WannaCry Protection

#7: You don’t WannaCry no more? Do this 1 easy trick!

Frank van Hoolwerff #SoftwareDeploymentTips 0 Comments

WannaCry. One badass cryptoware virus that was hitting the web and thus many systems last week. For now 200.000 or some computers were hit (that we know of), but we don’t want to become one of them! Maybe this was a wakeup call for you as an admin or maybe you were already waiting every next Tuesday of the month for Microsoft to release the patches.

But what is an EASY way to update all the machines in your domain for WannaCry protection? Easy Software Deployment of course! In this short blog I will tell you how to put Windows updates in Easy Software Deployment for you to deploy. Windows updates can be set automatically via Windows updates, but perhaps you don’t want all your systems to update whatever is offered, maybe you need to test the updates first against your systems so you know your infrastructure, applications, etc. will keep functioning after they are patched. Microsoft offers WSUS to do this, it is free to use but very limited. If you want more grip on the deployment, Easy Software Deployment is your best choice! Ok let’s GO!

First step of the WannaCry protection:

Sign up here for notifications when security patches are available. You will now receive e-mails about new patches and why they are released from Microsoft. The WannaCry vulnarability was patched in security bulletin MS17-10 which was released in March. Funny huh, they released it in March and now in May people are getting hit by the ransomware, this means only one thing: they where not patching!!

Okay, so you have subscribed with Microsoft to get an update on patches and the update about MS17-10 will hit your mailbox. But how do we implement this? We will use a Windows 10 client in our domain to demonstrate the deployment via Easy Software Deployment.

Domain: App.local
Server: 2012R2
Client: Windows 10
Distribution: Easy Software Deployment

Download the required patch for Windows 10 here and place it on your file share (we use DFS): \\APP.local\DFS\Applications\_WUpdates. Now create a Windows Update category in ESD:

Right click on “Installation Items”.

Select “New Installation Category”.

Give your category a name, Windows Updates would be most suitable. 😉 I also created a subcategory called Windows 10.

Your structure will now look something like this:

Now we will create a new Installation Item for the Windows update. Right click on the Windows 10 category “Folder” and select “New Installation Item”.

Select “Windows Installer”. (In our next release, we will add a Windows Update Category, so it will even be more easier. Be the first to know, subscribe to our newsletter here!) Click “Next >”.

Select “Computer Based” (Windows updates are machine based) and click “Next >”.

Select the MSU file we need (for MSU files to be visible select “All Files (*.*)”), in this case: Windows10.0-kb4012606-x64.msu and click “Open”.

Click “Edit Install Commands”

Click “Remove”.

Click “Add”.

Type the following command: WUSA.exe “\\PATHTOYOURMSU\MSU.msu” /quiet /norestart and click “OK”.

Go to the “Deployment Options” screen and select “Start at OS Startup (System)”.

Go to the “Availability Options” screen and select “Membership passed for everyone”, this way every computer will get the update.

Go to the “Restrictions” screen and select the OS that matches the update. In this case we only want all the Windows 10 machines to receive this update, So deselect everything, except for Windows 10. Hit “OK”.

Click the Deploy Button.

Now boot a Windows 10 client that has the East Sofware Deploymeny agent deployed and as soon as it comes online, the update will be installed. You can track the installation status of the update in the console. Click your Windows 10 client and click “Retrieve info”:

Voila, now you are patched!
Did you like this guide? Or maybe you want to take Easy Software Deployment for a ride? Request your free 30 day trial or free live webcast demo right now!

‘Till next time!

Frank


Software Deployment Tips is a recurring blog series about current news in the software/app world.
Each time we will handle a situation, which is important and relevant at that time, and we will show you how to quickly take care of it using Easy Software Deployment.

Written by Frank van Hoolwerff, our Senior Technical Consultant.

Frankblauwrond2


So, did you enjoy this article on WannaCry Protection on our Software Deployment Tips blog?

twittermailchimpcardesd



Leave a Reply

Your email address will not be published. Required fields are marked *