Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SP2 Auto Update client incompatible with XPSP1 GPO Settings

from [Robert E. Smith jr.] Network Security [Permanent Link]
Subject: SP2 Auto Update client incompatible with XPSP1 GPO Settings
Date: Fri, 20 Aug 2004 08:58:28 -0400 
Description of the problem:

 

GPO's configured using XP SP1 ADM templates for Auto Update client using
the Group Policy Management Console (w/ SP1) cause unpredictable results
when applied to XP SP2 machines.

 

Within our environment, we had configured three separate GPO's to
deliver auto-update client settings to follow our Patch Management
strategy.  We had also configured an XPSP2 firewall policy to prepare
for the service pack (RC2 template for the firewall settings).  

 

Once we started installing the Service Pack, we noticed that the
auto-update client would shut down and the client could not be managed
remotely via WMI or any program that used it (kind of strange, as even
local WMI calls would throw an access denied error).  Netsh and WMIC
would both fail.  Netsh would throw an error saying that local computer
information could not be found, WMIC would fail when trying to compile
the new MOFs, access denied error (sorry, don't have the exact fail
code). Uninstalling SP2 or moving the machine to an OU where no GPO's
were linked would allow these programs to function again, but several
reboots / refreshes of the policy objects was required.

 

After some experimentation we determined that the GPO configured to
deliver the auto update client settings was the culprit. Each of the
three is nearly identical, the difference being reboot options, install
days, etc.  There are a few service startup rules defined in the policy
as well, but I don't think that they were causing the issue.

  

We unlinked the GPO's one at a time and found that this was the problem.
After upgrading the ADM templates and recreating the GPO's for the Auto
Update Settings, proper functionality appears to have been restored. 

 

Bob 

 

 


-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such 
that just hitting reply is going to result in the message coming to the list, 
not to the individual who sent the message. This was done to help reduce the 
number of Out of Office messages posters received. So if you want to send a 
reply just to the poster, you'll have to copy their email address out of the 
message and place it in your TO: field.
-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SP2 Auto Update client incompatible with XPSP1 GPO Settings, Robert E. Smith jr. <=
Previous by Date:  AOL 9.0 Disables Built In Firewall in XP SP1, A Wood
Next by Date:  XP SP2 - WU client 2.0 not properly authenticating itself against ISA Server 2000, Kelly N
Previous by Thread:  AOL 9.0 Disables Built In Firewall in XP SP1, A Wood
Next by Thread:  XP SP2 - WU client 2.0 not properly authenticating itself against ISA Server 2000, Kelly N
Indexes:  [Date] [Thread] [Top] [All Lists]