RE: Messenger service abuse (from inside the network)

["Stephen McCauley" <smccauley () cox net>]

Use a GPO and remove the run line and command prompt options from them.
If they can't get there, they can't use it.

Stephen McCauley


-----Original Message-----
From: Alexander Lukyanenko [mailto:sashman () ua fm] 
Sent: Wednesday, December 03, 2003 11:58 AM
To: security-basics () securityfocus com
Subject: Messenger service abuse (from inside the network)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list.
I administer a high school network running W2K Pro in an Active
Directory domain.

The problem is that the users abuse the Messenger service by sending
some mischief over the network (furthermore, they even write batch files
that repeatedly flood the domain with same text). Is there a way to
prevent this, except by changing net.exe's ACL on all machines (or
beating the offenders after classes :)? Stopping Messenger service on
the workstations is not a solution, as it is used for sending various
administrative messages. All students share a common AD account (it
would be cumbersome to maintain 300+ user accounts, as most of them use
the PCs for short periods only).

Best regards
* * * * * * * * * * * * * * *
* Alexander V. Lukyanenko   *
* ma1lt0: sashman ua fm     *
* ICQ#  : 86195208          *
* Phone : +380 44 458 07 23 *
* OpenPGP key ID: 75EC057C  *
* NIC   : SASH4-UANIC       *
* * * * * * * * * * * * * * *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQE/zkBXlz+8e3XsBXwRAi/VAKCTyRlRA4iAQY6Opbk0w1jYypvYNACdFaUR
kUWN82Zu6d+xu0bMpfQ2GlM=
=cpq+
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------