Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HELP ME Please !!! Net Send is Scary to users 2

Status
Not open for further replies.

vfear

Technical User
Feb 9, 2001
159
US
Our network with many many users. People will netsend the entire network saying thinks like reboot and people will actually do it. How do I stop net send?? They also dont have access to the cmd prompt so they write bat files in notepad or word. I cant block all bat files cause I need their log in script to work. Please someone help !!!!!!!! :(
 
Also when whoever sends a net send it gives the username of the person sending the message, so tell your users that unless you are sending this message to ignore it. Also they can report to you who is sending these messages.


Dev
 
Best bet in my humble opinion, don't use net send at all. People may use it, but tell all client's to ignore it. Use e-mail for notifications. Explain to all users that if they get a net send message, click ok and ignore it. Another method is to get a free firewall and teach people how to block messages from the worst abusers. This doesn't have to be complicated or expensive. Good luck. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com
[americanflag]

"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.
 
DAnkelt has a nice way .. A+, MCP, CCNA
marbinpr@hotmail.com

Keep fighting for your knowledge!

 
I don't quite understand why it is so difficult for you to stop net sends. It is quite easy to restrict access to the messenger service using logon scripts and GPO's in AD.

If you need a step by step on how to accomplish this, then feel free to e-mail me and I will help you. Also, a little more information on exactly what type of setup you currently have on your network would make it easier for us to post some useful answers to your posts.

Good Luck JPGregg
Network Administrator
A+, Network+, Internet+,
MCP, MCSA
 
The system event log keeps a running record of "application pop-ups" caused by the messaging service. It includes the sending node's IP address. I agree with other posts that include enforcing domain policy (if applicable). I sent an e-mail to everyone in my domain establishing the penalty for malicious messaging, and told them about the trail left in the event log. There were no more problems. You can also connect to another machines's event log from your desk if you have sufficent privilege. Jim - Synnex Info Tech
 
Physically go to that user, knock him/her upside his skull then log into his computer and DISABLE the messenger service. ~ or ~

Make a group policy and add that user to it
 
I noticed you said that they are masking their machine name or user name when they are net sending. It is possible that they are using a 3rd party tool, such as the one that people are currently using to send direct ads using an exploit in the messenger service. You may want to look into limiting what executables the users can run on their systems. This can be done using GPO's. If they are definelty masking their net sends, then this just might be the case. I know for a fact that there are multiple cracked versions of this software out there, and in the hands of some user it could definetly cause a lot of hassle. You may want to look into what exactly is out there on your network.

also...you can use a one time login script using the run as command tostop the service and change it to manual startup under the administrator context if you do not want to go the route of putting users into the local admin group. Although, with GPO's, you can add all the users to groups and then add those groups to the local admin group. This gives you the option of setting some serious restrictions on what those groups can do. This allows you to have them process scripts that require administrative priveledges while giving you the ability to lock down other administrative rights.

JPGregg
Network Administrator
A+, Network+, Internet+,
MCP, MCSA
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top