Deploy Microsoft Zero-Day Patch with a Zenith Job

Mark Berry July 7, 2009

Yesterday, Microsoft released this security advisory:

Vulnerability in Microsoft Video ActiveX control could allow remote code execution

That article includes a “Fix it” link that users can click on to disable the exploited ActiveX objects in Internet Explorer. The link downloads a small installer file which users can only execute if they are logged on as administrators. So deploying using that link would require that an administrator log on to each computer, including servers, and run the installer.

How can I quickly deploy this patch to all systems that I manage? I could follow the instructions in the related TechNet article to manually set up a .reg file, then deploy that with logon scripts or group policy. That article at least confirms that the fix is changing HKEY_LOCAL_MACHINE entries, so it’s not user-specific. I decided instead to deploy the installer using a Zenith job. Here’s how.

Excluding HTTP Sites from NOD32 Version 3.0

Mark Berry June 2, 2009

I’m running NOD32 Antivirus Business Edition version 3.0.684.0.

Zenith Infotech monitoring sometimes downloads files that trip NOD32′s HTTP filter (e.g. SpyBot and BitDefender executables). Zenith recommends excluding “update.itsupport247.net” from antivirus scanning. It’s not hard to do in NOD32, but it is hard to find someone who knows how to do it!

Deploy Software with a Custom Zenith Job

Mark Berry May 22, 2009

The Zenith Infotech SAAZ platform includes a Job functionality that can be used to create custom software deployment jobs. This function is simpler, and thus less powerful, than A.S.E. scripting, but it can be useful for deploying software to multiple computers at a site, for example.

Zenith provides a decent Job Management Training Guide in PDF format on their partner portal. I just wanted to note a couple things I didn’t see documented:

Run CMD as LOCAL SYSTEM User

Mark Berry May 22, 2009

Zenith Infotech's SAAZ platform allow you to set up jobs to run on client machine, e.g. for installing software. The jobs run as user LOCAL SYSTEM. Deploying a SAAZ job can take 15-30 minutes, which is too long to wait between test runs. So how does one open a command prompt as user LOCAL SYSTEM for testing? Adi Otlean provides the answer near the end of this post:

1. Open a command prompt and type
   sc create CmdSvc binpath= "cmd /K start" type= own type= interact
sc start CmdSvc
   Attempting to start the service will fail with error 1053 because CMD doesn't have any service-related code. However it will also open a new CMD window running as LOCAL SYSTEM.
2. Do your testing in the new CMD window.
3. When you're done, you might want to get rid of the service:
   sc delete CmdSvc

Thanks Adi

Zenith A.S.E. Scripting Tips and Tricks

Mark Berry May 15, 2009

The Zenith Infotech Advanced Scripting Engine (A.S.E.) provides a framework for deploying scripts written in Zenith’s OEM version of Automise 3 Professional. Scripts can be deployed once on demand or, using templates, on a recurring schedule.

A.S.E. scripting is still fairly new in the Zenith offering, and definitely takes some getting used to. Here are a few things that I’ve learned along the way. I’ll cover five topics:

Script Parameters
INI Files
Helper Scripts
ITS Variables and the SAAZ Extended Database
When Scripts Run
MD5 Checksums