Posted on 2007-10-16
Medium Priority
Last Modified: 2010-05-18
Hi Guys
I have a situation where the students use NET SEND possibly off their flash drives with a bat file to broadcast messages, I have disabled Messenger in the services across the network under the computer level in GP, but the messgaes still get through and display on a printer monitor program we run called P-counter. I have looked into the P counter but this program really needs Net send to run properly, The next best thing is to get a good monitoring program, that will allow me to get the exact IP address of the computer when and where the message comes from. Any ideas on a good monitoring program?

Question by:TePukeHighSchool

Accepted Solution

thecomputerdocs earned 1500 total points
ID: 20091257
How about creating a group policy that disables the messanger service on all desktop.
LVL 10

Expert Comment

ID: 20091452
Open computer managment (Right click on my computer, choose Manage). Click Action|Connect to another computer... Type computer name which receive popup messages and connect to this computer. Now open Event Log and point to System Logs. Each popup message is recorded in Log. Source column will be "Application popup", with this in content:

Application popup: Messenger Service  : Message from COMPUTERNAME1 to COMPUTERNAME2 on 10/17/2007 10:46:16 AM

OK this is if some program receive popups. Messanger service needs Messanger service to be runned on both machines in order to work. So if you disable Messanger service on workstations that students use, they will be unable to send messages to other computers. Other computers can have messanger service in run state.

Hope this help!!!

Author Comment

ID: 20096592
Messenger service was disabled, the message was coming through the green pyramid of the client program of P Counter, no there is nothing in the logs I checked, it was broadcasted across the whole network.

Expert Comment

ID: 20098138
If you want to find out where who's sending the message, perhaps you can use the windows network monitor to "sniff" the source of the message?
LVL 57

Expert Comment

ID: 20116443
You could install something like wireshark (http://www.wireshark.com)  to do a packet capture.  Set it up to just listen for the port that net send uses and only capture the first 128 bytes or so of the packet.  

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question