Notification

Icon
Error

Wannacry Patch push with Lansweeper - How we patched all windows systems for wannacry

Posted: Sunday, May 14, 2017 5:56:59 AM(UTC)
SouthySuper

SouthySuper

Member Original PosterPosts: 41
6
Like
Microsoft update catalog (example):

http://catalog.update.mi...te/search.aspx?q=4012598

I downloaded all the packages for our environment (renamed each because they are ridiculously long file names). I then used lansweeper to create a deployment package consisting of several commands like:

wusa.exe \\sharename\patch.msu /quiet /norestart
WannaCry-MSU-Push-RebootDownload Package
Description
Final ActionReboot
Shutdown Time 0 sec(s), 1 min(s), 0 hour(s)
Max. Duration30 min(s), 0 hour(s)
RescanNo
Steps
1. Pass1
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Next
FailureGo To Next
Command wusa.exe \\sharename\LANSWEEP_FILES\WannaCry\windows6.0-kb4011981-x64.msu /quiet /norestart
2. Pass2
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Next
FailureGo To Next
Command wusa.exe \\sharename\LANSWEEP_FILES\WannaCry\windows6.0-kb4011981-x86.msu /quiet /norestart
3. Pass3
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Next
FailureGo To Next
Command wusa.exe \\sharename\LANSWEEP_FILES\WannaCry\windows6.1-kb4012212-x64.msu /quiet /norestart
4. Pass4
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Next
FailureGo To Next
Command wusa.exe \\sharename\LANSWEEP_FILES\WannaCry\windows8.1-kb4012213-x64.msu /quiet /norestart
5. Pass5
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Next
FailureGo To Next
Command wusa.exe \\sharename\LANSWEEP_FILES\WannaCry\windows8-rt-kb4012214-x64.msu /quiet /norestart
6. Pass6
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Next
FailureGo To Next
Command wusa.exe \\sharename\LANSWEEP_FILES\WannaCry\windows10.0-kb4013429-x64.msu /quiet /norestart
7. Pass7
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Next
FailureGo To Next
Command wusa.exe \\sharename\LANSWEEP_FILES\WannaCry\windows10.0-kb4013429-x64_delta.msu /quiet /norestart
8. Pending 5 min Reboot Warning
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Next
FailureGo To Next
Command Msg.exe * This system will reboot in 5 mins. Please save your work and exit all aplications.
9. Wait 5 mins
TypeCommand
Return Codes 0,1641,3010
SuccessStop (Success)
FailureStop (Failure)
Command timeout 300 > NUL
nointegerallowed
#1nointegerallowed Member Posts: 1  
posted: 5/15/2017 8:22:29 PM(UTC)
Will this detect the correct O/S and install the appropriate patches or is this relying on the install packages to do that?
SouthySuper
#2SouthySuper Member Original PosterPosts: 41  
posted: 5/15/2017 8:33:28 PM(UTC)
This lansweeper report can be used for the sheduled deployment.
https://www.lansweeper.c...ulnerable.aspx#post50430

My example was just a rough draft, but can be used to push all known patches, if each does not apply it fails silently then goes to next and so on. WSUS/SCCM is best for patch deloyment, but this is quick and gets the most critical patches pushed immediately. Hope this helps
helpdesktrv
#3helpdesktrv Member Posts: 19  
posted: 5/17/2017 1:44:59 PM(UTC)
Thank you very much. It worked for us for Windows 7.
Now we have to do the same on computers running Windows XP. For this OS there is the KB4012598 for WannaCry update.
But since it is a .exe file that needs user intervention (Next, "Accepts EULA", etc.), we can not make silent installation. Can you help us to do this please?
SouthySuper
#4SouthySuper Member Original PosterPosts: 41  
posted: 5/17/2017 2:07:44 PM(UTC)
I ended up revising mine quite a bit from my original example. I found out I had an odd server version in one case and way too many windows 10 variations. Using the lansweeper report helps to identify which updates need to be added to your deployment. I'm not sure if MS mentioned it but both 2008r2 and 2012r2 must be on at least sp1 or the cumulative update in order for the patches to install (otherwise you'll get error about not applying to your system). Good luck everyone.
john knapik
#5john knapik Member Posts: 10  
posted: 5/22/2017 4:51:27 PM(UTC)
Do you have a working update
I have been trying but my installs time out
I made an install for a non Microsoft product and it worked fine. I think my problem is with the switches
SouthySuper
#6SouthySuper Member Original PosterPosts: 41  
posted: 5/22/2017 5:10:35 PM(UTC)
I actually split out my windows 10 machines on a separate report/scheduled deployment as the win10 files were large. Below each is a step. I set my timeout at 30 mins which is way overkill for my network speeds but reduced errors for those on slower vpn connections.


For other than win 10 systems
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows6.0-kb4011981-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows6.0-kb4011981-x86.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows6.1-kb4012212-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows8.1-kb4012213-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows8-rt-kb4012214-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows6.0-kb4012598-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows6.0-kb4012598-x86.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows6.1-kb4012212-x86.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows8.1-kb4012213-x86.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows8-rt-kb4012214-x86.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows8-rt-kb4012598-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows8-rt-kb4012598-x86.msu /quiet /norestart


Various Win 10 versions
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows10.0-kb4013198-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows10.0-kb4015217-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows10.0-kb4015219-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows10.0-kb4015438-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows10.0-kb4019472-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows10.0-kb4019473-x64.msu /quiet /norestart
wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows10.0-kb4013429-x64.msu /quiet /norestart
john knapik
#7john knapik Member Posts: 10  
posted: 5/22/2017 9:17:50 PM(UTC)
I keep on getting time outs on my kb push any ideas?
SouthySuper
#8SouthySuper Member Original PosterPosts: 41  
posted: 5/22/2017 9:25:54 PM(UTC)
If you connect to a machine and run the command(s) locally, does it run?

Did you download each of the kb(s) needed per running a report like this? https://www.lansweeper.c...ulnerable.aspx#post50430

Remember that I have renamed each of my msu files to be shorter than when downloaded from the microsoft update catalog

http://catalog.update.mi...ft.com/v7/site/home.aspx



If it does run locally, then you may have an issue with the way your file share is configured for use by lansweeper and/or access from your systems (workstations/servers).
john knapik
#9john knapik Member Posts: 10  
posted: 5/22/2017 9:28:34 PM(UTC)
I can do a C$ and it will run but if I use the install it hesitates also I have made an install for Notebook++ and that works fine
SouthySuper
#10SouthySuper Member Original PosterPosts: 41  
posted: 5/22/2017 9:31:13 PM(UTC)
John, email me your contact info southysuper@gmail.com
Gerardo de Lira
#11Gerardo de Lira Member Posts: 4  
posted: 5/23/2017 9:19:50 PM(UTC)
Windows Update Deployment
Command:
wuauclt.exe /updatenow
JasonV
#12JasonV Member Posts: 1  
posted: 5/25/2017 2:51:34 PM(UTC)
Hello

I am also seeing timeouts on deployment of the windows update patches. I tried deploying from the network and even adding a sequence to copy it local and run it. Brick wall
SouthySuper
#13SouthySuper Member Original PosterPosts: 41  
posted: 6/1/2017 9:39:39 PM(UTC)
are you using the wusa.exe for use with the standalone windows package installers?

Here is what one step of mine looks like

wusa.exe \\pubfile-02\software$\LANSWEEP_FILES\WannaCry\windows6.0-kb4011981-x64.msu /quiet /norestart

Broken down

wusa.exe (enables the remote install of the ms msu packages)
\\pubfile-02\software$\LANSWEEP_FILES\WannaCry\ (my file path where my junk is stored)
windows6.0-kb4011981-x64.msu (my update renamed so not so long)

/quiet /norestart (just what it says)

my last step on package is command to wait 15 seconds with stop (success) and stop (failure):

timeout 15 > NUL

The last step allows the package to give a complete command

Active Discussions

Report Center Show newly discovered software
by  CyberCitizen   Go to last post Go to first unread
Last post: Yesterday at 12:06:21 AM(UTC)
Lansweeper Multiple Devices Owned by Users (asset relations)
by  Charles S.  
Go to last post Go to first unread
Last post: 6/15/2021 9:38:26 PM(UTC)
Lansweeper Show Date Without Time
by  RC62N   Go to last post Go to first unread
Last post: 6/15/2021 9:04:47 PM(UTC)
Lansweeper Windows 10 Version Chart
by  RC62N  
Go to last post Go to first unread
Last post: 6/14/2021 6:16:52 PM(UTC)
Lansweeper LSAgent Report
by  brodiemac-too   Go to last post Go to first unread
Last post: 6/14/2021 5:27:29 PM(UTC)