Minor application update, Accommodating vpns and wireless security, Antidote delivery manager command guide – Lenovo ThinkPad Edge 15 User Manual

Minor application update

Not all maintenance requires the drastic measures previously described. If a patch is available, but a virus
attack is not in progress, a more relaxed approach might be appropriate.

A single script can control the operation through the use of the RETRYONERROR command and tag files.

1. Download PhaseThe process begins with a message box informing the user that a patch will be

downloaded for later installation. Then, the patch can be copied from the server.

2. Patch phaseThe patch code is ready for installation and it is time to warn the user to start installation. If

the user requests a delay, a tag file could be used to track the delay. Perhaps later requests to install the
patch might be more urgent. Antidote Delivery Manager maintains this state even if the user powers off
or reboots their system. When the user has completed all processing and is ready for a system reboot,
the patch is installed and the system is rebooted, if required.

Attention: After a system has been restored and rebooted, reboot the system again in order for changes to
take effect.

Accommodating VPNs and wireless security

The Rescue and Recovery environment does not currently support either remote access Virtual Private
Networks (VPN) or wireless network attachments. If a machine is using one of these network attachments in
Windows XP, and then reboots to the Rescue and Recovery program, network connectivity is lost. Therefore,
a script like the one in the previous example does not work because networking is not available in the
Rescue and Recovery program to download files and fixes.

The solution is to package all required files in the original message or download the needed files before
rebooting. Place all necessary files in the directory with go.rrs. The script file must move the required
files into their final positions before exiting the script (when the directory containing go.rrs on the client is
deleted). Placing patches in the message file might not be practical if the patches are very large. In this
case, the user should be informed, then networking is restricted to only the server containing the patch.
Then the patch can then be downloaded while still in Windows XP. Although this can lengthen the exposure
of Windows XP to a virus, the extra time is probably not significant.

Antidote Delivery Manager command guide

The boot manager command-line interface is Antidote Delivery Manager. It resides in the directory
C:\Program Files\Lenovo\Rescue and Recovery\ADM. The following table presents the switches and their
results for Antidote Delivery Manager.

Table 37. Antidote Delivery Manager commands

Commands

Description

APKGMES [/KEY keyfile|
/NEWKEY keyfile|/NOSIG]
message_directorymessage_name [/NODATE]

If the /KEY parameter is used, a signing key will be retrieved from
keyfile.prv and the key in keyfile.pub must have been distributed
to all clients that will process the message. By default, the key file
"KEYFILE.PRV" will be used. The /NEWKEY parameter can be used
to create a key. If signing is not desired, specifying /NOSIG will
prevent signing. A date stamp will be appended to the end of the
message name, such as message_nameYYMMDDHHmm.zap.

136

Rescue and Recovery 4.23 Deployment Guide