Is it safe to enable messenger?

I wanted to configure our systems to enable messenger in order to use the command net send. However on the Microsoft site, it indicates the following:
Caution Do not enable the Messenger service if your computer is connected to the Internet.

Anyone know the reasoning behind this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

machines that are unprotected and facing the internet will quite happily accept messenger messages sent using net send, from anyone, including unscrupulous spammers on the internet.

i belive MS discovered a buffer overflow attack and then changed the default behaviour to disabled.

as long as your behind a reasonable firewall, and you trust your internal users not to misbehave, you should be ok.

generally speaking we only have it enabled on management workstations, this is probably best practice.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
Hello there,

I also agree with Nick, althought if you don't want to enable it on the local computers you can use the web based messenger to chat or whatever you need to do.

Hope this helps

this is not windows messenger or MSN messenger, this is the messenger service, it is unrelated to the microsoft IM client.

it is a system that applications use to send pop-up messages to the screen of administrators or users to notify them of network problems or status.

for example, where i worked previously, we would use messenger to advertise that there would be an outage, and that the system were going down.

it also makes for a good way to apologise when the system falls over when your not planning it :)

google for "net send"

SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

Spyware and pop-ups use the cmd net send
Sometimes you are not even connected to the internet you get a pop up..

You should also disable your remote registry service...

Less admin work for you if you leave the messenger off
mmanaigreAuthor Commented:
Any suggestions on a new way to inform users other than net send (due to the chance of getting spam) or email (the user may take a while to get the message)... web based messenger is not an option!
the only way to do it that i can think of would be to write a small app that listens on a port, and displays messages sent to it. then you need another app to actually send the message.

such an app would just duplicate the functionality of the messenger service, but to make it secure you should include some authentication so that it can't be exploited - i don't know of any such software currently out there, but i can't see it being too much trouble to 'knock up'

thanks for the points, hope you solve your problem

Will SzymkowskiSenior Solution ArchitectCommented:
Oh ok,

sorry for the post, didn't know that it what you were talking about.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.