Re: Changes to Labs Task Sequences and Images on 30/11/18

Posted on November 30, 2018 by Mike Collett

These changes have now been completed.

The labs task sequences should be considered at risk for the rest of the day until testing is completed.

Changes to Labs Task Sequences and Images on 30/11/18

Posted on November 29, 2018 by Mike Collett

Since July last year, when the Labs Images were finalised a number of issues have been found which have been mitigated using group policy preferences. These fixes have now been incorporated into the labs images and the group policy object reduced correspondingly.

Additionally, some other issues have now been fixed:

On iMacs, the keyboard layout at the welcome screen is now set to Apple UK (important if you have some symbols in your password).
Outlook error dialog on launch now fixed.
Issue with NI ELVISmx Instrument Launcher resolved (only on rebuilds currently – deployment to existing machines under development)

Support for Stone Computers on Labs will be added into the Labs Task Sequences. An extra step has been added to expedite software updates after imaging.

TIMESCALE

29/11/18– 08:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information

Nessus Scan Security Changes

Posted on November 29, 2018 by Gary Hale

A security scan was run against the W10 staff service and some vulnerabilities were dentified.

Timescale:

The changes are being applied via Group Policy in the following order…

1. 03/12/18 – IT-Depstaff
2. 05/12/18 – FM-Deptstaff
3. 10/12/18 – ProServ Staff
4. 12/12/18 – WS-SchoolStaff
5. Live to Windows 10 Service

Changes

The Nessus scan has identified several registry entries that need to be created or changed on the Staff Service.

1. Need to Disable Week Cyphers – https://littlehyenas.wordpress.com/2014/04/12/disable-rc4-cipher-suites-on-remote-desktop/
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client – Enable 0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server – Enable 0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128 – Enable 0

2. Fix CVE-2017-8529 – An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user’s computer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplorer – 1
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplorer – 1

3. MS KB2960358: Update for Disabling RC4 in .NET TLS
HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\SchUseStrongCrypto – 1
HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727 – 1

4. MSIs can not run from the Downloads folder and need moving to another location to install if trusted.

November 2018a Task Sequence Media

Posted on November 19, 2018 by Mike Collett

A new November 2018a Task Sequence media has been created and can be found in the following location: –
\\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\ TS_Media_Nov18a.zip

This version eliminates the extra reboot which introduced in the previous version.

Documentation – “\\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\Create an SCCM WinPE disk or USB Flash Drive.docx”

Existing USB media will have to be updated. PXE imaging will work as normal.

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information.

November 2018 Task Sequence Media

Posted on November 7, 2018 by Gary Hale

The new November 2018 Task Sequence media has been created and can be found in the following location: –
\\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\ TS_Media_Nov18.zip