Issue1028

Title Désactiver les autres services Windows qui risquent de modifier le wuauserv
Priority feature Status
Superseder Nosy List dcardon, eblaudy, htouvet, sfonteneau
Assigned To eblaudy Keywords wuagent

Created on 2019-11-05.17:48:16 by dcardon, last changed by dcardon.

Messages
msg2141 (view) Author: dcardon Date: 2019-11-05.17:48:16
J'ai préparé un paquet comme ci-dessous pour surveiller les services qui pourraient être ré-activé par Microsoft lors d'une mise à jour majeure. Il faudrait
l'intégré dans le code waptwsus directement

# -*- coding: utf-8 -*-
from setuphelpers import *

uninstallkey = []

def install():
    print('installing %s' % control.asrequirement())
    # put here what to do when package is installed on host
    # implicit context variables are WAPT, basedir, control, user, params, run

    #* Windows Update : wuauserv
    #* Windows Remediation Service : sedsvc
    #* Update Orchestrator Service : UsoSvc
    #* Windows 10 Update Facilitation Service : osrss
    #* WaaSMedicSvc : Windows Update Medic Service
    #* Optimisation de livraison : dosvc

    for service in ('dosvc','waasmedicsvc','unosvc'):
        print("Checking  %s " % service)
        if reg_key_exists(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service):
            if int(registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service,'start')) !=4:
                print('Disabling Windows Remediation Service (%s)'% service)
                registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service,'start',4)
                service_stop(service)
                run('taskkill /FI "SERVICES eq %s"  /F' % service)
        else:
            print('no service %s found ' % service)
    # osrss (Windows 10 Update Facilitation) cannot be shut down with standard way
    registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\osrss','start',4)
    run(r"icacls c:\windows\system32\osrss.dll /deny *S-1-1-0:(oi)(ci)(DE,dc)")
    run('taskkill /FI "SERVICES eq osrss"  /F')

    # wuauserv is still need for waptwua
    registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\wuauserv','start',4)

    registry_set(HKEY_LOCAL_MACHINE,r'Software\Policies\Microsoft\Windows\WindowsUpdate','WUServer','https://wapt')
    registry_set(HKEY_LOCAL_MACHINE,r'SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate','DoNotConnectToWindowsUpdateInternetLocations',1)
    registry_set(HKEY_LOCAL_MACHINE,r'SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate','UseWUServer',1)
    registry_set(HKEY_LOCAL_MACHINE,r'SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate','NoAutoUpdate',1)

def uninstall():
    print('uninstalling %s' % control.asrequirement())
    # put here what to do when package is removed from host
    # implicit context variables are WAPT, control, user, params, run

def audit():
    print('Auditing %s' % control.asrequirement())
    status = 'OK'

    for service in ('dosvc','waasmedicsvc','unosvc','osrss'):
        print("Checking  %s " % service)
        if reg_key_exists(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service):
            if int(registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service,'start')) !=4:
                print('Service %s should not be enabled' %  service)
                status='ERROR'


    return status
History
Date User Action Args
2019-11-05 17:48:16dcardoncreate