Mark
asked on
How to turn off Remote Web Workplace
How to I turn off Remote Web Workplace? I can't find information on this for SBS2008. I believe my system is under attack right now and I need to first turn off remote access.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi, Always from the same ?
Account Information:
Security ID: HPRS\BETH$
Account Name: BETH$
Network Information:
Client Address: ::ffff:192.168.0.46
Account Information:
Security ID: HPRS\BETH$
Account Name: BETH$
Network Information:
Client Address: ::ffff:192.168.0.46
That's an internal IP isn't it? I'd identify that machine and scan with 3 or 4 malware tools as it may have a bit.
Also is port 80 open on your router and IIS is then redirecting to 443?
Also is port 80 open on your router and IIS is then redirecting to 443?
ASKER
Yes, it is an internal IP, and it turns out that the problem was NOT an attempted break-in after all. The legitimate workstation BETH was trying over and over to connect to the domain controller for hours until user Beth finally cycled power.
What was the problem? It turns out to be Microsoft update KB2949927!!!! This recent update is all over the web as causing computers to get corrupted and not boot. I couldn't even restore to a previous restore point. I've spent all day yesterday doing Acronis image restores and re-applying updates one-by-one to find the problem.
I still need to figure out a fix, but as this question had to do with turning off remote web workplace, I'll post this problem as a separte question.
What was the problem? It turns out to be Microsoft update KB2949927!!!! This recent update is all over the web as causing computers to get corrupted and not boot. I couldn't even restore to a previous restore point. I've spent all day yesterday doing Acronis image restores and re-applying updates one-by-one to find the problem.
I still need to figure out a fix, but as this question had to do with turning off remote web workplace, I'll post this problem as a separte question.
ASKER
This post answered my actual question, though that doesn't end up being the actual problem!
ASKER
> What makes you think you are under attack ?
Between 8:00 and 10:00 this morning I have 300+ event 4771 message as follows:
Open in new window
I also have a number of suspicious events:
Open in new window