Archive for the 'Patch Management' Category

OVAL – Windows Script – Database

Working on a way to periodically scan my systems for known security problems using the OVAL security definitions.

I downloaded the client and copy to my systems using something I have dubbed the Poor Man’s Systems Administration Kit (PSAM) and another job scheduling program called Visual Cron.

There are two scripts. One is ran locally on the system being scanned for security configuration weaknesses from the OVAL definitions. The other is a script to process the resulting html files generated by the ovaldi.exe program shipped with OVAL.

For the scripts to work, you will first need to setup a DSN within the script. The database behind the DSN  holds the results of the scans. Here is the code for the database / table on Microsoft SQL Server.

The first script is ran and dumps the results of the ovaldi scan into a common folder repository on a central server.

The next script is a vbscript and processes the directory that contains the output oval html files.

Please note, that the script needs to be ran using cscript.exe from \windows\syswow64 on 64 bit machines.  This took me almost a whole day to figure out! You’ll also need to setup the dsn using the odbccad.exe util from syswow64.

Here is the oval html output processing script.

Migrate WSUS Database from Domain Controller to SQL 2005

Okay, so I had made a newbie mistake when installing WSUS into our environment about a year ago. This may occur if you have a limited number of machines for running a small network.

I installed WSUS on top of a domain controller. Everything seemed to work fine in this configuration; however, I wanted to move the database to another SQL Server so that I could better automate reporting of which systems have which updates, etc. Turns out, that it is not very straight forward on how to move the database from a domain controller to another SQL server.

Here is my solution.

I followed the instructions here, but had to modify them slightly.

Migrate WSUS from Local SQL  to Remote SQL Server

The first modification was to ATTEMPT to install SQL Server database services. This install sqlcmd.exe which will be needed for the procedure listed above. Since it is on a domain controller, the SQL Server install will fail.

Once you get to the message above, just hold your horses and switch to a command prompt after having stopped Windows Update Services and the IIS Admin service.

Execute the command listed in the Microsoft article.

Reattach the database on the remote system.

Add the machine account in SQL Server (e.g., DOMAINAME\machinename$) to the SUSDB. Make sure the role is as the Microsoft article suggested.

Next edit the registry as the article suggested. I added my remote server name, and there was one additional key that I changed to a 1. The key was named something like ServerIsRemote with a value of 0. I changed that to a 1.

Rebooted the front end WSUS server and everything worked like a champ after that.