CtrlK

LinkedIn X (ex-Twitter)

ENGLISH

ENGLISH

PRESENTATION
Cloud/SysOps
Asset Security
- Securing your BIOS / UEFI
- Smartphones_configuration
GRC
Security Assessment and Testing
FORENSICS
- IR playbook
- Investigate Phishing
INCIDENT HANDLING
UNIVERSITAIRES (unis)
- Books CTI Fundamentals
- Security Certification Roadmap

Powered by GitBook

On this page

INCIDENT HANDLING
Windows-Emergency-update-out-of-WSUS-schedule
Computer in Active Directory

Solution 2: At reboot

Advantages and disadvantages

Advantages :

Update deploys on scheduled reboot

Disadvantages:

Requires a maintenance window for scheduled reboots

Make the GPO

Launch Group Policy Management
Go to Forest > Domains >domain.lab > Group Policy Objects

You never create a GPO in the OU where you will assign it later. When it is created, it has the default group "authenticated users" which means that it will have an OU and all the members (not only wich you want) of the OU for the assignment.

Right click > New GPO
Create GPO "C_EMERGENCY_UPDATE"

C for Computer, The rest to quickly understand the role of the GPO.

Select your GPO et edit it.
Click on the name and select "Properties"

Check "Disable User Configuration settings"

In the Comment tab, enter the current date, the KB number to deploy and the ticket number and your username

This GPO will be reusable, by adding this information to each deployment, we can have a history of use, consult tickets to see problems encountered previously, etc.

Go to Policies > Windows Settings > Scripts (Startup/Shutdown)
Choose whether the script should be done at startup or at shutdown
Select "add script"

Save and exit the GPO.
Assign the GPO to the OU containing the workstations to be patched.

PreviousSolution 1 : Scheduled task with automatic execution NextComputer out of Active Directory

Last updated 7 months ago