Well if they did why wouldn't I be able to restart the services, I am thinking there is more to it than just someone stopped the ports, but I will look into the auditing, just to be sure. Thanks, Aaron
-----Original Message-----
From: Ken Schaefer [mailto:[EMAIL PROTECTED]
Sent: Thu 3/9/2006 11:07 PM
To: [email protected]
Cc:
Subject: RE: [ActiveDir] OT: Netlogon Service
For all we know, someone did exactly what you did (connect remotely
using administrative credentials) and disabled the services.
Do you have logon auditing enabled? If so, have you checked to see
who's logged onto the machine?
Cheers
Ken
_____
From: [EMAIL PROTECTED] on behalf of Aaron Visser
Sent: Fri 3/10/2006 4:47 PM
To: [email protected]
Subject: [ActiveDir] OT: Netlogon Service
Well I know this is a little off topic but I cannot find any answers so
I
have decided that I need to tap into this huge fountain of knowledge.
Computer - Win XP Pro SP2 latest Updates
Problem - Computer was working fine and all of a sudden after a reboot
today
I can no longer login to it via the Domain (it says that the NetLogon
Service is not started) So I logged onto another computer and remotely
connected to the computer thru the Computer Management MMC Snap-In and
checked the Netlogon Service and sure enough it was disabled, so I set
it to
Auto and then proceeded to start the Service. But it will not start
because
it says that the RPC Locator Service (to the best of my recollection)
needs
to be started, so I check that and sure enough it is disabled also. So
I
try to start that service but it gives me some error that I cannot
recall at
this time. Anyways trying to make this story short I am pretty sure
that
the computer in question was targeted from within the LAN remotely. So
the
big question or questions are is it possible to attack a computer in
this
manner? If it is possible does anyone have any info on how to
accomplish
this so that I can try and figure out how or what what used and maybe
even
nail the person (student) who did this.
Thanks,
Aaron
<<winmail.dat>>
