On Wed, Jun 28, 2017 at 9:23 AM, Kennedy, Jim <[email protected]> wrote:
> I will ground my son who wrote that. It should be ‘replace’. That will > create it or replace it. > OK, I will change that option ... > Now, why you are not seeing it in gpresult I dunno. You ran the gpresult > as a local admin? > I did. I rebooted (luckily it's a test server), and the file showed up. Even though I had done a "gpupdate /force /target:computer", specifically to avoid rebooting ... There are other test VMs in that same OU, I will check those ... BTW, lot of other sites recommend creating a file "perfc" (no extension), and this page recommends "perfc.dat". Perhaps I should create both, just to be sure ... > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Michael Leone > *Sent:* Wednesday, June 28, 2017 9:13 AM > *To:* [email protected] > *Subject:* [NTSysADM] Using GPP to fight Petya > > > > So I'm confused. Looking at this page: > > > > https://www.binarydefense.com/petya-ransomware-without-fluff/ > > > > Shows using GPP to create a file "c:\windows\perfc.dat". Apparently, if > this file exists, the malware stops (yes, I know that there will be a > variant Real Soon Now that avoids this). > > > > So I made this change: > > > > Computer\Preferences\Windows Settings\Files > > > > And followed the web page ("update", copy windowsupdate.log to > c:\windows\perfc.dat", make it read-only. Did all this on a testing GPO I > keep around for this purpose. > > > > Doing Group Policy Modeling Wizard, I see this being applied as a setting > to my test VM. Yet when I go an look in c:\windows, I don't see the > file.Nor do I see that setting in "gpresult /r /v". > > > > What have I done wrong? > > > > > > >
