RE: [NTSysADM] Using GPP to fight Petya

Wed, 28 Jun 2017 08:05:50 -0700 

From GPMC select the OU, right click, Group Polcy Update.  It isn’t immediate 
on all systems but it will happen within the next 10-15 minutes as it staggers 
them to avoid swamping the server.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Wednesday, June 28, 2017 10:11 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Using GPP to fight Petya

OK, so I've made that change in the GPO, and it creates the file appropriately.

So how do I force all my servers to refresh their GPOs, without going to each 
and doing a "gpupdate /force"? When they automatically check in the next time, 
this policy should be applied. But how to make that happen NOW, rather than 
within the next 24 hours (or whatever)?

On Wed, Jun 28, 2017 at 9:23 AM, Kennedy, Jim 
<kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> wrote:
I will ground my son who wrote that.  It should be ‘replace’.  That will create 
it or replace it.

Now, why you are not seeing it in gpresult I dunno. You ran the gpresult as a 
local admin?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Michael Leone
Sent: Wednesday, June 28, 2017 9:13 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Using GPP to fight Petya

So I'm confused. Looking at this page:

https://www.binarydefense.com/petya-ransomware-without-fluff/

Shows using GPP to create a file "c:\windows\perfc.dat". Apparently, if this 
file exists, the malware stops (yes, I know that there will be a variant Real 
Soon Now that avoids this).

So I made this change:

Computer\Preferences\Windows Settings\Files

And followed the web page ("update", copy windowsupdate.log  to 
c:\windows\perfc.dat", make it read-only. Did all this on a testing GPO I keep 
around for this purpose.

Doing Group Policy Modeling Wizard, I see this being applied as a setting to my 
test VM. Yet when I go an look in c:\windows, I don't see the file.Nor do I see 
that setting in "gpresult /r /v".

What have I done wrong?

Reply via email to