Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Remote Shutdown's in the Classroom


  • Please log in to reply

#1
oyzomagno

oyzomagno

    Member

  • Member
  • PipPip
  • 42 posts
So, I have an interesting problem here. I am the T.A. for several CITS classes at a university. Recently several students have found that they can access all default shares and remote shutdown any computer in the lab (screenshots). All the computers have the same user name and password making this ridiculously easy. I've tried several methods of preventing this but so far am unsuccessful. Any advice? Thanks.

access to share.png

remote shutdown.png
  • 0

Advertisements


#2
SpywareDr

SpywareDr

    Member 3k

  • Member
  • PipPipPipPipPipPip
  • 3,757 posts
Delete (or rename, and/or hide) shutdown.exe.
  • 0

#3
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,046 posts
  • MVP
you can't do a remote shutdown unless you're an administrator. make their shared user NOT an administrator (if possible)

same goes for the administrative shares....can't see those if you're not an administrator
  • 0

#4
oyzomagno

oyzomagno

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
The accounts have to be administrator... These are CITS and CIOS classes in this lab.

I may have found a solution but still need to do some more testing. We have Semantic Endpoint Protection installed on these computers, so I added a new firewall rule in the Semantic Network Threat Protection, that blocks all non-established incoming TCP connections. So far it seems to be working and I am still able to remotely administer Faronics Deep Freeze and Norton Ghost with the rule on.
  • 0

#5
oyzomagno

oyzomagno

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Delete (or rename, and/or hide) shutdown.exe.



It's not just shutdowns that are the issue, several students think it's funny to go to the C$ shares and mess with things. So far its all been fairly harmless; filling their desktop with random text documents and folders, or putting system crashing batch files into student folders, but I know it's only a matter of time before someone has something important they've been working on deleted.
  • 0

#6
SpywareDr

SpywareDr

    Member 3k

  • Member
  • PipPipPipPipPipPip
  • 3,757 posts
Those "several students" sound like a problem screaming for a solution.

Go ahead, put me in charge.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP