Server hit by virus; I need GPO's. Is it possible?
Hi:
I tried searching, but I'm a combination of surviving on 6 hours sleep split across 3 days and probably not finding the right words to put... So my apologies. Anyway:
My job site has been hit by the NotPetya attack. Long story short, out of 400 computers, 150 refuse to grab AV definitions from Sophos' offline servers (meaning it stupidly only pulled it from the fileserver at one point), and for some reason, the local admin password is no longer valid... On top of 25 infected machines, which both combined is causing corporate to refuse to power on the server until all machines are safe.
With that in mind, I was thinking of creating a temporary server to push the correct admin password back on the machine in case I need it later, and running the update patches from both Windows Update and Sophos Antivirus (which that's a piece of cake IMO) to be in compliance.
Since I'm no expert at LAN, I have 2 questions:
1. Can I just create a GPO with just the password update and not have it sync any other setting?
2. If that can't be done, can I clone the GPO settings of an enduser's computer with the ideal settings and upload it to the temp server?
Thanks for your help!
I tried searching, but I'm a combination of surviving on 6 hours sleep split across 3 days and probably not finding the right words to put... So my apologies. Anyway:
My job site has been hit by the NotPetya attack. Long story short, out of 400 computers, 150 refuse to grab AV definitions from Sophos' offline servers (meaning it stupidly only pulled it from the fileserver at one point), and for some reason, the local admin password is no longer valid... On top of 25 infected machines, which both combined is causing corporate to refuse to power on the server until all machines are safe.
With that in mind, I was thinking of creating a temporary server to push the correct admin password back on the machine in case I need it later, and running the update patches from both Windows Update and Sophos Antivirus (which that's a piece of cake IMO) to be in compliance.
Since I'm no expert at LAN, I have 2 questions:
1. Can I just create a GPO with just the password update and not have it sync any other setting?
2. If that can't be done, can I clone the GPO settings of an enduser's computer with the ideal settings and upload it to the temp server?
Thanks for your help!
David Johnson, CD
reimage any machine that is not working properly and of course the machines that you know were infected
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well... Since I didn't have the time, patience, or resources (even with 2 temps working under me it'd still be very time-consuming)... I just ran a portable AV and updated the definitions once the server was live, but my original post was more or less of a brainstorm since corp told me that we had to reimage ALL machines that weren't updating. Thanks for your help though!