Guest bitingsock Posted March 20, 2005 Share Posted March 20, 2005 HI! So here's the deal: my brother has gotten pretty good with autoit and he made a remote shutdown script, I on the other hand well lets just say the limit to my skills is just about "leftclick(", "send(", and "sleep(". Now, this shut down script can shutdown anyone on the network. My question is: is there a way I can block him from doing it to me?/a way I can Immunate my self? Help me! I'm gettin' kinda irratated. Thx Link to comment Share on other sites More sharing options...
Developers Jos Posted March 20, 2005 Developers Share Posted March 20, 2005 HI!So here's the deal: my brother has gotten pretty good with autoit and he made a remote shutdown script, I on the other hand well lets just say the limit to my skills is just about "leftclick(", "send(", and "sleep(".Now, this shut down script can shutdown anyone on the network. My question is: is there a way I can block him from doing it to me?/a way I can Immunate my self?Help me! I'm gettin' kinda irratated. Thx<{POST_SNAPBACK}>Remote execution via RPC is only possible when you know an account that has Administrator privileges..... so, change the password of the account he knows.This is not really an AutoIT function but you use a utility like PSEXEC or PSSHUTDOWN to accomplish this...Another possibility is that you pc is "Infected" with a script that is constandly running or launched via the task scheduler........ SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Guest bitingsock Posted April 3, 2005 Share Posted April 3, 2005 hmmm... i dont think thats it... would it help if i sent you the actual script? and if so, how? Link to comment Share on other sites More sharing options...
Guest bitingsock Posted April 3, 2005 Share Posted April 3, 2005 he can shut anyone down...anyone on the network...as an example: any onw at a lan party.just...does it Link to comment Share on other sites More sharing options...
SlimShady Posted April 3, 2005 Share Posted April 3, 2005 What if you change the admin password? That should work. Link to comment Share on other sites More sharing options...
sugi Posted April 3, 2005 Share Posted April 3, 2005 he can shut anyone down...anyone on the network...as an example: any onw at a lan party.just...does it<{POST_SNAPBACK}>I dont think he can shutdown anyone. Only those that:1. have an admin account on their computer for which he knows the password2. have not installed all security patchesBoth things cannot be done with AutoIt alone. To stop him from doing it, you need to find out what of this he has done. This means changing the passwords for your accounts on your computer and installing all security updates. and then checking if there's anything left (try going to Start -> Run -> msconfig.exe and check if there's anything strange and for that you need to know your computer). Link to comment Share on other sites More sharing options...
Wus Posted May 20, 2005 Share Posted May 20, 2005 www.zonelabs.com get zonealarms firewall and make sure YOU are the only account on your comp with admin access... and change the pass Ive been trying to do things remotely on a network where i have the domain (not enterprise) password and i havent been able to get it to work yet Link to comment Share on other sites More sharing options...
afsar Posted May 24, 2005 Share Posted May 24, 2005 can u send me ur brother script...may be it is useful for my work..Afsarhmmm...i dont think thats it...would it help if i sent you the actual script?and if so, how?<{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
MarkMarkMark Posted May 24, 2005 Share Posted May 24, 2005 can u send me ur brother script...may be it is useful for my work..Afsar<{POST_SNAPBACK}>You can do that with Pstools... get it at www.sysinternals.com Link to comment Share on other sites More sharing options...
JSThePatriot Posted May 24, 2005 Share Posted May 24, 2005 hmmm...i dont think thats it...would it help if i sent you the actual script?and if so, how?<{POST_SNAPBACK}>I would like to see the script. I could then tell you exactly what he is doing to be able to call those procedures. You can PM me if you would like.JS AutoIt Links File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out. ComputerGetInfo UDF's Updated! 11-23-2006 External Links Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more) Link to comment Share on other sites More sharing options...
afsar Posted September 6, 2005 Share Posted September 6, 2005 Remote execution via RPC is only possible when you know an account that has Administrator privileges..... so, change the password of the account he knows.This is not really an AutoIT function but you use a utility like PSEXEC or PSSHUTDOWN to accomplish this...Another possibility is that you pc is "Infected" with a script that is constandly running or launched via the task scheduler........<{POST_SNAPBACK}>this is something personal for documentation to operate with remote pc's which tool is better in PsExec.exe and BeyondExec.exe from www.sysinternals.com and www.beyondlogic.com and please tell me the reason also?i preferred psexec.exe but i have to write in documentation why i chosen it..?thanx for help Link to comment Share on other sites More sharing options...
Gigglestick Posted September 6, 2005 Share Posted September 6, 2005 You haven't mentioned what OS yet. Assuming Windows XP, here are some options: 1. Stop and disable the "Remote Procedure Call (RPC)" service. or 2. Using GPEDIT.MSC a. Under Computer Configuration -> Windows Settings -> Local Policies -> Audit Policy, change "Audit account logon events", "Audit logon events", "and "Audit privledge use" to success AND failure. Attempts to access the computer will be logged in the Security Event Log. This will also give you ammunition to show your parents or whoever that your brother is doing stuff to piss you off. Of course, this is ludacris since you should be getting him back, not "telling Mommy." b. Under Computer Configuration -> Windows Settings -> Local Policies -> Audit Policy, remove "Everyone" from "Access this computer from the network." Assuming he doesn't have a local account on your computer, make this only "Authenticated Users" or "Administrators". Also remove all entries from the "Force shutdown from a remote system" policy. Keep the policy defined, but with no entries. c. Once you've caught him in the Security log because of the auditing settings and know what account he's using, put that account in the "Deny access to this computer from the network" policy, unless of course it's Administrator or your account. d. If you're still using Administrator, create yourself a new account, put it in the Administrators group, login under that ID, disable Administrator and rename it to something he won't guess. 3. Look for some corporate security hardening procedures on Google or Microsoft's website and implement them. They usually walk you through it step-by-step in case you don't think you'll know how to do it. Good luck! My UDFs: ExitCodes Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now