Net Send 1

[gazzanewpy]

Okay, net send is officially a pain in the ***e!

We use it to check out the system and other features but now our students are using it to communicate with each other. Beyond my previous posting, how can I stop Net Send without the net stop messenger command (that is very simple to reverse)?

 

[Claudek]

Perhaps removing their ability to use the Run and cmd functions using Group Policy.
You could always do a usage policy where they are advised that it is not allowed for them to use the net send and being caught would attract some form of sanction.




Claudius (What certifications??)

http://www.iteq.com.au

 

[gazzanewpy]

Run and CMD are disabled but the clever darlings simply create a VB interface that executes the command as part of a shell, making it windows-based.

As regards a usage policy, there is one and the sanction is the withdrawal of access but this must be used effectively. At present too many individuals have use of the program and therefore we are fighting a tide; sanctions only work when you can attack a minority to attract the attention of the majority.

 

[bcastner]

Create a batch file called NET.BAT and put it in a directory that is referenced in the PATH environment variable before WINNT\SYSTEM32, which is where the NET.EXE program lives.

Contents of NET.BAT should be:

@echo off
if /I '%1'=='SEND' goto End
%WINDIR%\SYSTEM32\NET.EXE %1 %2 %3 %4 %5 %6 %7 %8 %9
:End

What is this doing?

Because of the path statement, NET.BAT will be found before NET.EXE, and so it will get run instead. This will not happen if the current directory is \WINNT\SYSTEM32.

Because we don't want to block off all the NET functions, the first line does a case insensitive (/I) compare of the first parameter. If it's not SEND then it calls the real NET program.

Source: forum member Griffyn

 

[chriseubank]

hey that's a sneaky one ... I'll have to remember that!!

Chris