Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Send Message to Unauthorized PCs 2

Status
Not open for further replies.
retto

retto

Technical User
Oct 3, 2002
27
0
0
US
Hello everyone, I have had an issue lately where there seems to have been a killer laptop sale I didn't know about. 5-6 users on my network have started bringing in their newly aquired machines and plugging into the network. I have attempted to try the nice approach and please ask them to disconnect while they are working, but there are some problematic folks.
I would like to net send a message by IP telling them they are not authorized to use the network. I want the user not to see that it is coming from me so that they assume the worst. All of these machines are XP so I imagine that the messenger service is not running on them. Please let me know if you have any suggestions. Thank
 
Sort by date Sort by votes
If you net send via IP to the problematic laptops it will show the computer name of where it came from. Also, the messanger service has only been turned off by default in XP SP2.

Just found this which could be of some help in sending messages although I havent tested it myself:

 
Upvote 0 Downvote
All of these machines appear to be running XP sp2. I am taking a closer look at ntsend, but it looks like the machine has to have an account in AD for it to work. Is there another way to send a notification by mac address, ip, machine name... On machines running SP2?
 
Upvote 0 Downvote
There are third party apps to do this but his sounds like someone trying to run a prank more than a real problem to me.
 
Upvote 0 Downvote
If you are assigning addresses via DHCP, you could drop their lease... or if you know their MAC address, you could assign a "special" scope to those machines with options that basically break connectivity to your network...

If you know the admin password on the workstations, you can use PSTools suite to send turn on messenger and send them a message from their own machine... just tossing out ideas off the top of my head here.



~Intruder~
CEH, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong" :)
 
Upvote 0 Downvote
I am looking a bit further into the scope options, but I setup an IP reservation based on mac address and prevented that IP address from accessing outside resources on the firewall. Thanks for all of your help. The issue is not resolved, but this is a servicable work-around for the time being. Again, thanks, as always.
 
Upvote 0 Downvote
First, how do they get on the network? Do you not secure unused ports at the switch?

Next, once they are on the network, How do they get an IP address? DHCP, or are your internal network settings common knowledge? If you do use DHCP, Just create a scope with a small ip range and no default gateway or an invalid gateway. Next time you see them show up in DHCP, copy the mac address and create a reservation in your "Special VIP" scope.

If they are putting in their own IP address information, it;s time to involve upper management. End users cannot be allowed to randomly inject potentially conflicting devices that could cause outage of business critical systems on the corporate network. If management balks, change your SLAs for recovery to a couple of hundred years or so. You can't guarantee a service level if you have no control of the infrastructure.

If the user claims to have knowledge of your business critical systems, then involve law enforcement. Confidential information about your corporate IT infrastructure should not be public knowledge. If the information is not available through public sources, how did the user come by this knowledge? Hacking or "intrusion testing" your corporate network without consent is a crime in most municipalities.

 
Upvote 0 Downvote
They are plugging into unused active ports. The previous employees here rewired the building and labeled nothing, also, removed nothing. Getting a accurate idea of live ports vs. dead ones has not been something I have attempted to clear up yet, but is on the books as a future project. There are only a few users that do this for nonmalicious reasons, and the static ips seems to have fixed the problem. Thanks for all of your help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
89
mangentle
mangentle
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
90
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
107
microsGuy16
microsGuy16
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
75
hairlessupportmonkey
hairlessupportmonkey
DrB0b
  • Locked
  • Question
HyperV trying to do extended replica to external HDD
Replies
0
Views
48
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top