Monday, February 23, 2009

Symantec Endpoint Rapid Release for FU Worm

NOTE: After a cursory view of the Symantec forums, it's come to my attention that it is NOT best practice to use Rapid Release, unless directed by Symantec or if you have this worm. I would compare this closely to M$ release of patches that are special in nature, and would normally only release these if the system exhibited specific symptoms related to said patch.

In other words, use at your own risk.

Image representing Symantec as depicted in Cru...Image via CrunchBase

Downloading and Installing RapidRelease Definitions:

  1. Open your Web browser. If you are using a dial-up connection, connect to any Web site, such as: http://securityresponse.symantec.com/
  2. Copy and paste the address ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/sequence/ into the address bar of your Web browser and then press Enter.(this could take a minute or so if you have a slow connection)
  3. Now select 92114 folder or a higher. Open the folder.
  4. Select the file symrapidreleasedefsx86.exe
  5. When a download dialog box appears, save the file to the Windows desktop.
  6. Double-click the downloaded file and follow the prompts.
Reblog this post [with Zemanta]

Friday, February 06, 2009

Running Logon Scripts with CPAU

I like scripting.

It helps me manage my client PC's, perform redundant tasks, push out software updates, among other things.

Most of the users on my network do not have privileges to install software, so this affects how some of my scripts function.

I discovered that setting GPO to install applications with elevated privileges doesn't mean that the logon scripts also get processed the same way. This annoyed me, and I quickly found a solution.

Introduce CPAU, from http://www.joeware.net/. A neat little utility that takes the place of RUNAS, and very easy to use.

I use it to launch my domain logon script, as it copies a HOST file, and other batch files run locally by the scheduler service, which are not allowed write by ordinary users.

The following line encodes a file that will run logon.cmd using the credentials provided it.

\\mydc\netlogon\cpau.exe -u mydomain\UserWithPermissions -p UserWithPermissionsPassword -ex \\mydc\netlogon\logon.cmd -file \\mydc\netlogon\logon.txt -enc

The following line runs this file, which in turn fires logon.cmd with elevated priveledges.

\\mydc\netlogon\cpau.exe -hide -file \\mydc\netlogon\logon.txt -dec -lwp

It's important to note that you should use UNC, and if you need local access, use -lwp.

RTFM for more info on his site.

TIP: Place drive and print mapping duties to a script that runs under the users credentials, i.e., NOT using CPAU. From the site:

Another thing that confused people is security of network drives. When you spawn a process in another security context, you lose access to your current network drives. This is a security function Microsoft has been implementing. It wasn't the case in Windows NT and I know of no way to help you get it re-enabled because you can't. You should use UNC's as much as possible for connecting to remote file shares. See http://support.microsoft.com/kb/180362

PS: He has MANY other great tools available!

Reblog this post [with Zemanta]