, or the installation of applications cannot be done in an automated way. In these cases it is smart to perform an image-based backup of the workstation itself. This is similar to how server backups are performed.
In order to recover the workstation you will boot it with a USB drive and then download the backup image to the device. The drawback here is speed. Downloading the images for hundreds of workstations could take several DAYS even with high end Internet. This option is best on an ad-hoc basis for "special" workstations that would be difficult to setup again from scratch.
Imaging system with golden image
An imaging system uses a golden image for rapid deployment of specific workstation setups to a large number of machines. Think about a large construction firm that has engineering and administrative workstations. A golden image can be made for each of those and streamed down (locally) to the workstations during a recovery event.
The big advantage to this over image backups of workstations is speed. Since the golden image is locally stored it can be quickly pushed out over the network. The drawback is this is not useful for remote workstations and requires maintaining an up to date golden image, which can be time consuming. This is the best option to have in place prior to moving to cloud managed workstations.