Re: automating reboot (was RE: RPC Scan Issues)

From: lists (lists_at_www.localareasecurity.com)
Date: 10/20/03

  • Next message: David Y. Ng: "group policy question"
    To: Atit.Shah@sherwin.com
    Date: Mon, 20 Oct 2003 01:54:07 -0300
    
    

    Yes it does in order to push out the patches at least. To scan it doesn't to
    at least know if it is patched or not. Where I am we have a standard password
    for the Administrator account so in most cases it was not an issue.

    -J-

    On Fri, 17 Oct 2003 11:11:31 -0400, Atit.Shah wrote
    > Does this product requires admin access to the remote users machine.....
    >
    > Thanks
    > Atit
    >
    >

    "lists" <lists@www.localareasecurity.com>
    > 10/16/2003 03:03 PM
    >
    > To: "Focus-MS" <focus-ms@securityfocus.com>
    > cc:
    > Subject: Re: automating reboot (was RE: RPC Scan Issues)
    >
    >
    > We used LanGuard Scanner (http://www.gfi.com) to push out the patches. Which
    > has a nice option of rebooting the PC once patches are installed. So users
    > get an interactive message stating they are being patched and to save work
    > etc. Then it will reboot the PC insuring they are patched. It is also handy
    > in getting a high level view of what SPs and Patches are already on the PCs.
    >
    > Not sure if someone already mentioned but it was a big help to us. Although
    > the license is I think $1K or so.
    >
    > Jascha
    > jascha@localareasecurity.com
    > ---------------------------<>
    > :: Local Area Security ::
    > Home of L.A.S. Linux
    > 200+ security tools on a 'live CD' fitting on a miniCD with full desktop.
    > Includes Nessus, Nmap, Snort, Autopsy, Ethereal, Ettercap, etc
    > http://localareasecurity.com
    > ------------------------------------<>
    >
    > On Thu, 16 Oct 2003 09:42:34 -0700, Zachary Mutrux wrote
    > > I create a reboot script using psshutdown.exe from Sysinternals.
    > > http://www.sysinternals.com/ntw2k/freeware/pstools.shtml
    > >
    > > It looks something like this:
    > >
    > > psshutdown -f -r -m "In order to apply a security patch, this
    > > computer will reboot in five minutes. --zm" -t 300 \\workstation1
    > >
    > > psshutdown -f -r -m "In order to apply a security patch, this
    > > computer will reboot in five minutes. --zm" -t 300 \\workstation2
    > >
    > > psshutdown -f -r -m "In order to apply a security patch, this
    > > computer will reboot in five minutes. --zm" -t 300 \\workstation3
    > >
    > > ...
    > >
    > > I usually create these scripts manually, following these steps:
    > >
    > > 1) Open Active Directory Users and Computers.
    > >
    > > 2) Select the hosts to be rebooted, and export to a tab-delimited
    > > text file
    > >
    > > 3) Open the text file in Excel, delete columns other than hostname
    > >
    > > 4) Paste or type in the options above for one host
    > >
    > > 5) Drag to copy the options down the column for all hosts
    > >
    > > 6) Save the file as text
    > >
    > > 7) Rename to "reboot_desktops.bat"
    > >
    > > At the same time, I create a variation of the script to abort the
    > > reboot, just in case I ever accidentally run the reboot script. It
    > > is the same as the reboot script, but uses the abort option.
    > >
    > > ...
    > > psshutdown -a -m "The reboot of this computer has been cancelled. --zm"
    > > \\workstation1
    > > psshutdown -a -m "The reboot of this computer has been cancelled. --zm"
    > > \\workstation2
    > > psshutdown -a -m "The reboot of this computer has been cancelled. --zm"
    > > \\workstation3
    > > ...
    > >
    > > Then I save this batch file as "abort_reboot.bat"
    > >
    > > Once I have the reboot script I save it in C:\batch and schedule it
    > > as a scheduled task to run late at night, but at a time that it will
    > > not interfere with backups or antivirus updates or other regularly scheduled
    > > maintenance. Before scheduling the reboot, I warn users to log off
    > > when they leave for the day, but to leave their computers running.
    > > That way there is less of a chance that someone will lose an unsaved
    > > document they left open on the desktop.
    > >
    > > Can anyone offer suggested improvements for this process?
    > >
    > > Zac
    > >
    > > > -----Original Message-----
    > > > From: c_brauckmiller@LEK.COM [mailto:c_brauckmiller@LEK.COM]
    > > > Sent: Wednesday, October 15, 2003 9:45 AM
    > > > To: Cosentino, Guilherme V.
    > > > Cc: 'focus-ms@securityfocus.com'
    > > > Subject: RE: RPC Scan Issues
    > > >
    > > >
    > > >
    > > >
    > > > Does anyone know of any tool that can automatically reboot every
    > > > machine in a
    > > > given IP range at a given timne?
    > > >
    > > > One could just tell the software to reboot all client PCs in the
    > > > DHCP scope.
    > > >
    > > > We ran into this exact problem when we pushed MS03-026 and
    > > > MS03-039 via login
    > > > script.
    > > >
    > > > Thanks
    > > >
    > > > Craig Brauckmiller
    > >
    > > ---------------------------------------------------------------------------
    > > FREE Whitepaper: Better Management for Network Security
    > >
    > > Looking for a better way to manage your IP security?
    > > Learn how Solsoft can help you:
    > > - Ensure robust IP security through policy-based management
    > > - Make firewall, VPN, and NAT rules interoperable across
    > > heterogeneous networks - Quickly respond to network events from a
    > > central console
    > >
    > > Download our FREE whitepaper at:
    > > http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
    > > ---------------------------------------------------------------------------
    >
    > ---------------------------------------------------------------------------
    > FREE Whitepaper: Better Management for Network Security
    >
    > Looking for a better way to manage your IP security?
    > Learn how Solsoft can help you:
    > - Ensure robust IP security through policy-based management
    > - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    > networks
    > - Quickly respond to network events from a central console
    >
    > Download our FREE whitepaper at:
    > http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
    > ---------------------------------------------------------------------------
    >
    >

    ---------------------------<>
    :: Local Area Security ::
    Home of L.A.S. Linux
    150+ security tools on a 'live CD' fitting on a miniCD with full desktop.
    Includes Nessus, Nmap, Snort, Autopsy, Ethereal, etc
    ------------------------------------<>

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
    ---------------------------------------------------------------------------


  • Next message: David Y. Ng: "group policy question"

    Relevant Pages

    • Re: Win2003 RPC failure after Hotfix
      ... I experienced these issues, too, but I did not apply the patches to our ... KB828026 - Windows Media Player URL Script Command Behaviour ... Windows cannot find the machine account, The Local Security Authority ... Better Management for Network Security ...
      (Focus-Microsoft)
    • RE: RPC Scan Issues
      ... Worked for me as I pushed out patches via a login script. ... machine that had installed the patch, ... Download ClearSight Networks Analyzer and see a new network analysis tool ... Better Management for Network Security ...
      (Focus-Microsoft)
    • Re: which PC
      ... holes that have been rated as "critical" by security firms. ... should apply the patches immediately. ... agree to accept it as an iChat file transfer, ... this only propagates on the local network - not the internet. ...
      (rec.photo.digital)
    • RE: RPC Scan Issues
      ... deploy the patches), albeit heavier and costly to implement and deploy. ... > S.O.P. on firewall security is EVERYTHING is blocked ... > network analyzers. ... > FREE Whitepaper: Better Management for Network ...
      (Focus-Microsoft)
    • RE: RPC Scan Issues
      ... > One could just tell the software to reboot all ... > S.O.P. on firewall security is EVERYTHING is blocked ... > network analyzers. ...
      (Focus-Microsoft)