Deploy Microsoft Zero-Day Patch with a Zenith Job
Mark Berry July 7, 2009
Yesterday, Microsoft released this security advisory:
Vulnerability in Microsoft Video ActiveX control could allow remote code execution
That article includes a “Fix it” link that users can click on to disable the exploited ActiveX objects in Internet Explorer. The link downloads a small installer file which users can only execute if they are logged on as administrators. So deploying using that link would require that an administrator log on to each computer, including servers, and run the installer.
How can I quickly deploy this patch to all systems that I manage? I could follow the instructions in the related TechNet article to manually set up a .reg file, then deploy that with logon scripts or group policy. That article at least confirms that the fix is changing HKEY_LOCAL_MACHINE entries, so it’s not user-specific. I decided instead to deploy the installer using a Zenith job. Here’s how.
More...Deploy Software with a Custom Zenith Job
Mark Berry May 22, 2009
The Zenith Infotech SAAZ platform includes a Job functionality that can be used to create custom software deployment jobs. This function is simpler, and thus less powerful, than A.S.E. scripting, but it can be useful for deploying software to multiple computers at a site, for example.
Zenith provides a decent Job Management Training Guide in PDF format on their partner portal. I just wanted to note a couple things I didn’t see documented:
More...Run CMD as LOCAL SYSTEM User
Mark Berry May 22, 2009
Zenith Infotech's SAAZ platform allow you to set up jobs to run on client machine, e.g. for installing software. The jobs run as user LOCAL SYSTEM. Deploying a SAAZ job can take 15-30 minutes, which is too long to wait between test runs. So how does one open a command prompt as user LOCAL SYSTEM for testing? Adi Otlean provides the answer near the end of this post:
- Open a command prompt and type
sc create CmdSvc binpath= "cmd /K start" type= own type= interact
sc start CmdSvc
Attempting to start the service will fail with error 1053 because CMD doesn't have any service-related code. However it will also open a new CMD window running as LOCAL SYSTEM. - Do your testing in the new CMD window.
- When you're done, you might want to get rid of the service:
sc delete CmdSvc
Thanks Adi
More...Zenith A.S.E. Scripting Tips and Tricks
Mark Berry May 15, 2009
The Zenith Infotech Advanced Scripting Engine (A.S.E.) provides a framework for deploying scripts written in Zenith’s OEM version of Automise 3 Professional. Scripts can be deployed once on demand or, using templates, on a recurring schedule.
A.S.E. scripting is still fairly new in the Zenith offering, and definitely takes some getting used to. Here are a few things that I’ve learned along the way. I’ll cover five topics:
Script Parameters
INI Files
Helper Scripts
ITS Variables and the SAAZ Extended Database
When Scripts Run
MD5 Checksums
About
Welcome to the Tech Blog! MCB Systems is a San Diego-based provider of information technology services and custom database programming services. We are based in Point Loma with easy access to downtown San Diego, Ocean Beach, Pacific Beach, and Mission Valley. This tech blog is geared towards my I.T. colleagues, but end users may be interested to glimpse what goes on "behind the scenes" in keeping their computing environments stable and secure.
Mark Berry owns MCB Systems, a San Diego provider of I.T. services. Contact MCB Systems.
Subscribe to the MCB Tech Blog
