• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 998
  • Last Modified:

PXE remote boot a PC that has been shut down

Hello discussion board experts!

I have a question about a remote boot PXE scenario that I would like resolved since I believe there is a hacker in our network who is somehow remote booting shut down workstations.  Here is the situation:

Last night when I left my office at 5:30 PM I completely shutdown a Dell Optiplex GX260 workstation.  The OS is Windows 2000 Pro and the hardware in question is an Intel PRO/1000 network card.  When I came back in this mroning, the machine was off, but DURING THE NIGHT between 9:00 PM and 5:00 AM the machine had been powered on and the administrator account had logged in (this information was logged in the event log for the system).  I know the power was turned off on the PC from the front panel, but I did not unplug the network cable.  Here is the question I have:  Is it possible to remotely boot a PC that has been powered down from the front panel using PXE?  If so, does this require that the PC had previously been set up as a remote boot client or can it be done completely without creating any remote boot RAMdisk or floppy etc?  I need to know because I would like to find out if someone is actually coming in and physically turning on the workstation or if the machine has been compromised and somehow the PXE boot is happening.

Any and all help would be greatly appreciated!

Cameron R. Williams
Information Technologist
Michigan State University
will1082@msu.edu
0
will1082
Asked:
will1082
  • 2
1 Solution
 
si_jCommented:
Here it sounds like you need to configure it in the BIOS and probably on the network card too: http://www.webopedia.com/TERM/P/PXE.html

If you are the Administrator, disable it in the BIOS if not required (and indeed possible) and also disable it in the Network card too. Put a strong password on the BIOS and change your Administrator PW to a new strong pw.

Scan for Viruses (trend micro housecall?) and spyware (spybot search&destroy) if you feel the sytem may be compromised.

If you really think someone is physically coming in and switching the computer on then do something like leave a chair in front of the on switch and see if it moves by marking where it is, taking a photo to check for change, leaving a webcam or something similar.
0
 
ThopsCommented:
It could be possible but allso stoped.

There is a utility to configure the Intel NIC and close down the wake on lan feature, you should allso look in the computers bios settings and make shure that the computer makes a complete shutdown when you press the button. It could be that it's now uses standby och something like that.

Take a look here and se if it's any help

http://downloadfinder2.intel.com/scripts-df/Detail_Desc.asp?strState=LIVE&ProductID=412&DwnldID=1305
0
 
XSINUXCommented:
In the Dell Bios of GX260 there are time settings for Auto Power on. Ensure that this Setting is Turned off. If not you will experience all similiar issues.
Ensure Auto Power On ....................................................... Disabled ( Enter to Selcted and Left and Right Arrow Key to Change Settings )
PRESS F2 TO DELL BIOS.

SETTINGS FOR AUTO POWER ON
AUTO POWER ON MDOE ARE --> DISABLE / EVERYDAY / WEEKDAYS
AUTO POWER ON TIME --> 00:00

Hope this Helps

Cheers
Sinu
0
 
ThopsCommented:
Hi

As the NIC isn´t integrated i think the best way is to stop any Wake on Lan attempts before they reach further in to the system. I think my solution to configure the NIC not to respond is the way to go.

As i can se si_j gives a general anwer that he/she don´t know if its´s possible to use on the actual machine.

My answer points to the download of the utility that can shut down the WoL function on the NIC that was specified. I know that it works, i have used this myself.

XSINUS on the other side knows the BIOS, but i´m not shure that the suggestion will solve the problem if it´s a case of WoL.

In my oppinion, my answer is the one that solves the problem and should be regarded as the right one.

Regards
Thops
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now