Posted by Shane Corellian on Thu, Aug 30, 2012
The Java 7 (update 7) which addresses the zero day exploit has been added to the Installer Library, which is currently free to all PDQ users whether in free or pro mode.
If you don't have PDQ Deploy yet it comes with both free and pro modes. You can get your copy here.
Posted by Shane Corellian on Thu, Aug 30, 2012
*** Update Oracle has released Java 7 Update 7. This apparently fixes the 0 Day vulnerability. This is available on the PDQ Deploy Installer Library for both 32-bit and 64-bit Windows. This update is made available for both Free and Pro users. If you are running PDQ Deploy in Pro mode, some additional tweaks will take place before and after the installation (closing browsers, removing the Java Scheduler, etc.). If you are running PDQ Deploy in Free Mode the additional tweaks will not be attempted.***
Everyone knows about the 0 Day exploit discovered in Java 7. There are a lot of people "in the know" who are suggesting that Java 7 users should disable their Java plug-ins. Without debating whether or not disabling is appropriate or overkill we thought we'd help out by showing you how you can use PDQ Deploy (it's free) to silently disable the Internet Explorer plug-in for Java 7 (updates 4 - 6).
Use the Installer Library to download the Installer that will disable the IE Plugin.
The installer will simply run a quick and dirty batch script on target machines. If you want to view the contents of the batch file you will find it in Java\DisableIEPlugin folder in your Repository (which is usually C:\Users\Public\Documents\Admin Arsenal\PDQ Deploy\Repository).
After you download the package just select it and hit Deploy Now. This will let you choose which targets should have the plugin disabled.
Which computers are vulnerable?
You can find out which computers are affected using PDQ Inventory. Now we are going to scan a few registry keys which you can't do in Free mode. If don't have Pro mode then you can request a trial key. Ready? Let's do it.
Download and extract this .zip archive. There are three XML files inside. Feel free to open them and inspect the contents.
From your PDQ Inventory console select File > Import (or hit CTRL+i) and navigate to the directory that contains the extracted files.
Import the file called ScanProfile-JavaPluginIE.xml.
This will create a new Scan Profile. You can view the profile by going to the Scan Profiles panel in your Preferences window. (File > Preferences). Select the Java Plug-in for IE Scan Profile.You will see that we have added two Registry scanners to this Profile.
For more info on Scan Profiles view the documentation or reference this video.
Scan your systems using the new Java Plug-in for IE profile. (see image below)
While your systems are scanning import the other two XML files. After importing you will notice that you have a new Collection called Java 7 - IE Plugin Enabled. This will contain computers which have the UseJava2IExplorer value set to 1. Since we are only disabling Java 7 systems, the UseJava2IExplorer value will not be changed for earlier versions. (See Collection definition below)
The next File to import is a Report. (See images below)
Here's a step-by-step video.
Silently disabling the Plugins for Firefox and/or Chrome is a lot more involved. If we find that this can be accomplished via a deployment we will make a new blog post.
Posted by Shane Corellian on Mon, Aug 27, 2012
Java Removes (TM)
New in Java 7 update 6 is the removal of the ever present (TM) in their application name. So your application name now reads "Java 7 Update 6
as opposed to "Java(TM) 7 Update 5". The (TM) has been in the name for as long as we can remember. 
Update Collections
This is important for those who may have PDQ Inventory collections that are looking for the (TM) in the string to match who may have Java installed.
The change also makes it cleaner for reporting purposes by keeping the parens out of the name. Granted, that's a small thing, but hey, clean is clean.
Silently Install Java 7 Update 6
Need to deploy Java updates to your company computers? Just start a pro mode trial of PDQ Deploy. Then click on the "Installer Library" and select the most recent Java update and download it. You can then click "Deploy Now" and choose your target computers to receive the silent installation.
You can install Java with the free mode of PDQ Deploy, but the Pro Mode allows for multiple steps, like disabling Java auto-updates and ensuring that all browsers are killed before the install proceeds.
Get a PDQ Deploy trial now and silently deploy Java to all your computers (with the auto-update turned off).
Posted by Shane Corellian on Tue, Aug 21, 2012
Announcing PDQ Inventory 1.1.4
After a successful beta release we have released the latest version of PDQ Inventory. This version still requires .NET 3.5 SP1 exist on the console and target machines. Version 2.0 will require that .NET 4 be installed on the Console system.
The Enhancements & Fixes
- Computers will now use their short (NetBIOS) name when their long host name doesn't resolve.
- This new feature should remove some of those pesky "Computer Not Found" errors that would occur when DNS wouldn't return the long name of a computer (e.g. HomerLaptop.deadwood.local). When the long name (AKA hostname) can't be resolved the standard computer name (NetBIOS) will be used.
- Added Accessed Time to the File scanner.
- Fixed a possible null reference when selecting a PDQ Deploy installer.
- Improved IE version scanner with additional version information.
- Improved performance of starting PDQ Deploy in certain situations.
- Fixed possible crash when scanning from Main Window.
- Added aborting of Remote Commands.
- Added Success Codes to Remote Commands.
- Fixed an issue where some Uninstall commands weren't surrounded by quotes.
- We provide the same uninstall string that was registered with Windows when the application was originally installed. This new version will enclose the Uninstall string in double quotes if any spaces exist in the path.
- Allow scanning of computers from the Report Window.
- Fixed issue with margins when printing.
- Fixed an issue with editing recently duplicated collections.
- Fixed an issue switching between fixed and relative dates in collection and report filters.
- Fixed issue showing file modified time in wrong time zone.
- Fixed an issue where the Service Scanner would fail in certain circumstances.
- Fixed an issue where scans would show duplicates when the console was manually refreshed.
- Added Host Name to collection filters and reports.
- Changed memory display fields to use use decimals (1.3 GB instead of 1 GB).
- Changed computer scanner to use installed memory instead of total memory (which Windows usually reports slightly lower).
- Renamed report and collection columns for Files to 'Date Created', 'Date Modified', and 'Date Accessed'.
- Computers created by AD Sync have their scan user set to the user that was used to connect to AD.
- Fixed an issue with PDQ Deploy integration on XP with large numbers of computers, requires PDQ Deploy 2.0 (release 2).
- Removed unnecessary event log warnings while scanning Active Directory data.
- Added workaround for copying files to certain virtual machines.
Posted by Shane Corellian on Thu, Aug 02, 2012
I think that 23% of workplace violence is directly related to the Ask Toolbar.
We won't go into HOW this annoying, useless, unhelpful piece of crap got onto your network. There are 12-step programs that cover that. Let's dig into how we get it off.
First off, this is a Sys Admin blog, but for you home users who want to get the toolbar off of your home computer and you have no idea what or who a Sys Admin is then simply go to your Control Panel > Programs > Uninstall a Program and choose the Ask Toolbar option. If that is already too confusing then
A) Mom, is that you? Quit reading my work blog.
B) If you're not my mom then call your mom's best friend. Chances are good that her son (yeah, the one you never wanted to hang around) is a computer guy and he may help you out.
C) Quit installing stupid apps that throw this junk onto your computer.
D) Follow the instructions on this youtube video.
Now that we have that out of the way... here are some great methods you can use to uninstall Ask Toolbar from your company's computers.
Option 1:
If you are running PDQ Deploy in Pro Mode you can simply download the Uninstall Ask Toolbar from the Installer Library.
After downloading from the Installer Library feel free to inspect the steps by clicking Edit Installer. You will notice that this "Installer" has two Command Steps. The first step will kill running browsers by running
taskkill /f /im iexplore.exe /im firefox.exe /im chrome.exe
This is probably overkill since Internet Explorer is the one we really want. Anyway...
The second step also runs a command. This one simply calls the Windows Installer, MsiExec.exe, and passes the appropriate arguments (parameters) to uninstall Ask.
MsiExec.exe /qn /X{86D4B82A-ABED-442A-BE86-96357B70F4FE} /norestart
Note that as of this writing this is the only App ID that I could find for Ask. If a new one is ever created then you would need to add a new step to accomodate for the new ID.
Close the Installer and hit the Deploy Now button. You will now be able to choose the target machines that will have the Ask Toolbar removed. If you're running in Pro Mode you probably already know how to choose your targets. You can either import targets from PDQ Inventory Collections, Active Directory, Spiceworks or even text files. You can also simply enter the computer names in manually.
Option 2:
If you don't have PDQ Deploy then go grab a copy. It's free AND it won't install any junk normally associated with free software. If you are running PDQ Deploy in Free Mode then you can simply place the necessary commands into a .bat or .cmd file. Then choose this file as your Installer File. Here are the two commands to place in your bat file. Yep, this bat file will only have two lines.
taskkill /f /im iexplore.exe /im firefox.exe /im chrome.exe
MsiExec.exe /qn /X{86D4B82A-ABED-442A-BE86-96357B70F4FE} /norestart
You can see in this example that my Installer File is the bat file that was created. (Keep in mind this example is for Free Mode)
After you save your new Installer, hit the Deploy Now button.
In the Deploy Now window you can simply choose your target computers. Try this on one or two test systems to verify that it works as expected.
Now, if you want to know WHICH computers have the Ask Toolbar then I recommend using PDQ Inventory, which also runs in a free mode.
Create a new Dynamic Collection and add an Application filter. Use Name contains ask toolbar. (see image)
Close your Collection and you will see which computers have the Ask Toolbar install.
When you choose your targets in PDQ Deploy simply import from PDQ Inventory. Choose your new Collection (Ask Toolbar in this case) and add those targets.
After you uninstall Ask, make sure to rescan your computers in PDQ Inventory so that they are removed from the Ask Toolbar collection.
There you go. Now go be a good Sys Admin, pour a Guinness, and impress your co-workers by uninstalling Ask; They may even pour that pint for you in gratitude.