Have you got a filter applied? You may need to add Domain Computers to it From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: 28 June 2017 14:13 To: [email protected] Subject: [NTSysADM] Using GPP to fight Petya
So I'm confused. Looking at this page: https://www.binarydefense.com/petya-ransomware-without-fluff/ Shows using GPP to create a file "c:\windows\perfc.dat". Apparently, if this file exists, the malware stops (yes, I know that there will be a variant Real Soon Now that avoids this). So I made this change: Computer\Preferences\Windows Settings\Files And followed the web page ("update", copy windowsupdate.log to c:\windows\perfc.dat", make it read-only. Did all this on a testing GPO I keep around for this purpose. Doing Group Policy Modeling Wizard, I see this being applied as a setting to my test VM. Yet when I go an look in c:\windows, I don't see the file.Nor do I see that setting in "gpresult /r /v". What have I done wrong?
