OK, so I've made that change in the GPO, and it creates the file appropriately.
So how do I force all my servers to refresh their GPOs, without going to each and doing a "gpupdate /force"? When they automatically check in the next time, this policy should be applied. But how to make that happen NOW, rather than within the next 24 hours (or whatever)? On Wed, Jun 28, 2017 at 9:23 AM, Kennedy, Jim <kennedy...@elyriaschools.org> wrote: > I will ground my son who wrote that. It should be ‘replace’. That will > create it or replace it. > > > > Now, why you are not seeing it in gpresult I dunno. You ran the gpresult > as a local admin? > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Michael Leone > *Sent:* Wednesday, June 28, 2017 9:13 AM > *To:* ntsysadm@lists.myitforum.com > *Subject:* [NTSysADM] Using GPP to fight Petya > > > > So I'm confused. Looking at this page: > > > > https://www.binarydefense.com/petya-ransomware-without-fluff/ > > > > Shows using GPP to create a file "c:\windows\perfc.dat". Apparently, if > this file exists, the malware stops (yes, I know that there will be a > variant Real Soon Now that avoids this). > > > > So I made this change: > > > > Computer\Preferences\Windows Settings\Files > > > > And followed the web page ("update", copy windowsupdate.log to > c:\windows\perfc.dat", make it read-only. Did all this on a testing GPO I > keep around for this purpose. > > > > Doing Group Policy Modeling Wizard, I see this being applied as a setting > to my test VM. Yet when I go an look in c:\windows, I don't see the > file.Nor do I see that setting in "gpresult /r /v". > > > > What have I done wrong? > > > > > > >
