|
|
How to WMF Hack proof your machines
It looks like moments after the fix for the WMF vulnerability was released some researches have found two more flaws that were previously unknown. They were discovered by a hacker that goes by the name cocoruder. All of these vulnerabilities surround the dll that allows users to preview images.
With this news in mind we have decided to completely disable image previews on our systems until Microsoft has this whole mess sorted out. The way to do it is very simple:
Click on start, then run, and type the following:
regsvr32 /u shimgvw.dll
Click OK, and image previews will be disabled.
When Microsoft finally gets their act together on this issue and releases more patches you can turn it back on by doing the same, but changing the command line to:
regsvr32 shimgvw.dll
Posted By: Steve Wiseman on Monday, January 09, 2006
How to refresh group policy on Windows 2000
I could not for the life of me remember how to refresh group policy on a windows 2000 workstation. I finally found the command line to do it. I know this will help someone out there:
Using Microsoft Windows 2000, how do I force a group policy to be applied?
When you make a change to a Group Policy Object (GPO), the change takes place on a Windows 2000 domain controller. The change then replicates to all other domain controllers in the Active Directory. All Windows 2000 computers in Active Directory check for modifications to GPOs at regular intervals. If there are changes, then they are applied during the next interval.
If you need to apply the change immediately, you can use one of the following commands to trigger the process:
* To refresh the group policy for the local computer, enter: secedit /refreshpolicy machine_policy
* To refresh the group policy for the user currently logged in, enter: secedit /refreshpolicy user_policy
These commands compare the currently applied GPO to the GPO located on the domain controllers. If nothing has changed since the last time the GPO was applied, then the GPO is skipped.
To force a GPO to be reapplied, whether or not changes have been made to the GPO, use the /enforce switch: secedit /refreshpolicy machine_policy /enforce Once Windows 2000 accepts the request, it will display the following message:
"Group policy propagation from the domain has been initiated for this computer. It may take a few minutes for the propagation to complete and the new policy to take effect. Please check Application Log for errors, if any."
Posted By: Steve Wiseman on Monday, January 09, 2006
Silent install of Office XP SP2
We have had this really nasty bug with Office XP. Every time a user tries to print to specific printers the whole thing locks up. We originally thought it might be the printer driver. We tried all kinds of things to get these machines to work. Only to find out it was a bug in word - one that SP2 fixes. It fixes the problem - great - but we have over 100 machines to patch!
First, we downloaded the full version of the patch from here
Next we updated the login script that all of the users have to install the patch when they login. Yes we know we could push it via Group Policy - We opted not to.
We copied to one of our servers, and put it on a public share that these users could access.
Then we updated the login scripts to call the patch:
\\server1\office2003\sp2\2003SP2.exe /q > \\server1\office2003\sp1\%computername%.log
Then we just checked the \\server1\office2003\sp1 directory for the log files created by each computer - That way we knew if it was installed without error.
That is all there is too it!
Posted By: Steve Wiseman on Monday, January 09, 2006
|
 |
