I have some clients that I would like to restrict from using the NET command at the prompt, is there anyway i can stop this?
Thanks
Gordon R. Durgha
gd@vslink.net
Thanks
Gordon R. Durgha
gd@vslink.net
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Stopping the use of the NET command
- Thread starter GDX
- Start date
Guest_imported
New member
- Jan 1, 1970
- 0
LoL. Actually its kinda ironic that even if you set the policy in W2K to restrict the command prompt for a specific object, all this does is restrict its execution from a specific location, it does not actually restrict the execution of the command.com. A very easy way to test this is by using the following:
Create a text file on the desktop,
write "\%systemroot%\system32\command.com"
or if installed in default location, simply c:\winnt\system32\..
save the file as xxx.bat
run the file and LoL and behold, you have an unrestricted command prompt running even with all the GPOs prohibiting it...
Just as a note, this was really funny when discovered and shows yet again what a wonderfully secure system W2K is...
But to answer your question GDX, easiest way is to reset the permissions on the net.exe such that only Admins and System have any kind of permissions to it.
Hope this helps.
Create a text file on the desktop,
write "\%systemroot%\system32\command.com"
or if installed in default location, simply c:\winnt\system32\..
save the file as xxx.bat
run the file and LoL and behold, you have an unrestricted command prompt running even with all the GPOs prohibiting it...
Just as a note, this was really funny when discovered and shows yet again what a wonderfully secure system W2K is...
But to answer your question GDX, easiest way is to reset the permissions on the net.exe such that only Admins and System have any kind of permissions to it.
Hope this helps.
- Thread starter
- #4
Lets say I have over 200 Client machines how might I go about reseting the permissions on all of them? Is there a tool I can use? Gordon R. Durgha
gd@vslink.net
gd@vslink.net
brontosaurus
MIS
to restrict the Net Send command in 2K, stop and disable the Messenger service. I can't say for 9x though...
ShackDaddy
MIS
Messing around, why don't you just have a script run on all the clients that deletes or renames the 'net.exe' executable?
Just for kicks, I renamed every instance of 'net.exe' on my system to 'bet.ext'. I then tried to run 'net view' and it still worked. I think if I restart the system, something may leave the cache that will disable it, but I can't really reboot right now. Let me try it on another system...
I just tried renaming the file on an NT Workstation and it did disable NET commands. I then tried mapping a drive in the GUI and it worked fine.
ShackDaddy
Just for kicks, I renamed every instance of 'net.exe' on my system to 'bet.ext'. I then tried to run 'net view' and it still worked. I think if I restart the system, something may leave the cache that will disable it, but I can't really reboot right now. Let me try it on another system...
I just tried renaming the file on an NT Workstation and it did disable NET commands. I then tried mapping a drive in the GUI and it worked fine.
ShackDaddy
- Status
Similar threads
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question