Hello discussion board experts!
I have a question about a remote boot PXE scenario that I would like resolved since I believe there is a hacker in our network who is somehow remote booting shut down workstations. Here is the situation:
Last night when I left my office at 5:30 PM I completely shutdown a Dell Optiplex GX260 workstation. The OS is Windows 2000 Pro and the hardware in question is an Intel PRO/1000 network card. When I came back in this mroning, the machine was off, but DURING THE NIGHT between 9:00 PM and 5:00 AM the machine had been powered on and the administrator account had logged in (this information was logged in the event log for the system). I know the power was turned off on the PC from the front panel, but I did not unplug the network cable. Here is the question I have: Is it possible to remotely boot a PC that has been powered down from the front panel using PXE? If so, does this require that the PC had previously been set up as a remote boot client or can it be done completely without creating any remote boot RAMdisk or floppy etc? I need to know because I would like to find out if someone is actually coming in and physically turning on the workstation or if the machine has been compromised and somehow the PXE boot is happening.
Any and all help would be greatly appreciated!
Cameron R. Williams
Michigan State University