[oyzomagno]

So, I have an interesting problem here. I am the T.A. for several CITS classes at a university. Recently several students have found that they can access all default shares and remote shutdown any computer in the lab (screenshots). All the computers have the same user name and password making this ridiculously easy. I've tried several methods of preventing this but so far am unsuccessful. Any advice? Thanks.

[Advertisements]

Delete (or rename, and/or hide) shutdown.exe.

[SpywareDr]

Delete (or rename, and/or hide) shutdown.exe.

[dsenette]

you can't do a remote shutdown unless you're an administrator. make their shared user NOT an administrator (if possible)

same goes for the administrative shares....can't see those if you're not an administrator

[oyzomagno]

The accounts have to be administrator... These are CITS and CIOS classes in this lab.

I may have found a solution but still need to do some more testing. We have Semantic Endpoint Protection installed on these computers, so I added a new firewall rule in the Semantic Network Threat Protection, that blocks all non-established incoming TCP connections. So far it seems to be working and I am still able to remotely administer Faronics Deep Freeze and Norton Ghost with the rule on.

[oyzomagno]

Delete (or rename, and/or hide) shutdown.exe.

It's not just shutdowns that are the issue, several students think it's funny to go to the C$ shares and mess with things. So far its all been fairly harmless; filling their desktop with random text documents and folders, or putting system crashing batch files into student folders, but I know it's only a matter of time before someone has something important they've been working on deleted.

[SpywareDr]

Those "several students" sound like a problem screaming for a solution.

Go ahead, put me in charge.