Wednesday, January 05, 2022

Log4J MS Fix with Active Directory and Detection with Lansweeper

Log4J has been in the news for a while, so to patch the windows systems, I updated everyone's version of Java to the latest version.  In accordance with Microsoft's Environmental variable fix, I setup the variable to be deployed with Active Directory (After I verified that no apps would lose functionality).  You can read more about the Environmental variable fix by clicking on this article Microsoft Statement and Mitigations for Log4J.

So to deploy the fix I used Active Directory.  I have a global GP for setting basic permissions and it is enforced with everyone so it makes the most sense to put it there.



So edit the policy go to Computer Configuration -> Preferences -> Windows Settings ->Environment.  


Right click (or under action) New -> Environment Variable

Enter in the following:

NAME = LOG4J_FORMAT_MSG_NO_LOOKUPS

Value=TRUE


Along with the variable, I have also updated Java to the latest version using LANSWEEPER's Software push functions.  I have 70 clients to update, and I deployed this early afternoon, and over half of them were done by the time I left.

I wrote a script in Lansweeper that checks for the environmental variable.  You first have to enable Environmental scanning.  Under Scanning Select Scanned Item Interval



By default Environment is not checked (disabled) as shown below.


You have to enable it for this detection script to work.


With that done this script will check for to see if the Environmental Variable has been added.

/******************************************************************************/

Select Top 1000000 tblassets.AssetID,

  tblassets.AssetName,

  tsysassettypes.AssetTypename,

  tsysassettypes.AssetTypeIcon10 As icon,

  tblassets.IPAddress,

  tblassets.Lastseen,

  tblassets.Lasttried,

  tblEnvironment.Name As Name1,

  tblEnvironment.VariableValue As VariableValue1

From tblassets

  Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID

  Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype

  Inner Join lansweeperdb.dbo.tblEnvironment On tblassets.AssetID =

      tblEnvironment.AssetID

Where tblEnvironment.Name = 'LOG4J_FORMAT_MSG_NO_LOOKUPS' And

  tblEnvironment.VariableValue = 'true' And tblassetcustom.State = 1

No comments:

Setting up user print restrictions in papercut

To enable restrictions go to printers -> and select the printer you want to apply restrictions to.  In this case the Toshiba 2515AC Selec...