(imported topic written by jmlafreniere91)
Hello, due to the latest “0-day” vulnerability (see case Google – China) affecting Adobe Reader and all versions of IE, we would like to enable the DEP feature for all programs (see article: http://technet.microsoft.com/en-us/library/cc700810.aspx).
I’ve found this script on the Web that works well. Basically, it verifies and adds an entry in the BOOT.INI file:
@echo off
set app=%SYSTEMROOT%\system32\bootcfg.exe
set tout=5
:: test if app exists
if not exist %app% goto end
%app% | find /i “/fastdetect /noexecute=optout” > nul
if not errorlevel 1 (
goto end
) else (
goto configboot
)
:configboot
%app% | find /c /i “Boot entry ID” | find /i “1” > nul
%app% | find /i “Microsoft Windows XP Profession” > nul
if not errorlevel 1 (
%app% /raw “/fastdetect /NoExecute=OptOut” /id 1
%app% /timeout %tout%
)
)
:end
@echo on
I’d like to get the exact code to create a Bigfix fixlet.
It works when using the Windows Software Distribution Wizard, when uploading a script (.cmd) to the server, but I would like Bigfix to check if the entry in the BOOT.INI file is already present, so it doesn’t run on a computer that has already been patched.
Many thanks,
Jim