Network connections in control panel. You will have to unplug ethernet if wired and turn off wireless if wifi. DELETE the profile. This will not remove from domain.
On Thu, Apr 24, 2014 at 9:58 AM, Melvin Backus <[email protected]>wrote: > OK, I surrender. Showing my ignorance, where do I do that on an XP box? > > > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kevin Lundy > *Sent:* Thursday, April 24, 2014 10:07 AM > *To:* [email protected] > > *Subject:* Re: [NTSysADM] RE: DNS server settings getting changed > > > > Network location profiles...I'm just sayin :) 2 minutes to delete and > recreate, 30 minutes to wait for results. > > > > On Thu, Apr 24, 2014 at 9:00 AM, Melvin Backus <[email protected]> > wrote: > > We’ve considered that. We’re going to swap the FW in a couple of weeks as > part of something else, so that will eliminate that part, and as I said, > we’ve got a temp solution, but we still need to figure out why this office > does this and all the others work as expected. Obviously something’s > different, but we haven’t found it yet. J > > > > > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *John Cook > *Sent:* Thursday, April 24, 2014 9:51 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] RE: DNS server settings getting changed > > > > Well at this point I’d add DHCP to another server (if you have one > available) configure it identically and disable it on the current server to > eliminate some possibilities. I’m sure you have other fish to fry and that > may just be the resolution. > > > > *John W. Cook* > > *Director of Network Operations* > > *Partnership For Strong Families* > > *5950 NW 1st Place* > > *Gainesville, Fl 32607* > > *Office (352) 244-1610 <%28352%29%20244-1610>* > > *Cell (352) 215-6944 <%28352%29%20215-6944>* > > > > *MCSE, MCP+I, MCTS, * > > *CompTIA A+, N+, Security +* > > *VSP4, VTSP4* > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Melvin Backus > *Sent:* Thursday, April 24, 2014 9:41 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] RE: DNS server settings getting changed > > > > No reason I can think of. Even if they resolved, they wouldn’t be > accessible. While I did consider malware, the fact that it reverts to our > internal servers, and that those were where things would have legitimately > pointed 6 weeks ago, make me think it’s more likely something else, but > we’ve run out of ideas on what at this point, hence my query to the list. > I try to never rule anything out until I can prove it’s something else. It > just gets moved down the list. > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Micheal Espinola Jr > *Sent:* Thursday, April 24, 2014 9:25 AM > *To:* ntsysadm > *Subject:* Re: [NTSysADM] RE: DNS server settings getting changed > > > > That software would be per-client. Its a DNS hijacking trojan. > > It seems odd that these systems are getting your Domain DNS. Would those > servers be providing resolution to systems that would otherwise not? Would > someone want to use your Domain DNS over what you are configuring? > > > -- > Espi > > > > > > On Thu, Apr 24, 2014 at 6:15 AM, Melvin Backus <[email protected]> > wrote: > > No, it’s changing back to our domain DNS. Just curious though, did that > only affect the machine with the software or was it able to touch other > machines across the network? > > > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Jimmy Tran > *Sent:* Thursday, April 24, 2014 9:12 AM > *To:* [email protected] > *Subject:* [NTSysADM] RE: DNS server settings getting changed > > > > Had this problem happen to two different clients. The machines someone > got some software called DNSchanger installed. It would change DNS to > 8.8.8.8 and 8.8.4.4. > > > > Are those the IP’s its changing to? > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Melvin Backus > *Sent:* Thursday, April 24, 2014 5:27 AM > *To:* [email protected] > *Subject:* [NTSysADM] DNS server settings getting changed > > > > OK, this has been driving us nuts for a couple of days now. > > > > One of our remote sites is seeing seemingly random PCs change their DNS > server settings. They’re all configured to get them from the DHCP server, > and it has the correct DNS servers. All the PCs do in fact get the correct > settings when they get or renew an IP. That all seems to be working as we > expect. But periodically we’ll see a machine change the DNS servers to > something else. This causes applications to start failing because the > hosts they need no longer resolve. As soon as the PC renews it’s IP, > whether automatically or manually, everything goes back to normal and stuff > works again. > > > > We have a short term fix (force the DNS server settings manually instead > of DHCP) but that doesn’t explain what’s going on, and since we’re using > this same setup in 20 offices it also begs the question of why just this > office. > > > > Background: > > Multiple small offices with either /28 or /27 networks. They are publicly > routable IPs due to requirements for a partner VPN. The DHCP server is on > the Juniper SSG FW. It servers two pools, one for PCs, another for > phones. The PC subnet is publicly routable, the phone subnet is a > non-routable 10.x subnet with matching ranges. (12.x.x.x/27 and > 10.x.x.x/27). All DNS points to the home office. Until recently these > pointed strictly to our domain DNS servers. As part of the VPN requirement > we have set up a second set of DNS servers which are used to resolve hosts > in the partner’s domains. This is done with conditional forwarders. > Partner DNS traffic gets resolved by their servers, everything else goes to > our domain DNS or the Internet as required. > > > > This all works fine except in a single office. Even in that office it > worked fine for weeks and has suddenly started this “revert” behavior. > When the PCs change, they go back to pointing to our domain DNS which can’t > resolve the partner hosts. > > > > My question becomes (sorry it took so long) how do we track what is > actually changing the DNS settings? I can tell when it happens fairly > easily, but nothing in the event logs, etc., seems to indicate what > triggered it, or what process is doing it. It doesn’t happen as part of a > DHCP operation as best we can tell. > > > > > > -------------------- > Melvin Backus | Sr. Systems Analyst | Byers Engineering Company | > 404.497.1565 > > Service Desk | 404-497-1599 | http://servicedesk.byers.com > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > > > > ------------------------------ > > > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or > attached to or with this Notice is intended only for the person or entity > to which it is addressed and may contain Protected Health Information > (PHI), confidential and/or privileged material. Any review, transmission, > dissemination, or other use of, and taking any action in reliance upon this > information by persons or entities other than the intended recipient > without the express written consent of the sender are prohibited. This > information may be protected by the Health Insurance Portability and > Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. > Improper or unauthorized use or disclosure of this information could result > in civil and/or criminal penalties. > Consider the environment. Please don't print this e-mail unless you really > need to. > > >
