Security Basics mailing list archives
RE: Purging Blaster.worm
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Mon, 18 Aug 2003 07:59:07 +0100
I use scheduled tasks with jt.exe - from the NT Res Kit, a replacement for at.exe - and scripts. I can essentially bean scheduled tasks to any pc that i need to. I create lists of pcs at login, and then have a task running to beam tasks to those pcs that need them. Search www.kixtart.org for 'jt.exe' and you will find a set of papers on how to set it up. I did it using vbs, but similarly to the way the guys there did it in kix. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -----Original Message----- From: root@localhost.localdomain [mailto:root@localhost.localdomain] Sent: Friday, August 15, 2003 2:33 PM To: Meidinger Chris Subject: Re: Purging Blaster.worm You know I have ran into that problem. Here is what I did. Our workstations have the SU service installed and set to Manual load. You can get the SU service install from the Windows 2000 Resource Kit. Basically it is the same thing as the runas command but you can point it to a file that contains the password, therefore never prompting you for it. I create a batch file that starts the SU service on the workstation (users have permission to start and stop this service) use the SU command to run the patch as an administrator and have it look for the password file on a shared folder. After the patch is installed, the SU service is turned off and the password file is deleted. It is a handt tool but I am still trying to find a better way to install patches with user level permissions. I don't like a text file hanging out on a share that contains a workstation-level adminstrator user's password, even if it is for only for 20 minutes at a time. Hope this helps. Shawn On Friday 15 August 2003 07:13, Meidinger Chris wrote:
remember that in an NT domain your login script runs with user rights. i don't believe that would be enough to apply a hotfix, but correct me someone. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -----Original Message----- From: Todd [mailto:tod () megachump com] Sent: Thursday, August 14, 2003 7:49 PM To: security-basics () securityfocus com Subject: Re: Purging Blaster.worm Does anyone have an NT login script they've used to run the update and symantec worm fix? I've considered putting together something that will first run HfNetChk,
IF
"* WINDOWS 2000 SP4\nInformation\nAll necessary hotfixes have been
applied"
does not exist, then run the update and wormfix. Any suggestions?
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Purging Blaster.worm, (continued)
- Re: Purging Blaster.worm Jay Woody (Aug 13)
- RE: Purging Blaster.worm Parolini, Walter A REV:EX (Aug 13)
- RE: Purging Blaster.worm Jay Woody (Aug 14)
- RE: Purging Blaster.worm Jay Woody (Aug 14)
- RE: Purging Blaster.worm Bob Walker (Aug 14)
- Re: Purging Blaster.worm Ken Jacobs (Aug 14)
- RE: Purging Blaster.worm David Gillett (Aug 16)
- RE: Purging Blaster.worm Meidinger Chris (Aug 15)
- RE: Purging Blaster.worm Vachon, Scott (Aug 15)
- RE: Purging Blaster.worm Jay Woody (Aug 16)
- RE: Purging Blaster.worm Meidinger Chris (Aug 18)
- RE: Purging Blaster.worm Alfred . Diggs (Aug 19)
- RE: Purging Blaster.worm Meidinger Chris (Aug 20)