Solved

Enable network adapter via script w/out registry access

Posted on 2006-11-02
3
1,469 Views
Last Modified: 2013-12-04
I came accross a problem recently that really peaked my interest (http://www.experts-exchange.com/Q_22045531.html).  In short they disabled the network adapter on a remotely hosted Server 2003 were looking for a way to reenable it via a script to be run at startup.  Their solution in the end was to restore from backup but I'm left with 2 questions as a result:

1.  Assuming someone has unfettered access to the filesystem but no access to the registry or OS is there a way to have files execute at startup by copying files to the appropriate location, giving files copied over the appropriate names, or editing existing files, or something similar?

2.  How do you prevent this if it is possible?
0
Comment
Question by:CharliePete00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17863868
In that case they were using a linux rescue CD with limited or no ability to write to the registry or NTFS drive. There are other linux rescue CD's that have that ability. If you have physical access, the scripts and screen savers mentioned will work also, to ease things a bit, take the HD out of that pc, and place it in another M$ pc as a second partition, you can easily change anything you want (other than the registry but it is possible), copy new .scr file, place a file/script in the "startup" directory of the account you'd log in as (c:\doc's and settings\user_name\Start Menu\Programs\Startup) and it will execute.
-rich
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 17863874
Prevention, don't shut off your only nic... or encrypt the HD fully. EFS cannot do this, but there are lots of 3rd party apps and HD's that can do this. Prevent unauthorized physical access to the PC. Have your hosting service place a second NIC in the PC, it should plug and play, and likely get DHCP address, unless it's a static IP.
-rich
0
 
LVL 7

Author Comment

by:CharliePete00
ID: 17867993
Thanks Rich, after I was well into helping I got to thinking that if you could enable a device via a startup script you could also do other things like add an account, reset passwords, install apps, etc.  and the whole idea didn't seem so good anymore...You're right physically securing the server is really the only way to go with ecrypting the partition as a good second.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
OfficeMate Freezes on login or does not load after login credentials are input.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question