Log4J has been in the news for a while, so to patch the windows systems, I updated everyone's version of Java to the latest version. In accordance with Microsoft's Environmental variable fix, I setup the variable to be deployed with Active Directory (After I verified that no apps would lose functionality). You can read more about the Environmental variable fix by clicking on this article Microsoft Statement and Mitigations for Log4J.
So to deploy the fix I used Active Directory. I have a global GP for setting basic permissions and it is enforced with everyone so it makes the most sense to put it there.
Enter in the following:
NAME = LOG4J_FORMAT_MSG_NO_LOOKUPS
Value=TRUE
Along with the variable, I have also updated Java to the latest version using LANSWEEPER's Software push functions. I have 70 clients to update, and I deployed this early afternoon, and over half of them were done by the time I left.
I wrote a script in Lansweeper that checks for the environmental variable. You first have to enable Environmental scanning. Under Scanning Select Scanned Item Interval
By default Environment is not checked (disabled) as shown below.
You have to enable it for this detection script to work.
/******************************************************************************/
Select Top 1000000 tblassets.AssetID,
tblassets.AssetName,
tsysassettypes.AssetTypename,
tsysassettypes.AssetTypeIcon10 As icon,
tblassets.IPAddress,
tblassets.Lastseen,
tblassets.Lasttried,
tblEnvironment.Name As Name1,
tblEnvironment.VariableValue As VariableValue1
From tblassets
Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID
Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype
Inner Join lansweeperdb.dbo.tblEnvironment On tblassets.AssetID =
tblEnvironment.AssetID
Where tblEnvironment.Name = 'LOG4J_FORMAT_MSG_NO_LOOKUPS' And
tblEnvironment.VariableValue = 'true' And tblassetcustom.State = 1
