General discussion

Locked

Anyone can remotely reboot your server?

By jamesrwhite ·
This is both a question and warning. I've recently downloaded a utility called "tweakIP" which will allow you to connect to any NT machine, connect to it's registry, and set tcp/ip, netbios, etc. options. It also has a "reboot" option. I was able torun the utility on my NT Workstation and not only reboot my PDC, BDC, and other NT machines within my domain, but was able to connect to OTHER NT machines in FOREIGN DOMAINS in which I am NOT a user/member and reboot / change their settings as well!!! Beware !

I also checked the NT event/security log and it did not note anything unusual other than the machine was restarted. [but not who/why]

If anyone has a "lock-out" for this I would be interested to find out.

Regards,

J.R.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Anyone can remotely reboot your server?

by bryan In reply to Anyone can remotely reboo ...

I did some testing with TweakIP, which I found at Winfiles.com. It appears work just like the RK "shutdown.exe" program - which is dependent on user rights. There are three things you can do to limit who can remotely reboot your server:

First, open User Manager and focus it on the machine you need to protect against reboots. From the "Policies" menu, select "User Rights". Now edit the groups listed under the following rights:

1: "Force shutdown from a remote system" (I suggest editing this down toAdmins only).
2: "Shut down the system" (again, admins only would be smart).

One last method of buttoning up your server, set the key

HKEY Local Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon = 1
also removethe DefaultPassword key from the same tree location in your registry.

Now you can verify by logging on as any non-admin user and running TweakIP. It will fail to restart the system.

Collapse -

Anyone can remotely reboot your server?

by jamesrwhite In reply to Anyone can remotely reboo ...

The question was auto-closed by TechRepublic

Collapse -

Anyone can remotely reboot your server?

by bryan In reply to Anyone can remotely reboo ...

Part TWO!

To protect against others changing your registry settings, use REGEDT32 to set permissions on your registry keys. I think you'll find a couple of security whitepapers at MS's site if you look around.

Collapse -

Anyone can remotely reboot your server?

by jamesrwhite In reply to Anyone can remotely reboo ...

The question was auto-closed by TechRepublic

Collapse -

Anyone can remotely reboot your server?

by jebrwn In reply to Anyone can remotely reboo ...

1. Mcaffee Remote Control
2. PcAnyWhere 8.0
3. DoubleVision 2.1 http://www.tridia.com/products/dvnt_slick.html

Collapse -

Anyone can remotely reboot your server?

by jamesrwhite In reply to Anyone can remotely reboo ...

The question was auto-closed by TechRepublic

Collapse -

Anyone can remotely reboot your server?

by jamesrwhite In reply to Anyone can remotely reboo ...

This question was auto closed due to inactivity

Back to Windows Forum
7 total posts (Page 1 of 1)  

Operating Systems Forums