Re: Servers automatically getting renamed!!!
- From: "Pegasus \(MVP\)" <I.can@xxxxxxx>
- Date: Mon, 12 Jun 2006 12:22:36 +1000
It is a safe assumption that Windows does not change a
computer name by itself. If it did then we would have heard
about it a long time ago.
It follows that this is done by an outside agent. This could
be a hacker, a joker, or a virus/malware program. To isolate
it, you must start collecting evidence. Create the following
batch file c:\windows\ticker.bat
Line1 @echo off
Line2 echo %date% %time:~0,5% %ComputerName% %* >> c:\Logs\Name.log
Line3 regedit /e c:\Logs\name.txt
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerNa
me"
Line4 for /F "tokens=2 delims==" %%a in ('type c:\Logs\name.txt') do echo
%%a >> c:\Logs\Name.log
c:\tools\psloggedon >> c:\Logs\Name.log
Now use the Task Scheduler to schedule two jobs:
1. One job to launch this command each time the server starts:
c:\windows\ticker.bat Server Booting up
2. One job to launch this command once every 10 minutes,
24 hours a day, 7 days a week:
c:\windows\ticker.bat
When the next name change happens, examine the log file
carefully. It will tell you this:
1. When the computer name was changed.
2. When the server was rebooted.
3. When the new name became visible.
4. Who was logged on.
You can download psexec.exe from www.sysinternals.com.
Let us know when you find the culprit!
"Umesh Thakur" <UmeshThakur@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1C6FCDBA-C06A-416F-BC78-018E1EE01019@xxxxxxxxxxxxxxxx
I don't think so. I have admin acct passwd to limited people. and anyserver
that is getting renamed is getting the same new name! I also tried keepingeach
admin passwd with me only for certain time period but few servers were
renamed during that period too!
Its real puzzling how its all happening?
--
Umesh
"Old programmers never die. They just terminate and stay resident."
"Pegasus (MVP)" wrote:
"Umesh Thakur" <UmeshThakur@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0FFA48BE-0A64-4612-93B3-ACC08E524A0A@xxxxxxxxxxxxxxxx
In my windows 2000 and 2003 environment, there is a problem going on,
serverweek or month one of the servers renames and takes the name of a
have"abc"
which already exists in the network, The issue has been going on I
eventenabled auditing and check each time the server has been renamed for
name), I560 in the security logs for mof\dification to the registry(host
solution.am
not able to get a solution so far, can any one help me get to a
a DC
PS: There are no network scripts running
All the servers apparentlt take one name "abc"
abc server is a simple windows 2000 running an application and is not
or holding any special previlidges.
--
Umesh
"Old programmers never die. They just terminate and stay resident."
The answer is probably in your trailer: ""Old jokers never die.
They just terminate and play silly games." In other words,
look around you and check who is in a position to play
this trick on you. A good starting point might be to change
the password for each and every admin account.
.
- Follow-Ups:
- Re: Servers automatically getting renamed!!!
- From: Umesh Thakur
- Re: Servers automatically getting renamed!!!
- References:
- Re: Servers automatically getting renamed!!!
- From: Pegasus \(MVP\)
- Re: Servers automatically getting renamed!!!
- Prev by Date: Re: Servers automatically getting renamed!!!
- Next by Date: Re: Servers automatically getting renamed!!!
- Previous by thread: Re: Servers automatically getting renamed!!!
- Next by thread: Re: Servers automatically getting renamed!!!
- Index(es):
Relevant Pages
|
