I have had several SysAdmin's around me state that the CryptoLocker malware has hit them hard. I have been looking into better ways to keep my systems protected and had a few implementation policy questions for those of you running a non-Active Directory environment.

The first question is regarding Software Restriction Policies. Anyone using this through the GPO inside ZENworks? Any recommendations on how best to deploy this to prevent disasters like Crypto?

The second question is regarding other areas, security wise, I should be working with? Recommendations on GPO settings that I should be posting? Other security settings outside of a GPO I should be working on?

I have been rather lucky so far with my Virus issues not being to large but I want to ensure I am doing all I can to ensure I keep the risk to a minimum.