Australia: (+61) 2801 48283, (+61) 2801 44572, (+61) 1300 954 574 (English - 24 hour service)
Brasil: (+55) 11 395 88 765 
Canada: (+1) 647 955 1197 , (+1) 647 847 3405 
Deutschland: (+49) 2319 8928 017, (+49) 2318 868 043 
Espańa: (+34) 902 190 765 
France: (+33) 8 92 561 161 (0,34€ TTC / min) 
Italiano: (+39) 0699 268 342 
New Zealand: (+64) 998 535 51 
Osterreich: (+49) 2319 8928 017, (+49) 2318 868 043 
Romania: (+40) 21 300 1226, (+40) 21 300 1227 
Schweiz: (+49) 2319 8928 017, (+49) 2318 868 043 
United States: (+1) 954 928 2780 
United Kingdom: (+44) 208 819 2649 
WorldWide: (+40) 21 264 1794 
Introducing 5 WMI scripts to secure your network
Bitdefender Client Security is an easy to use business security and management solution, which delivers superior proactive protection from viruses, spyware, rootkits, spam, phishing and other malware. It offers the following components: Bitdefender Management Server (with/without add-on), Bitdefender Local Update Server, Bitdefender Business Client and Bitdefender Management Agent;
New WMI scripts are created based on WMI script templates. A WMI script template allows creating a script that you can assign to managed computers in order to find out useful information about them or perform a specific administrative task.
You can create and assign new WMI scripts in the Create New WMI Script pane. To display this pane, do one of the following:
- In the tree menu, go to WMI Scripts > Create New WMI Script.
- In the WMI Scripts pane, click the corresponding link.
For securing your netork we recommend 5 WMI scripts that should be assigned to remote network computers managed by Bitdefender Management Server.
Enable/Disable Autorun for all Drives
Enable/Disable USB Mass Storage
Computer worms are increasingly using USB storage devices and the autorun feature of the Microsoft Windows operating systems to spread through the network. Autorun enables automatic detection and reading of new media. Such media includes USB flash drives, network shares, CDs, DVDs and other.
You should disable autorun for all drives because a lot of viruses infect the autorun.inf file. This file is present on every USB flash drive and ran automatically when you insert the drive.
You can run these WMI scripts on all managed computers to completely disable autorun and USB storage devices in the network. Afterwards, you can run the WMI scripts as needed to temporarily enable them on specific managed computers.
To create and assign such WMI scripts, follow these steps:
1. In the Create new WMI Script pane, double-click the desired WMI script template. A new pane will be displayed.
2. Select whether to enable or disable autorun/USB storage devices on the target computers.
Note
The changes will take effect after the system is restarted. You can use a computer restart WMI script to force the target computers to restart.
3. Click Finish. A new pane will be displayed.
4. Select the location where clients or groups are to be searched in order to be assigned the WMI script. You can select Network computer to search in the Managed Computers group or Network users and groups to search in Active Directory.
5. Select the computer, group or domain user to assign the WMI script to.
6. If you want to run the script at a later time or on a regular basis, you must configure the schedule as follows:
- To run the script at a later time, select the Starting check box, click the corresponding button and set the time using the calendar.
- To run the script on a regular basis, choose a convenient option from the Schedule menu and set the frequency using the second menu. You can specify when to start and when to end the schedule by selecting the Starting and Ending check boxes. To set the start and end time, click the corresponding buttons and use the calendar.
Install Windows Updates
Keeping Windows up to date is an important step in securing the computer network of your organization. Many attacks can be mitigated if Windows is up to date. Using a Install Windows Updates WMI script, you can immediately update Windows on all client computers. This is especially useful in the following situations:
- A critical Windows update has just been released and it should be installed immediately.
- If your organization's policies require testing important Windows updates (such as service packs) before they are installed on the network computers. After testing the update, you can run this WMI script to install it on all client computers.
To create and assign Install Windows Updates WMI scripts, follow these steps:
1. In the Create new WMI Script pane, double-click the Install Windows Updates template. A new pane will be displayed.
2. Select one of the available options to update Windows or to find out information about Windows updates available on client workstations.
- List the available updates. Select this option to find out information about the Windows updates available for the target computers.
- Install updates. Select this option to install the most important Windows updates available on the target computers. To also install other optional software and hardware updates, select the corresponding check boxes.
- Install a specific update. Select this option to install a specific Windows update available on the target computers. You must provide the ID of the update to be installed. To find out the update ID, you must run this script with the List the available updates option selected.
3. If your company uses a proxy server to connect to the Internet, select Use Proxy Server and specify the connection settings using one of these syntaxes:
- http://proxy_server_ip:port
- http://proxy_server_name:port
4. Some Windows updates require restarting the computer. You can select Restart computer if required to automatically restart the computer after the update is installed.
5. Click Finish. A new pane will be displayed.
6. Select the location where clients or groups are to be searched in order to be assigned the WMI script. You can select Network computer to search in the Managed Computers group or Network users and groups to search in Active Directory.
7. Select the computer, group or domain user to assign the WMI script to.
8. If you want to run the script at a later time or on a regular basis, you must configure the schedule as follows:
- To run the script at a later time, select the Starting check box, click the corresponding button and set the time using the calendar.
- To run the script on a regular basis, choose a convenient option from the Schedule menu and set the frequency using the second menu. You can specify when to start and when to end the schedule by selecting the Starting and Ending check boxes. To set the start and end time, click the corresponding buttons and use the calendar.
Remote Desktop Connection
Remote Desktop Connection (also known as Remote Desktop) is a software provided by Windows operating systems to allow users to connect remotely to another computer. Mobile workers and telecommuters commonly use Remote Desktop to access resources on their workstation (or on company servers) from a remote location. Also, IT administrators sometimes connect with Remote Desktop to network computers to troubleshoot issues or install applications.
Windows provides a setting that can be used to allow or block incoming Remote Desktop connections (on Windows XP, Allow users to connect remotely to this computer). This setting can be changed only by users that are members of the Administrator group.
The Remote Desktop Connection WMI script changes Windows settings on client workstations to control incoming connections through Remote Desktop Connection. You can run the script once and configure Windows on all managed computers to allow or block incoming Remote Desktop connections. This comes in handy especially when you administer hundreds of computers.
Note
You typically control Remote Desktop connections using a firewall (for example, apply a Bitdefender Business Client firewall policy). If you use Remote Desktop to manage network workstations remotely, it may be convenient to configure the firewall to allow incoming Remote Desktop connections, but control them from Windows. This is very efficient if users log on to restricted (limited) Windows user accounts.
To create and assign Remote Desktop Connection WMI scripts, follow these steps:
1. In the Create new WMI Script pane, double-click the Remote Desktop Connection template. A new pane will be displayed.
2. Select the option corresponding to the operation to be performed on the assigned client workstations:
- Enable Remote Desktop Connection - to allow incoming Remote Desktop connections and disable the Windows Firewall (if available).
- Disable Remote Desktop Connection - to block incoming Remote Desktop connections. You can also choose to enable the Windows Firewall (if available). This is not recommended if you plan to run the script on workstations that already have a firewall turned on.
3. Click Finish. A new pane will be displayed.
4. Select the location where clients or groups are to be searched in order to be assigned the WMI script. You can select Network computer to search in the Managed Computers group or Network users and groups to search in Active Directory.
5. Select the computer, group or domain user to assign the WMI script to.
6. If you want to run the script at a later time or on a regular basis, configure the schedule as needed.
Windows Automatic Updating
Windows Automatic Updates helps users keep their operating system up-to-date. An up-to-date operating system may greatly reduce the number of malware that can compromise its security. You can configure Windows Automatic Updates consistently across the network (on all network computers) using the Windows Automatic Updating WMI script.
To create and assign Windows Automatic Updating WMI scripts, follow these steps:
1. In the Create new WMI Script pane, double-click the Windows Automatic Updating template. A new pane will be displayed.
2. Select one of the available options to configure Windows Automatic Updates on client workstations. The options are similar to those of Windows Automatic Updates.
- Automatically download recommended updates and install them. This option may be appropriate for users who are not so familiarized with computers (users you expect not to know how to install Windows updates). Configure the update frequency and time using the menus.
- Download updates, but let the user choose when to install them.
- Notify the user when new updates are available.
- Turn off Automatic Updates. This option is not recommended. If Windows is not updated regularly, the system will be more vulnerable to viruses and hackers.
3. Click Finish. A new pane will be displayed.
4. Select the location where clients or groups are to be searched in order to be assigned the WMI script. You can select Network computer to search in the Managed Computers group or Network users and groups to search in Active Directory.
5. Select the computer, group or domain user to assign the WMI script to.
6. If you want to run the script at a later time or on a regular basis, configure the schedule as needed.
