Pipe the server names from a text file to a command like psexec that runs gpupdate?
From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: 28 June 2017 15:11 To: [email protected] Subject: Re: [NTSysADM] Using GPP to fight Petya OK, so I've made that change in the GPO, and it creates the file appropriately. So how do I force all my servers to refresh their GPOs, without going to each and doing a "gpupdate /force"? When they automatically check in the next time, this policy should be applied. But how to make that happen NOW, rather than within the next 24 hours (or whatever)? On Wed, Jun 28, 2017 at 9:23 AM, Kennedy, Jim <[email protected]<mailto:[email protected]>> wrote: I will ground my son who wrote that. It should be ‘replace’. That will create it or replace it. Now, why you are not seeing it in gpresult I dunno. You ran the gpresult as a local admin? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Michael Leone Sent: Wednesday, June 28, 2017 9:13 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Using GPP to fight Petya So I'm confused. Looking at this page: https://www.binarydefense.com/petya-ransomware-without-fluff/ Shows using GPP to create a file "c:\windows\perfc.dat". Apparently, if this file exists, the malware stops (yes, I know that there will be a variant Real Soon Now that avoids this). So I made this change: Computer\Preferences\Windows Settings\Files And followed the web page ("update", copy windowsupdate.log to c:\windows\perfc.dat", make it read-only. Did all this on a testing GPO I keep around for this purpose. Doing Group Policy Modeling Wizard, I see this being applied as a setting to my test VM. Yet when I go an look in c:\windows, I don't see the file.Nor do I see that setting in "gpresult /r /v". What have I done wrong?
