Seems overly complicated. If you have a Windows 2012/Windows 8 box (or
newer) at your disposal, use the invoke-gpupdate cmdlet.
$Devices = Get-ADComputer -Filter <your decision>....
ForEach ($Devices in $Devices) {
Invoke-GPUpdate -Computer $Device -Target Computer
-RandomDelayInMinutes <numericvalue> -Force
}
If you're doing small batches of systems you can set the randomdely to 0
for immediate update. Otherwise set to a value you're comfortable with
depending on the scope of execution.
- Sean
On Wed, Jun 28, 2017 at 6:23 AM, Kennedy, Jim <[email protected]>
wrote:
> Well first they should do it around 90 minutes max on their own.
>
>
>
> You could push a psexec gpupdate against a text file list of the boxes. Or
> via powershell:
>
>
>
> https://blogs.technet.microsoft.com/heyscriptingguy/
> 2012/11/12/force-a-domain-wide-update-of-group-policy-with-powershell/
>
>
>
>
>
> And I will also add servers are not the most important thing to target
> with this mitigation. It is the desktops, they are the ones that are
> clicking on stuff. They will get infected and be used to hit your
> servers.
>
>
>
>
>
> *From:* [email protected] [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Michael Leone
> *Sent:* Wednesday, June 28, 2017 10:11 AM
> *To:* [email protected]
> *Subject:* Re: [NTSysADM] Using GPP to fight Petya
>
>
>
> OK, so I've made that change in the GPO, and it creates the file
> appropriately.
>
>
>
> So how do I force all my servers to refresh their GPOs, without going to
> each and doing a "gpupdate /force"? When they automatically check in the
> next time, this policy should be applied. But how to make that happen NOW,
> rather than within the next 24 hours (or whatever)?
>
>
>
> On Wed, Jun 28, 2017 at 9:23 AM, Kennedy, Jim <
> [email protected]> wrote:
>
> I will ground my son who wrote that. It should be ‘replace’. That will
> create it or replace it.
>
>
>
> Now, why you are not seeing it in gpresult I dunno. You ran the gpresult
> as a local admin?
>
>
>
> *From:* [email protected] [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Michael Leone
> *Sent:* Wednesday, June 28, 2017 9:13 AM
> *To:* [email protected]
> *Subject:* [NTSysADM] Using GPP to fight Petya
>
>
>
> So I'm confused. Looking at this page:
>
>
>
> https://www.binarydefense.com/petya-ransomware-without-fluff/
>
>
>
> Shows using GPP to create a file "c:\windows\perfc.dat". Apparently, if
> this file exists, the malware stops (yes, I know that there will be a
> variant Real Soon Now that avoids this).
>
>
>
> So I made this change:
>
>
>
> Computer\Preferences\Windows Settings\Files
>
>
>
> And followed the web page ("update", copy windowsupdate.log to
> c:\windows\perfc.dat", make it read-only. Did all this on a testing GPO I
> keep around for this purpose.
>
>
>
> Doing Group Policy Modeling Wizard, I see this being applied as a setting
> to my test VM. Yet when I go an look in c:\windows, I don't see the
> file.Nor do I see that setting in "gpresult /r /v".
>
>
>
> What have I done wrong?
>
>
>
>
>
>
>
>
>
