We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Enable network adapter via script w/out registry access

CharliePete00
on
Medium Priority
1,491 Views
Last Modified: 2013-12-04
I came accross a problem recently that really peaked my interest (http://www.experts-exchange.com/Q_22045531.html).  In short they disabled the network adapter on a remotely hosted Server 2003 were looking for a way to reenable it via a script to be run at startup.  Their solution in the end was to restore from backup but I'm left with 2 questions as a result:

1.  Assuming someone has unfettered access to the filesystem but no access to the registry or OS is there a way to have files execute at startup by copying files to the appropriate location, giving files copied over the appropriate names, or editing existing files, or something similar?

2.  How do you prevent this if it is possible?
Comment
Watch Question

Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006

Commented:
In that case they were using a linux rescue CD with limited or no ability to write to the registry or NTFS drive. There are other linux rescue CD's that have that ability. If you have physical access, the scripts and screen savers mentioned will work also, to ease things a bit, take the HD out of that pc, and place it in another M$ pc as a second partition, you can easily change anything you want (other than the registry but it is possible), copy new .scr file, place a file/script in the "startup" directory of the account you'd log in as (c:\doc's and settings\user_name\Start Menu\Programs\Startup) and it will execute.
-rich
Security Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
Prevention, don't shut off your only nic... or encrypt the HD fully. EFS cannot do this, but there are lots of 3rd party apps and HD's that can do this. Prevent unauthorized physical access to the PC. Have your hosting service place a second NIC in the PC, it should plug and play, and likely get DHCP address, unless it's a static IP.
-rich

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks Rich, after I was well into helping I got to thinking that if you could enable a device via a startup script you could also do other things like add an account, reset passwords, install apps, etc.  and the whole idea didn't seem so good anymore...You're right physically securing the server is really the only way to go with ecrypting the partition as a good second.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.