Someone posted the link to the Patch Management list that I used http://blogs.msdn.com/askie/archive/2009/07/08/quick-and-dirty-group-policy-adm-template-to-implement-the-workaround-from-kb972890.aspx
Looks like there was a coding error in it, apparently 2009/7/10 Carl Houseman <c.house...@gmail.com> > Is there a URL for those ".adm files available from MS"? No one else has > mentioned them nor were they part of the "workarounds" section of the SB. > It seems like such things would have been tested and not hazardous to use. > > > > Carl > > > > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Friday, July 10, 2009 2:28 PM > *To:* NT System Admin Issues > *Subject:* Re: WSUS and IE8 > > > > Yeah, I was intending to do it with a group policy preference, but when I > saw the .adm files available from MS, I thought I would save myself a bit of > time and apply them through a "normal" GPO, registry settings from a .adm > file > > As usual, it turned out to be more work, and not less :-) > > 2009/7/10 Carl Houseman <c.house...@gmail.com> > > What do you mean by "standard GPO"? A custom .adm file? > > > > I think most of us are doing this in GPO by running a startup script to run > a .reg file. > > > > Carl > > > > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Friday, July 10, 2009 5:57 AM > *To:* NT System Admin Issues > *Subject:* Re: WSUS and IE8 > > > > I managed to solve the problem here, but I am at a loss to explain it. > > This morning I used Microsoft's .adm file to set the forty-odd killbits via > GPO for my server systems. Pretty soon after this I noticed IE8 being > offered on a number of servers. For some reason all the WSUS settings, which > are applied via GPO, were gone from the Registry. Running a gpupdate threw a > few "parameter incorrect" errors in the Application log on the GPO just > created, which then seemed to choke the rest of the GPOs off - even though > it reported successful application. > > Seems, in the absence of the WSUS settings, my servers went "running home > to mama" and decided to pull in the IE8 update, the XML Core Services stuff, > and the June Malicious Software Removal tool from Windows Update. Deleting > the link to the new GPO, and running a *gpupdate*, then a *wuauclt > /detectnow*, has made them disappear again. > > Pretty weird. I am now going to have the nice job of entering all those > killbits into a Group Policy Preference instead of a standard GPO. Just > thought I would share in case anyone else notices the same thing. > > 2009/7/10 James Rankin <kz2...@googlemail.com> > > Is it just me, or has everyone just noticed IE8 offering itself as an > update through WSUS? I am pretty sure I have not approved it, yet here it > is, along with an updare for Microsoft XML Core Services. I was sure that it > wasn't due to come through WSUS until August - and even then it shouldn't > have made it through the approval process without some intervention. > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > http://raythestray.blogspot.com > > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > http://raythestray.blogspot.com > > > > > > > > > > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > http://raythestray.blogspot.com > > > > > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~