Deploying a Security Patch One of the pieces of nasty-ware recently making the rounds was called the Sasser worm, which some of our customers have had unfortunate encounters with. As this particular virus is still causing problems, today?s tip gives step-by-step instructions on using RemoteScope to deploy a patch that removes Sasser from any Windows XP systems on your network. The same general procedure can be used on other Windows versions and for other security patches, using the guidelines at the end. And for those of you who don?t have RemoteScope, you can get a free 30-day, 5-seat trial version, here: http://www.micro2000.co.uk/products/remotescope/utilities.htm The first step is to get a copy of the patch, from http://www.microsoft.com/downloads/ The file you want is called Windows-KB841720-ENU-V4.exe. Save this file to a convenient location on the system where you have installed the RemoteScope Console. Creating the Product

1. Open the RemoteScope Console program and select Product Definition Edit from the Distribution menu. This will open the Product Edit window.

2. In the Product Edit window, choose New Product Definition from the Product menu. Enter a name for this product, such as SasserRemoval, and click OK.

3. For Installation Type, choose ?Other?. Ignore the Kit Path box.

4. Click the button for Add Files, and then navigate to the file you just downloaded. Highlight it and click Add, then click Close. Check that the file was added to the Installation Files List box. Creating the Mode

5. Pull down the Product menu again and select New Distribution Mode. This will change the Product Edit window to its Mode format. Enter a name for the Mode, such as SasserXp, and click OK.

6. Click the button to ?Transfer files listed in Installation File List?..?

7. On the command line, type Windows-KB841720-ENU-V4.exe/quiet/passive/norestart This looks like a lot but it actually just contains the name of the file to execute, and three switches. The switches say this will be a ?silent? install that runs in the background; it does not need user intervention, and does not require restarting the system.

8. Select Save from the File menu and then close the Product Edit window. Distribution

9. Back in the main Console window, go to the Distribution menu again and select Distribute to open the Software Distribution window.

10. On the left side of the window, check the box next to each Client system that should receive the patch.

11. On the right side, select the correct Product and Mode from their respective pull-down lists. If this is your first distribution, they will be the only ones on the list.

12. Click on Distribute to deploy the patch immediately. If you would prefer to deploy it later or unattended on a schedule, click Save as a Task and give the task a name. It will then be available from the Task list in the main Console window.

General Guidelines Some patches, like this one, are only for one operating system and can only be deployed to systems with that OS. If necessary, set up separate distribution tasks for each OS using the same procedure given above.

Other software can be deployed to all Clients in one distribution. Some patches and applications will download as a zip file containing multiple installation files, and must be extracted before being added to the Installation File List in Step 4. And if one of the extracted files has an extension of .MSI, then you will also need to add the MSIEXEC.EXE file.

At least one copy of this can usually be found on the C: drive. To find out what switches are available for a particular patch or application, go to the Command prompt and run the software?s .EXE file with the /? switch. In our example above, it would look like this: Windows-KB841720-ENU-V4.exe /? Although we have broken the deployment process into 12 steps, you will find after you?ve tried it a time or two that the whole setup only takes a couple of minutes.

It?s definitely faster than running around to each system to install a patch and that?s a really good thing, because the Sasser worm is just the tip of the iceberg.

http://www.justvb.net/it/