How can I shut someone down through RUN: net send

[atxross]

Somebody keeps doing it to me and I want to get them back, I just don't know how to do it.

Thanks to all in advance.

Pissed Tech!

 

[gpalmer711]

Are you sure they are not using the Shutdown command?

Usage: shutdown [-i | -l | -s | -r | -a] [-f] [-m \\computername] [-t xx] [-c "comment"] [-d up

No args Display this message (same as -?)
-i Display GUI interface, must be the first option
-l Log off (cannot be used with -m option)
-s Shutdown the computer
-r Shutdown and restart the computer
-a Abort a system shutdown
-m \\computername Remote computer to shutdown/restart/abort
-t xx Set timeout for shutdown to xx seconds
-c "comment" Shutdown comment (maximum of 127 characters)
-f Forces running applications to close without warning
-d [p]:xx:yy The reason code for the shutdown
u is the user code
p is a planned shutdown code
xx is the major reason code (positive integer less than 256)
yy is the minor reason code (positive integer less than 65536)

Greg Palmer
Free Software for Adminstrators

http://www.palmersoft.co.uk

 

[atxross]

You my friend as they say Rock!

 

[bcastner]

You cannot shut down with net send.

1. Open the Local Security Policy console in the Administrative Tools folder.
2. Browse down to: Security Settings\Local Policies\Security Options.
3. Double-click on the Network Access: Sharing And Security Model For Local Accounts.
4. Change the settings from Guest Only to Classic. This feature is, by default, set to Classic when Windows XP Professional is joined to a domain.

Using regedit.exe is also possible:

HOWTO: Validate User Credentials on Microsoft Operating Systems

http://support.microsoft.com/default.aspx?scid=KB;EN-US;180548

On Windows XP, the ForceGuest registry value is set to 1 by default in the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Set the value to Decimal 0

Finally, there is a Group Policy Object that confines the shutdown command by Group and User; the default is Administrator.

Remove your "friend" from your local administrative group.

 

[bcastner]

Note: my advice was focused on removing the ability to do a remote shutdown of your machine.

You could count in nanoseconds how long your friend would still be employed at one of my shops.

 

[atxross]

I was going to say, I did it with no problem

 

[nlm9802]

actually if you create a batch file called "net.bat" and have it do the shutdown -f -t 0
command it will shutdown the computer when you type net send.

 

[bcastner]

nlm9802,

I am sorry, but what you stated above is simply not true. You cannot execute a command from a Net Send message. Whether you include a .bat, .cmd or cscript it just will not happen for the recepient.

But you are very close to a kind of interesting way to block the Sender from using and abusing Net commands. This has been discussed previously, but I like forum member Grifffin's explanation:

Create a batch file called NET.BAT and put it in a directory that is referenced in the PATH environment variable *before* WINNT\SYSTEM32, which is where the NET.EXE program lives.

Contents of NET.BAT should be:

@echo off
if /I '%1'=='SEND' goto End
%WINDIR%\SYSTEM32\NET.EXE %1 %2 %3 %4 %5 %6 %7 %8 %9
:End

What is this doing?

Because of the path statement, NET.BAT will be found before NET.EXE, and so it will get run instead. This will not happen if the current directory is \WINNT\SYSTEM32.

Because we don't want to block off all the NET functions, the first line does a case insensitive (/I) compare of the first parameter. If it's not SEND then it calls the real NET program.

Hope that works. You'll need Command Extensions enabled to use the /I switch. I think they're turned on by default.

 

[nlm9802]

hmm.. disregard, it doesnt work in xp pro. I remember you can do this in NT, but XP defaults to (and recreates if you delete it) net.exe

I agree though, not something you should do on the job if you like working where you are :0

 

[bcastner]

Nanoseconds before big beefy security gaurds show you the exit to the building.