Posted on 2007-10-16
Last Modified: 2010-05-18
Hi Guys
I have a situation where the students use NET SEND possibly off their flash drives with a bat file to broadcast messages, I have disabled Messenger in the services across the network under the computer level in GP, but the messgaes still get through and display on a printer monitor program we run called P-counter. I have looked into the P counter but this program really needs Net send to run properly, The next best thing is to get a good monitoring program, that will allow me to get the exact IP address of the computer when and where the message comes from. Any ideas on a good monitoring program?

Question by:TePukeHighSchool
    LVL 5

    Accepted Solution

    How about creating a group policy that disables the messanger service on all desktop.
    LVL 10

    Expert Comment

    Open computer managment (Right click on my computer, choose Manage). Click Action|Connect to another computer... Type computer name which receive popup messages and connect to this computer. Now open Event Log and point to System Logs. Each popup message is recorded in Log. Source column will be "Application popup", with this in content:

    Application popup: Messenger Service  : Message from COMPUTERNAME1 to COMPUTERNAME2 on 10/17/2007 10:46:16 AM

    OK this is if some program receive popups. Messanger service needs Messanger service to be runned on both machines in order to work. So if you disable Messanger service on workstations that students use, they will be unable to send messages to other computers. Other computers can have messanger service in run state.

    Hope this help!!!

    Author Comment

    Messenger service was disabled, the message was coming through the green pyramid of the client program of P Counter, no there is nothing in the logs I checked, it was broadcasted across the whole network.
    LVL 5

    Expert Comment

    If you want to find out where who's sending the message, perhaps you can use the windows network monitor to "sniff" the source of the message?
    LVL 57

    Expert Comment

    You could install something like wireshark (  to do a packet capture.  Set it up to just listen for the port that net send uses and only capture the first 128 bytes or so of the packet.  

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now