RE: Messenger service abuse (from inside the network)

["Nero, Nick" <Nick.Nero () disney com>]

I recently had to head this one off too. With a GPO simply disable the
service as part of a machine policy.  Also, apply perms to that registry
key so that it takes an Admin to reactivate the service.   Even
disabling it should work though.  Cause even if someone re-enables it,
the policy will update and disable it again.

I just did that to 1000 servers to head off the Messenger service bug
last month.

-----Original Message-----
From: Stephen McCauley [mailto:smccauley () cox net] 
Sent: Wednesday, December 03, 2003 7:17 PM
To: 'Alexander Lukyanenko'; security-basics () securityfocus com
Subject: RE: Messenger service abuse (from inside the network)

Use a GPO and remove the run line and command prompt options from them.
If they can't get there, they can't use it.

Stephen McCauley


-----Original Message-----
From: Alexander Lukyanenko [mailto:sashman () ua fm]
Sent: Wednesday, December 03, 2003 11:58 AM
To: security-basics () securityfocus com
Subject: Messenger service abuse (from inside the network)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list.
I administer a high school network running W2K Pro in an Active
Directory domain.

The problem is that the users abuse the Messenger service by sending
some mischief over the network (furthermore, they even write batch files
that repeatedly flood the domain with same text). Is there a way to
prevent this, except by changing net.exe's ACL on all machines (or
beating the offenders after classes :)? Stopping Messenger service on
the workstations is not a solution, as it is used for sending various
administrative messages. All students share a common AD account (it
would be cumbersome to maintain 300+ user accounts, as most of them use
the PCs for short periods only).

Best regards
* * * * * * * * * * * * * * *
* Alexander V. Lukyanenko   *
* ma1lt0: sashman ua fm     *
* ICQ#  : 86195208          *
* Phone : +380 44 458 07 23 *
* OpenPGP key ID: 75EC057C  *
* NIC   : SASH4-UANIC       *
* * * * * * * * * * * * * * *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQE/zkBXlz+8e3XsBXwRAi/VAKCTyRlRA4iAQY6Opbk0w1jYypvYNACdFaUR
kUWN82Zu6d+xu0bMpfQ2GlM=
=cpq+
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------