GPO deployment and error 101

  • Thread starter Brian Silles [eCert]
  • Start date

B

Brian Silles [eCert]

No /c or /t to extract the MicrosoftAntiSpywareInstall.exe to a directory. This is a must add item.



MSAntiSpyware.exe /? Returns the following options



/L

/S for silent mode use /S /v /qn

/V parameters to MisExec

/UA url to InstMsiA.exe

/UW url to InstMsiW.exe

/UM url to msi package



For those wanting to experiment, just run the .exe, once you get to the menu for installation, go to your \Documents and Settings\username\Local Settings\Temp sort by date and you will find the 1f71406.msi - or some other crazy name this name changes each time you run the .exe.



Once you get your mitts on the .MSI you can rename it to something more useful like MSAntiSpyware.msi and run MSAntiSpyware.msi /? to get typical options for msiexec stuff...



The following tests were on a Win2k SP4 machine. All operations were performed under a Domain Administrator account - to heck with least privilege this is a beta and I want to make sure it works ;-)



1. Ok to deploy via GPO, copy your .MSI out to a share on your network. Assign a package to the computer. I recommend during this beta that you set "software package installation user interface options to: maximum" This can be found on the deployment tab for the package properties.

2. Ok since I set the user interface options to maximum I was able to determine that my test machine was not running IE 6 or greater via an event in application log - oops.

3. Upgraded to IE 6 and rebooted.

4. GPO package installed. Tried to run AntiSpyware by double clicking icon on desktop, getting the error "Warning, Microsoft AntiSpyware has encountered a critical error (error 101)."

5. Set GPO to remove application

6. Reboot PC.

7. Next run MSAntiSpyware.msi /a - this fires off a dialog box so you can create an AIP (Administrative Installation Point). I created it locally then copied it to the network.

8. Added package to GPO to use AIP. Again, set user interface options to maximum.

9. Reboot PC.

10. GPO package installed. Again try double clicking icon on desktop, getting error 101.

11. set GPO to remove application

12. Reboot PC.

13. Shutdown PC.



At this point I started with a fresh image - clean install.



1. Install IE6.

2. Reboot, wait for updates via SUS server.

3. Create GPO to assign package to computer - this is the original ..msi retrieved from the downloaded .exe - not the AIP package.

4. Reboot PC.

5. GPO package installed. Double click icon on desktop, error 101.

6. Fish around in \Program Files\Antispyware directory and discovered errors.log file. Opened it up to see the following:



429::ln 0:ActiveX component can't create object::gcasServ:modMain:Main::1/7/2005 12:21:32 AM:1.0.501

429::ln 15:ActiveX component can't create object::GIANTAntiSpywareMain:modMain:Main::1/7/2005 12:26:05 AM:2000:1.0.501

91::ln 15:Object variable or With block variable not set::GIANTAntiSpywareMain:modMain:Main::1/7/2005 12:26:05 AM:2000:1.0.501

91::ln 15:Object variable or With block variable not set::GIANTAntiSpywareMain:modMain:Main::1/7/2005 12:26:05 AM:2000:1.0.501

0::ln 0::gcasDtServ not Authorized.::GIANTAntiSpywareMain:modMain:Main::1/7/2005 12:26:05 AM:2000:1.0.501

429::ln 15:ActiveX component can't create object::GIANTAntiSpywareMain:modMain:Main::1/7/2005 12:26:07 AM:2000:1.0.501

91::ln 15:Object variable or With block variable not set::GIANTAntiSpywareMain:modMain:Main::1/7/2005 12:26:07 AM:2000:1.0.501

91::ln 15:Object variable or With block variable not set::GIANTAntiSpywareMain:modMain:Main::1/7/2005 12:26:07 AM:2000:1.0.501

0::ln 0::gcasDtServ not Authorized, 2nd try.::GIANTAntiSpywareMain:modMain:Main::1/7/2005 12:26:07 AM:2000:1.0.501



1. Next I decided to double click gcasDtServ.exe. This kicked a bunch of .gcd files into the directory almost instantly and put the bull's-eye in the system tray.

2. Double click AntiSpyware icon on desktop and it begins the setup assistant. I decided to skip scan for later.

3. Click File menu option, check for updates. Seeing periodic burst of network activity, but for the most part it sits dormant for 30 seconds at a time. Sounds like a hung thread or process.Took about two minutes for it to wake up and do its thing.

4. Ran a scan.all went well



I did go back, start with clean install and tried deploying via the AIP. That worked too after giving gcasDtServ.exe a good swift double click in the.



During one of tests (yea I deployed and refreshed about 10 times) I did get a pop-up about allowing anonymous access? Not sure what that was about. Any type of anonymous access is disabled via GPO to prevent enumeration of shares and accounts.



I will fiddle some more in the next few days. If I can get the automated deploy to work well, I may deploy this via AD/GPO to 91 machines at a non-profit here in Michigan next week. Maybe.



Brian Silles - Lead Trainer - (e-mail address removed)

Great Lakes Workforce Development - 248.XXX.XXXX

MCSA 2000/2003, MCSE 2000, CCNA, A+, Network+, Security+



"At what point will SpyNet become aware, and take over the world?"
 
Ad

Advertisements

B

Brian Silles [eCert]

A quick note about "A change to restrict anonymous access requires approval." Allow or block, this must be the GPO settings being applied that are restricting anonymous access. This is scary that someone may be able to actually click allow and let anonymous enumeration of shares or accounts take place after its been blocked via GPO.

Ran Group Policy Model for this PC and user:

Policy Setting
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Enabled
Network access: Let Everyone permissions apply to anonymous users Disabled
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top