Solved

PXE remote boot a PC that has been shut down

Posted on 2004-08-04
5
937 Views
Last Modified: 2008-02-01
Hello discussion board experts!

I have a question about a remote boot PXE scenario that I would like resolved since I believe there is a hacker in our network who is somehow remote booting shut down workstations.  Here is the situation:

Last night when I left my office at 5:30 PM I completely shutdown a Dell Optiplex GX260 workstation.  The OS is Windows 2000 Pro and the hardware in question is an Intel PRO/1000 network card.  When I came back in this mroning, the machine was off, but DURING THE NIGHT between 9:00 PM and 5:00 AM the machine had been powered on and the administrator account had logged in (this information was logged in the event log for the system).  I know the power was turned off on the PC from the front panel, but I did not unplug the network cable.  Here is the question I have:  Is it possible to remotely boot a PC that has been powered down from the front panel using PXE?  If so, does this require that the PC had previously been set up as a remote boot client or can it be done completely without creating any remote boot RAMdisk or floppy etc?  I need to know because I would like to find out if someone is actually coming in and physically turning on the workstation or if the machine has been compromised and somehow the PXE boot is happening.

Any and all help would be greatly appreciated!

Cameron R. Williams
Information Technologist
Michigan State University
will1082@msu.edu
0
Comment
Question by:will1082
  • 2
5 Comments
 
LVL 2

Expert Comment

by:si_j
ID: 11719260
Here it sounds like you need to configure it in the BIOS and probably on the network card too: http://www.webopedia.com/TERM/P/PXE.html

If you are the Administrator, disable it in the BIOS if not required (and indeed possible) and also disable it in the Network card too. Put a strong password on the BIOS and change your Administrator PW to a new strong pw.

Scan for Viruses (trend micro housecall?) and spyware (spybot search&destroy) if you feel the sytem may be compromised.

If you really think someone is physically coming in and switching the computer on then do something like leave a chair in front of the on switch and see if it moves by marking where it is, taking a photo to check for change, leaving a webcam or something similar.
0
 
LVL 1

Accepted Solution

by:
Thops earned 500 total points
ID: 11719376
It could be possible but allso stoped.

There is a utility to configure the Intel NIC and close down the wake on lan feature, you should allso look in the computers bios settings and make shure that the computer makes a complete shutdown when you press the button. It could be that it's now uses standby och something like that.

Take a look here and se if it's any help

http://downloadfinder2.intel.com/scripts-df/Detail_Desc.asp?strState=LIVE&ProductID=412&DwnldID=1305
0
 
LVL 5

Expert Comment

by:XSINUX
ID: 12266345
In the Dell Bios of GX260 there are time settings for Auto Power on. Ensure that this Setting is Turned off. If not you will experience all similiar issues.
Ensure Auto Power On ....................................................... Disabled ( Enter to Selcted and Left and Right Arrow Key to Change Settings )
PRESS F2 TO DELL BIOS.

SETTINGS FOR AUTO POWER ON
AUTO POWER ON MDOE ARE --> DISABLE / EVERYDAY / WEEKDAYS
AUTO POWER ON TIME --> 00:00

Hope this Helps

Cheers
Sinu
0
 
LVL 1

Expert Comment

by:Thops
ID: 12551989
Hi

As the NIC isn´t integrated i think the best way is to stop any Wake on Lan attempts before they reach further in to the system. I think my solution to configure the NIC not to respond is the way to go.

As i can se si_j gives a general anwer that he/she don´t know if its´s possible to use on the actual machine.

My answer points to the download of the utility that can shut down the WoL function on the NIC that was specified. I know that it works, i have used this myself.

XSINUS on the other side knows the BIOS, but i´m not shure that the suggestion will solve the problem if it´s a case of WoL.

In my oppinion, my answer is the one that solves the problem and should be regarded as the right one.

Regards
Thops
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The DSL Parameters part of this article is valid and can be considered with any brand of internet router and modem (Dlink, 3com, Alcatel, Usrobotics, Parks), by accessing the configuration interface available by the manufacturer eg: http://10.1.1.1 …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now