Archive for category Updates
All About Internet Explorer 8 & Uninstall/Rollback Script
Internet Explorer 8 is the newest release from Microsoft and recently left beta and hit automatic updates. I will be discussing the issues that I have encountered, and the fixes I have found. Additionally, I will include group policy templets to prevent its distribution and a uninstall script to remove it for systems. I came in Monday to find that the software was installed on a spattering of computers across sever different clients (about 250 computers). I spent most of the rest of the week fixing them.
Read the rest of this entry »
Integrating Service Pack 3 Into a Windows CD
I hate having to install service pack 3 after installing a OS. I did not have a CD with SP3 slipstreamed yet, so I made one. Here is how to do it.
Read the rest of this entry »
Conficker; What is it? How to Prevent and clean It.
What is it?: Conflicker is a virus that has been spreading for about 2 months infecting an estimated 15-20 million computers worldwide. Systems running windows 2000, server 2000, windows XP (all variations), Vista (all variations), server 2003, server 2008 and even windows 7 are susceptible. The details of what exactly the virus does are a bit sketchy because of the way the virus is created. At this time it appears that the virus is dormant in the computer and waiting to download the remainder of its payload code on April 1st. Right now it is presumed that the worm spreads itsself through the RPC service and through http, network shares, USB and removable media, and even FTP. The worm has the ability to modify open port exceptions on windows firewall as well as the ability to stop svchost.exe, services.exe, and explorer.exe. It has a built in P2P application so that the virus can both communicate code between each other and web servers and coordinate. This is where the fear of fast changing polymorphic code comes from as well as the ability of the virus to use host computers in a zombie like fashion to attack other computers or servers.
Symptoms of the virus are expected to include and have been confirmed to include:
- Services disabling on their own. Namely windows defender, BITS, windows firewall, and some third party antivirus services such as live update.
- Massive increase in network traffic. Up to a 10-15% increase in total network traffic is expected on infected networks. This is due to attacks on shares and accounts, as well as spreading of the virus and payload.
- Account lockouts reset. If the virus is on a DC it will dictionary attack the admin account and admin shares, if the account locks out, it will automatically reset the lockout.
- Lastly some or all AV websites, security websites, and windows update sites are inaccessible. they reply to ping and answer to telnet on port 80, but they are not accessible to any browser. This appears to be done through a virtual proxy system.
Autopatcher, a Better Way of Staying Updated
Today, another really nifty tool for update deployment. Weather you have a computer that missed a few patches, or a fresh install you are trying to catch up to the rest of your network autopatcher is a easy solution. All you have to do is download a little exe and it will connect to Microsoft.com, and get the latest patches. When you run the application it will automatically determine what you are missing on the computer. These are automatically selected, then check any add-ons you want to install, and away you go. Now what makes this nifty is once the patches are downloaded once, it works offline. If you have a few computers to update it doesn’t bottle neck your bandwidth. Even better than that it will run off a thumbdrive or a network share and does not require install of the patcher application on the client side. Just another solution when you need to process a update quickly, or update a few computers at a office that is running a low bandwidth WAN. Also it is another substitute to windows update that does not require you to go through the validation process. It supports windows 2ksp4, vista, server 2003, and xp sp3, in a few different languages and over both X86, and X64 architecture.
http://www.autopatcher.com/
Service Pack 3 Rollout Options Switches and Scripts
Okay so Service Pack 3. Scary I know, I am always weary of big service pack rollouts. However if you don’t update to SP3, you are open to contracting some nasty bugs. Here are some simple install possibilities if you don’t have it on your network yet. I suggest that you take a look at some of the install articles on SP3 and some of the complications people have experienced before doing a mass rollout. Below are some options that might be helpful to you, but as always test on a few computers before rolling out to a bunch. You might also want to check out this link for a explanation of the switches and arguments for installation. In my scripts below the switches I use will force all aplications closed, and do a backup of of the replaced files, and make a log. A progress window is displayed during the install and at the end the computer is rebooted. I found this to be the best option for rollouts as you can see the progress bar to estimate time remaining, and you do have a log and a backup if things go wrong. I suggest you find the right mix of switches that work for you though.
Read the rest of this entry »