Hi Guys
I have a situation where the students use NET SEND possibly off their flash drives with a bat file to broadcast messages, I have disabled Messenger in the services across the network under the computer level in GP, but the messgaes still get through and display on a printer monitor program we run called P-counter. I have looked into the P counter but this program really needs Net send to run properly, The next best thing is to get a good monitoring program, that will allow me to get the exact IP address of the computer when and where the message comes from. Any ideas on a good monitoring program?

Who is Participating?
thecomputerdocsConnect With a Mentor Commented:
How about creating a group policy that disables the messanger service on all desktop.
Open computer managment (Right click on my computer, choose Manage). Click Action|Connect to another computer... Type computer name which receive popup messages and connect to this computer. Now open Event Log and point to System Logs. Each popup message is recorded in Log. Source column will be "Application popup", with this in content:

Application popup: Messenger Service  : Message from COMPUTERNAME1 to COMPUTERNAME2 on 10/17/2007 10:46:16 AM

OK this is if some program receive popups. Messanger service needs Messanger service to be runned on both machines in order to work. So if you disable Messanger service on workstations that students use, they will be unable to send messages to other computers. Other computers can have messanger service in run state.

Hope this help!!!
TePukeHighSchoolAuthor Commented:
Messenger service was disabled, the message was coming through the green pyramid of the client program of P Counter, no there is nothing in the logs I checked, it was broadcasted across the whole network.
If you want to find out where who's sending the message, perhaps you can use the windows network monitor to "sniff" the source of the message?
You could install something like wireshark (  to do a packet capture.  Set it up to just listen for the port that net send uses and only capture the first 128 bytes or so of the packet.  
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.