RE: Purging Blaster.worm

[Meidinger Chris <chris.meidinger () badenit de>]

I use scheduled tasks with jt.exe - from the NT Res Kit, a replacement for
at.exe - and scripts. I can essentially bean scheduled tasks to any pc that
i need to. I create lists of pcs at login, and then have a task running to
beam tasks to those pcs that need them.

Search www.kixtart.org for 'jt.exe' and you will find a set of papers on how
to set it up. I did it using vbs, but similarly to the way the guys there
did it in kix.

badenIT GmbH
System Support
 
Chris Meidinger
Tullastrasse 70
79108 Freiburg


-----Original Message-----
From: root@localhost.localdomain [mailto:root@localhost.localdomain]
Sent: Friday, August 15, 2003 2:33 PM
To: Meidinger Chris
Subject: Re: Purging Blaster.worm


You know I have ran into that problem.  Here is what I did.  

Our workstations have the SU service installed and set to Manual load.  You 
can get the SU service install from the Windows 2000 Resource Kit.
Basically 
it is the same thing as the runas command but you can point it to a file
that 
contains the password, therefore never prompting you for it.  

I create a batch file that starts the SU service on the workstation (users 
have permission to start and stop this service) use the SU command to run
the 
patch as an administrator and have it look for the password file on a shared

folder.  After the patch is installed, the SU service is turned off and the 
password file is deleted.

It is a handt tool but I am still trying to find a better way to install 
patches with user level permissions.  I don't like a text file hanging out
on 
a share that contains a workstation-level adminstrator user's password, even

if it is for only for 20 minutes at a time.

Hope this helps.

Shawn



On Friday 15 August 2003 07:13, Meidinger Chris wrote:
> remember that in an NT domain your login script runs with user rights.
> i don't believe that would be enough to apply a hotfix, but correct me
> someone.
>
> badenIT GmbH
> System Support
>
> Chris Meidinger
> Tullastrasse 70
> 79108 Freiburg
>
>
> -----Original Message-----
> From: Todd [mailto:tod () megachump com]
> Sent: Thursday, August 14, 2003 7:49 PM
> To: security-basics () securityfocus com
> Subject: Re: Purging Blaster.worm
>
>
> Does anyone have an NT login script they've used to run the update and
> symantec worm fix?
>
> I've considered putting together something that will first run HfNetChk,
IF
> "* WINDOWS 2000 SP4\nInformation\nAll necessary hotfixes have been
applied"
> does not exist, then run the update and wormfix.
>
> Any suggestions?

---------------------------------------------------------------------------
----------------------------------------------------------------------------