Workstation:
1. Registry Key set by A/V (or manually set based on A/V guidance)
2. Windows Update
3. BIOS/Firmware Update from vendor
Server:
1. Registry Key set by A/V (or manually set based on A/V guidance)
2. Window Update
3. Push Registry Keys (2 needed, the third is for Hypver-V Hosts - I
believe)
1. Test and monitor performance impact
4. BIOS/Firmware Update from vendor
That is my understanding thus far...........
Good thing we have nothing else to do ;-)
On Tue, Jan 9, 2018 at 10:48 AM, Brian Illner <[email protected]>
wrote:
> My understanding was that those keys were just for the ServerOS?
>
>
>
> I have a Dell laptop that I completed all the tasks for and *it does not
> have the memory management keys* and yet it shows as all green in
> SpeculationControl?
>
>
>
> Come on MS, your information is changing hourly as each team contradicts
> the other
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227 <(864)%20250-9227>
> 864.679.2537 <(864)%20679-2537> Fax
>
>
>
>
> Visit canalinsurance.com for news and information.
>
>
> <https://www.linkedin.com/company/canal-insurance-company>
>
> *WARNING*: *As the information in this transmittal (including
> attachments, if any) may contain confidential, proprietary, or business
> trade secret information, it should only be reviewed by those who are the
> intended recipients. Unless you are an intended recipient, any review,
> use, disclosure, distribution or copying of this transmittal (or any
> attachments) is strictly prohibited. If you have received this
> transmittal in error, please notify me immediately by reply email and
> destroy all copies of the transmittal. While Canal believes this
> transmittal to be free of virus or other defect, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility is
> accepted by Canal (or its subsidiaries and affiliates) for any loss or
> damage arising therefrom.*
>
> *From:* [email protected] [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Kent, Mark
> *Sent:* Tuesday, January 9, 2018 11:00 AM
> *To:* [email protected]
> *Subject:* [mssms] RE: Confused - Spectre / Meltdown
>
>
>
> Yeah I see them at the bottom of https://support.microsoft.com/
> en-us/help/4073119/protect-against-speculative-execution-
> side-channel-vulnerabilities-in
>
>
>
> And they don’t really say what they are for.
>
>
>
> Keep refreshing the page, wait for an edit J
>
>
>
> Mark Kent
>
> Manager, Client Systems Engineering
>
> Technology Support Services
>
> Resources for Information, Technology and Education (RITE)
>
> http://rite.buffalostate.edu
>
>
>
> *From:* [email protected] [mailto:listsadmin@lists.
> myitforum.com <[email protected]>] *On Behalf Of *SCCM FUN
> *Sent:* Tuesday, January 9, 2018 10:02 AM
> *To:* [email protected]
> *Subject:* [mssms] Confused - Spectre / Meltdown
>
>
>
> Can anyone confirm the following?
>
>
>
> Workstation/Servers - both need the AV key in order to do any patching
> going forward
>
>
>
> Workstation
>
> At one point in the MS article for workstation patching (4073119) I could
> of sworn there wasn't anything about having to making registry settings
> (except for AV) but now it looks like they added 2 registry keys. Were
> these 2 reg keys always in the KB/needed?
>
>
>
> reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
> Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
>
> reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
> Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3
> /f
>
>
>
> Server
>
> 3 reg keys need to be added for the server patch to take effect. Are you
> enabling this on all your servers or just the 3 use cases they list in
> their article (4072698).
>
>
>
> reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
> Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
>
> reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
> Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3
> /f
>
> reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization"
> /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
>
>
>
> Thanks
>
>
>
>
>
>
