Friday, January 29, 2010
Thursday, January 28, 2010
Configuring automatic updates
Once the updated version of Automatic Updates has been deployed to client computers, you can configure the client software. The settings can be configured through the Local Security Policy on each computer or if your network uses Active Directory, you can deploy settings using group policy.
Using Active Directory to configure WSUS clients
Before you can deploy any settings through a Group Policy Object (GPO) you must first load the Automatic Update policy settings. This should be done when Software Update Services is installed. If not, open the appropriate GPO, under the Computer Configuration or User Configuration, right click the Administrative Templates folder and click Add/Remove Templates. Click Add and locate the Automatic Updates ADM file (wuau.adm) which is located in the Windows\inf directory. Select the adm file and click Open.
You can find the Windows Update settings within a GPO by navigating to Computer Configuration/ Administrative Templates/ Windows Components/ Windows Update folder. Within the details pane, double click Configure Automatic Updates and click Enabled. The details pane will display the options listed below:
- Configure Automatic Updates
- Specify Intranet Microsoft update service location
- Enable client-side targeting
- Reschedule Automate Update scheduled installations
- No auto-restart for scheduled update installation options
- Automatic Update detection frequency
- Allow Automatic Update immediate installation
- Delay restart for schedule installations
- Re-prompt for restart with scheduled installations
- Allow non-administrators to receive update notifications
- Remove links and access to Windows Update
- Notify for download and notify for install - A logged on administrative user will be notified before updates are downloaded and again before updates are installed.
- Auto download and notify for install (this is the default) - Updates are automatically downloaded. A logged on administrative user is notified before updates are installed.
- Auto download and schedule the install - Updates are automatically downloaded and installed on a pre-configured schedule.
- Allow local admin to choose setting - Local administrators are permitted to configure their own settings using the Automatic Updates setting in the Control Panel.
- Enable client-side targeting - This setting is used to enable client computers to self-populate computer groups that exist on the WSUS server.
- Reschedule Automate Update scheduled installations - This setting is used to define how long to wait after system startup before proceeding with an installation when a scheduled install has been missed. If this option is disabled, the installation will occur at the next scheduled day and time.
- No auto-restart for scheduled update installation options - This setting is used to configure whether or not the computer is automatically restarted after an update is installed. If this option is enabled, the user currently logged in will be notified to restart the computer.
- Automatic Update detection frequency - This setting defines the frequency at which Windows will check for available updates.
- Allow Automatic Update immediate installation - This setting defines whether updates that do not interrupt Windows services or restart Windows should be installed automatically.
- Delay restart for schedule installations - This setting will determine how long Automatic Updates will wait before performing a scheduled restart.
- Re-prompt for restart with scheduled installations - This setting will determine how long Automatic Updates will wait before prompting a user for a scheduled restart.
- Allow non-administrators to receive update notifications - This setting will determine whether non-administrative uses receive update notifications.
- Remove links and access to Windows Update - This setting removes the Windows Update icon from the Start menu.
At a bare minimum, you need to configure the first two options to enable Automatic Updates and point the client computers to the WSUS server. The first setting, Configure Automatic Updates, is used to enable or disable automatic updates. If it is enabled you can select one of the following settings as to how updates are downloaded and if the administrator is notified:
You also need to point the client computers to the WSUS server on the network. This can also be done through the Windows Update container within a GPO. Double click the Specify intranet Microsoft update service location option and click Enabled. In the Set update service for detecting updates field, type in the Universal Resource Locator (URL) to the WSUS server. Type in the same URL in the Set the intranet statistics server field.
The WSUS settings configure through the GPO will now be automatically deployed to the client computers. Group policy settings are automatically refreshed at a certain interval so the changes may not take effect immediately. To manually refresh the settings, use the gpupdate /force command on the client computers. The remaining settings that can be configured through a GPO are:
Configuring WSUS clients locally
As already mentioned Automatic Updates can also be configured locally if your network does not use Active Directory. This can be done by editing the Local Group Policy object with the Group Policy editor or by creating and editing various registry entries.
You can open the Local Group Policy Object in Windows XP by clicking Start and clicking Run. Type in gpedit.msc and click OK. The Group Policy editor will appear. Navigate to Computer Configuration/ Administrative Templates/ Windows Components/ Windows Update as shown in Figure B. The details pane will display the same settings that were outlined in the previous section.
|Configuring automatic updates through the Local Group Policy Object|
Finally, you can also configure the WSUS client settings through the local registry. This requires you to create several registry keys, some of which are outlined in the table below.
This option is used to specify whether a WSUS server is used. Setting the value to 1 indicates the client will download updates from a WSUS server.
This option is used to configure how updates are downloaded and whether administrators are notified. The possible values are 2 (notify of download and installation), 3 (automatically download and notify of installation), 4 (automatic download and scheduled installation), or 5 (Automatic Updates is required, but end users can configure it).
This option specifies the day of the week that updates will be installed. The values range from 0-7 where 0 indicates every day and 1-7 indicates specific days of the week where 1 = Sunday and 7 = Saturday.
This option specifies the time of day that installs will take place. The value is specified in 24 hour format.
This defines how long to wait after restarting to computer for a missed scheduled install to take place. The value is specified in minutes (1-60).
This option specifies whether the computer is automatically restarted after an update is installed. Set this value to 1 to enable the logged on user to choose whether or not to reboot their computer.
This option is used to enable or disable automatic updates.
This option is used to specify which SUS server the client will retrieve updates from. The SUS server is identified by HHTP name.
This option is used to specify where clients will send status information. The server is identified by HTTP name.
In order to implement a Windows Server Update Services infrastructure, client computers must be configured to obtain updates from the WSUS server on the network. After the updated version of Automatic Updates is installed on client computers, Automatic Updates settings can be deployed to client computers using group policy or they can be configured locally.
Friday, January 22, 2010
Lots of new updates in the exploit-db arena. Barabas whipped up a quick browser search bar plugin. See how to get it installed here.
We got a massive CVE / OSVDB entry update from Steve Tornio which was added to our DB. Our “perfect” exploit template now has links to the exploit code, vulnerable app , CVE and OSVDB entries. See this example. You can now search for exploits via CVE or OSVDB.
We’ve added a new column to the database – “V”. We attempt to verify submitted code in a testing environment. Exploits that we manage to verify will be marked accordingly. It will take us a LONG time to get the list updated, bear with us.
The Exploit Database can now be downloaded via SVN. We figured it would be easier to download and track exploits this way, rather than re-downloading the whole archive. We will be adding the exploit-db archive as a package in BackTrack4, but for now you can:
root@bt4:# cd /pentest/exploits/
root@bt4:# svn co svn://devel.offensive-security.com/exploitdb
Tuesday, January 12, 2010
- Share permission : change
- NTFS permission : List Folder Contents và Write
2. Cho phép user chỉ được phép đọc :
- Share permission : default
- NTFS premission : Authenticated User gán quyền Read
3. Cho phép đọc nhưng không được xóa cái không phải do mình tạo ra :
- Authenticates User Group : Read & Execute
- Creater Ower : Modify
SANS Security 560 is one of the most technically rigorous courses offered by the SANS Institute. Attendees are expected to have a working knowledge of TCP/IP, cryptographic routines such as DES, AES, and MD5, and the Windows and Linux command lines before they step into class. Although SANS Security 401 (Security Essentials) and then next SANS Security 504 (Hacker Techniques, Exploits, and Incident Handling) are not pre-requisites for 560, these courses cover the groundwork that all 560 attendees are expected to know. While 560 is technically in-depth, it is important to note that programming knowledge is NOT required for the course