Hey I need your guys' sugguestions on what to do to secure windows 7 in a domain environment
what we've done so far is set most people to a standard user, set UAC to the second notch from the top, have DEP enabled for third party programs, have the default policy set in windows firewall advanced (is this controlled by sysadmin?), disabled fast user switching, and have a daily scan antivirus with central console and biweekly reports emailed (symantec endpoint).
Of course we try to keep all software up to date with separate updaters (like flash and acrobat) and windows updates through WSUS. IE8 is also in protected mode. Is there anything else we can do?