Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Block 'net send' messenger

  • 14-03-2005 3:56pm
    #1
    Registered Users, Registered Users 2 Posts: 1,165 ✭✭✭


    I'm wondering if its possible to set up on a windows 2003 server domain controller that the messenger service that allows domain users to send 'net send' commands can be permanently turned off and not to be used. The users
    here have local administrator rights, so I dont think there is any point in
    trying to turn off or uninstall the service, as they'd probably just reinstall
    it or manually turn it back on.

    In past experience I've found that telling people something isn't allowed
    is nowhere near as good as just preventing them from doing it.

    Anyway, is there a security profile I can use it to block this??


Comments

  • Closed Accounts Posts: 4,487 ✭✭✭Kevin_rc_ie


    funnily enough i want to unblock this service because i can't get it to work anymore.


  • Registered Users, Registered Users 2 Posts: 1,391 ✭✭✭fatherdougalmag




  • Closed Accounts Posts: 4,487 ✭✭✭Kevin_rc_ie


    (hijack) helped me turn mine on so i'll say thanks. (/hijack)


  • Closed Accounts Posts: 244 ✭✭osmethod


    I don't know if you can restrict net send specifically...

    You could perhaps create an admin user, not a member of the Administrators group and give ownership/permissions to net.exe to this user only...

    osmethod


  • Registered Users, Registered Users 2 Posts: 1,165 ✭✭✭Stky10



    Looks more promising. The users are pretty technical and they're
    damned determined so I'm pretty sure just stopping the service wouldnt
    be enough. I'll try the GPO first...

    Cheers


  • Advertisement
  • Posts: 2,874 ✭✭✭ [Deleted User]


    Out of interest why do you want to stop them using it? The only reason I would turn it off would be to prevent spam.


  • Registered Users, Registered Users 2 Posts: 1,569 ✭✭✭maxheadroom


    Stky10 wrote:
    Looks more promising. The users are pretty technical and they're
    damned determined so I'm pretty sure just stopping the service wouldnt
    be enough. I'll try the GPO first...

    Cheers
    Is there any way to filter the messages at an IP level - configure your switch / other associated network hardware to block comms on that port for instance?


  • Registered Users, Registered Users 2 Posts: 1,165 ✭✭✭Stky10


    Out of interest why do you want to stop them using it? The only reason I would turn it off would be to prevent spam.

    Some muppets in a clique spend their day sending each other messages
    and interuppting others.

    Havent gotten around to much about this yet, came back to read the
    relative webpage again. I dont think blocking ports is much of an option
    as it would block netbios as well.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,604 Mod ✭✭✭✭Capt'n Midnight


    add this to login script if there is one - even if local admin will annoy
    net stop messenger [edit]

    xpantispy has an option to remove ms messanger from the system

    If it's external communication then it should be blocked at the firewall in any case.

    this will really annoy - any complaints => refer to organisation policy
    net send User "rebooting because of system compromise"
    if errorlevel 1 shutdown \\computername


  • Registered Users, Registered Users 2 Posts: 1,165 ✭✭✭Stky10


    add this to login script if there is one - even if local admin will annoy
    net stop alerter

    From a microsoft page

    "Stop the Alerter service that sends alert messages to specified users that are connected to the server computer. Alert messages warn users about security, access, and user session problems."

    I don't think that would bother them. Starting the service on the other
    hand might piss them off more. I want to stop the messenger service
    and stop them from restarting it. I've even gone as far as blocking ports 135,
    137-139, 445 to stop Netbios and it still doesnt work. So much for this

    http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html#netsend
    xpantispy has an option to remove ms messanger from the system

    Its not MSN Messenger I want to get rid of. I've shown them I can read
    MSN messenger messages by monitoring what goes through the firewall,
    so they've switched to the messenger service instead.
    If it's external communication then it should be blocked at the firewall in any case.

    No its internal only.
    this will really annoy - any complaints => refer to organisation policy
    net send User "rebooting because of system compromise"
    if errorlevel 1 shutdown \\computername

    I dont see how it would work. I've more to do than try and detect every
    message they send each other and then reboot their machine. I want to
    stop it so they cant do it. I'll keep looking I think.


  • Advertisement
  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,604 Mod ✭✭✭✭Capt'n Midnight


    Stky10 wrote:
    The users here have local administrator rights, so I dont think there is any point in trying to turn off or uninstall the service, as they'd probably just reinstall it or manually turn it back on.
    ...
    The users are pretty technical and they're damned determined so I'm pretty sure just stopping the service wouldnt be enough. I'll try the GPO first...
    Even if you manage to block the messenger and do all sorts of fancy stuff in Active Directory , they will just move on to some thing they downloaded off the net that uses a different port / method. eg: They could also add NetBEUI to thier machines and use a private network that bypasses IP. eg: In linux you can define the text inside ping packets so it's possible to sneak messages past just about anything if someone was really determined and could find the right app.

    Point is if they have Admin rights in windows there is nothing a sysadmin can do to stop them abusing thier machines somehow, it's a management (as in suits) issue not a technical one. If a techno fix is needed then they should be dropped to power users. And besides even if you could block every port they will find other ways to waste time..

    Another option would be to hide the machines from each other - but they can see thier IP addresses so that ain't gonna work unless you have amazing network switches and besides that sort of one off network setup always comes back to bite you.


  • Registered Users, Registered Users 2 Posts: 1,165 ✭✭✭Stky10


    Point is if they have Admin rights in windows there is nothing a sysadmin can do to stop them abusing thier machines somehow, it's a management (as in suits) issue not a technical one. If a techno fix is needed then they should be dropped to power users. And besides even if you could block every port they will find other ways to waste time..

    I'm beginning to think that myself. I'll have a look at the difference between
    local administrator vs power user privileges. I'm busy enough as is without
    having to nurse people through to a stage where they do what they're told.


Advertisement