Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Deploy RPC Fix via AD 1
- Thread starter Resonate
- Start date
-
1
- #2
I've never succeeded in packaging any of the MS patches into an MSI. It's mostly because the files are in use and they can't be overwritten with MSI, but with the patch software, it somehow does it anyhow.
You should look into the SUS (Software Update Server) from MS. It's free and it integrates like the Web version that you use for Windows Update. I've heard (cause I have yet to install it) that you can propagate the installations you like and force them to install. Of course, this only applies to the patches and updates.
"In space, nobody can hear you click..."
You should look into the SUS (Software Update Server) from MS. It's free and it integrates like the Web version that you use for Windows Update. I've heard (cause I have yet to install it) that you can propagate the installations you like and force them to install. Of course, this only applies to the patches and updates.
"In space, nobody can hear you click..."
- Thread starter
- #3
jgoodman00
Programmer
- Jan 23, 2001
- 1,510
any idea what components of IIS are essential to run SUS ?
What components of IIS need to be present prior to installing Software Update
Services?
If you install IIS 5.0 on Windows 2000 or IIS 6.0 on any of the Windows Server 2003 family of operating
systems with the default set of components, you will have everything you need to run SUS.
Specifically, if you want to just install the minimum IIS components to use SUS, then you should install
the following IIS components prior to the installation of SUS:
· Common Files
· Internet Information Services Snap-In
· World Wide Web Server
What Changes will Setup make to my IIS configuration? (in the IIS metabase)
The following IIS metabase properties are changed during SUS set up:
IIS configuration to ensure that IIS does not start more than one thread per process
Property Value
w3svc/AspProcessorThreadMax 1
IIS configuration for throttling the number of threads based on CPU usage
Property Value
w3svc/AspThreadGateEnabled True
James Goodman MCP
What components of IIS need to be present prior to installing Software Update
Services?
If you install IIS 5.0 on Windows 2000 or IIS 6.0 on any of the Windows Server 2003 family of operating
systems with the default set of components, you will have everything you need to run SUS.
Specifically, if you want to just install the minimum IIS components to use SUS, then you should install
the following IIS components prior to the installation of SUS:
· Common Files
· Internet Information Services Snap-In
· World Wide Web Server
What Changes will Setup make to my IIS configuration? (in the IIS metabase)
The following IIS metabase properties are changed during SUS set up:
IIS configuration to ensure that IIS does not start more than one thread per process
Property Value
w3svc/AspProcessorThreadMax 1
IIS configuration for throttling the number of threads based on CPU usage
Property Value
w3svc/AspThreadGateEnabled True
James Goodman MCP
This was sent via NTbugtraq and it is 2 GPO scripts that will help with Blaster. All credit for these scripts goes to Tobias Schmidt
These scripts which are AD and group policy driven siginificantly help lager enterprises kill the MSBlast virus. The files currently available are revised slightly from the previous rev. Here is what the two scripts to.
1. The computer side script runs when a domain member machine starts. This script finds the registry entries, any running processes, and the executable and kills them. When the actual executable is deleted, a 'safe' placeholder file is put in its place. It is only a text file with an extension of .exe so:
2. When the user logs in, the second script takes over. The script looks for the same items as the computer script; however will send notification to logged on user that the patches need to be applied and provides an IE window with a link to them. The program then loops indefinetly and checks for the virus every ten seconds. The reason for this is that may times the machines are being infected; and they restart before the patches can be applied
The looping app kills the processes fast enough to keep this from happening. This process is fairly low overhead, only consuming 2-3 cpu cycles every ten seconds.
Once the machines are patched, they are good to go. Even if they are infected before the machine is rebooted, the next boot will clean the machine.
Toby
-----Original Message-----
From: Schmidt, Tobias E
Subject: GPO blaster scripts --
These scripts which are AD and group policy driven siginificantly help lager enterprises kill the MSBlast virus. The files currently available are revised slightly from the previous rev. Here is what the two scripts to.
1. The computer side script runs when a domain member machine starts. This script finds the registry entries, any running processes, and the executable and kills them. When the actual executable is deleted, a 'safe' placeholder file is put in its place. It is only a text file with an extension of .exe so:
2. When the user logs in, the second script takes over. The script looks for the same items as the computer script; however will send notification to logged on user that the patches need to be applied and provides an IE window with a link to them. The program then loops indefinetly and checks for the virus every ten seconds. The reason for this is that may times the machines are being infected; and they restart before the patches can be applied
The looping app kills the processes fast enough to keep this from happening. This process is fairly low overhead, only consuming 2-3 cpu cycles every ten seconds. Once the machines are patched, they are good to go. Even if they are infected before the machine is rebooted, the next boot will clean the machine.
Toby
-----Original Message-----
From: Schmidt, Tobias E
Subject: GPO blaster scripts --
- Status
Similar threads
