Incidentally, there's still a zero day out there with Wordpad. http://news.cnet.com/8301-1009_3-10120546-83.html Doesn't affect Wserver 2008, Vista or XP SP3 but still worth keeping in mind if you have machines that aren't up to the latest grade. Alex
________________________________ From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 17, 2008 10:10 AM To: NT System Admin Issues Subject: Re: 0-day IE Exploit "in the wild" I forgot to mention that the net view command will only work well if, like mine, all your machines are devoid of comments in the computer name 2008/12/17 James Rankin <kz2...@googlemail.com> I just keep a text file with all my server names in and hit it with a for /f %a in (servernames.txt) do psexec \\%a wuauclt /detectnow You can mix and match as much as you want, ideal for gpupdate /force, copy commands, ipconfig /flushdns, anything you need If there is any need to grab machine names from the network, I generally use net view|find "\\" to pipe them in for /f "tokens=1 delims=\" %a in ('net view^|find "\\"') do psexec \\%a your command here Pretty clunky, but effective 2008/12/17 David Lum <david....@nwea.org> Excel is your friend. I have run WUAUCLT /DETECTNOW on 300 systems - I created 6 batch files of 50 machines each and let 'er rip. Works great. David Lum ________________________________ From: Jason Morris [mailto:jmor...@mjmc.com] Sent: Tuesday, December 16, 2008 1:44 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" My experience with PSEXEC is that it doesn't like to have multiple commands pasted in. I work them individually, but it's usually in small batches of users so it's not bad. I connect to the computer to run cmd.exe then do my stuff from there one command at a time. I even made a batch file to make it easier... Psexecsys.bat 10.1.1.1 jmorris "My Password" Psexec \\%1 -u domain\%2 -p %3 cmd.exe Then I do my things from there one at a time. I've tried to run batch files from that cmd prompt but had very poor luck. If you do find a way to do it, that would be nice. Good luck! Jason From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, December 16, 2008 3:35 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" Does anyone have a psexec batch file to pass psexec a list of systems (from a text file, perhaps) for it to remotely run WUAUCLT on said systems? Sean Rector, MCSE From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Tuesday, December 16, 2008 4:17 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" Just got this... patch is supposed to be released out of band tomorrow... http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx -Bonnie From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Thursday, December 11, 2008 9:12 AM To: NT System Admin Issues Subject: 0-day IE Exploit "in the wild" http://isc.sans.org/ http://www.microsoft.com/technet/security/advisory/961051.mspx -Bonnie Information Technology Manager Virginia Opera Association E-Mail: sean.rec...@vaopera.org <mailto:sean.rec...@vaopera.org> Phone: (757) 213-4548 (direct line) {+} > 2008-2009 Season: Tosca <http://www.vaopera.org/tosca> | The Barber of Seville <http://www.vaopera.org/barber> > Recently Announced: Virginia Opera's 35th Anniversary Season 2009-2010 <http://www.vaopera.org/upcoming> Visit us online at www.vaopera.org <http://www.vaopera.org> or call 1-866-OPERA-VA ________________________________ This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} ------------------------------------------------------------------------ ------------------ The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~