Ugh. There isn't much of an audit trail for it (as opposed to email
notifications, for example). There is no security on it whatsoever-
any nitwit could
net send * bad message here
resulting in everyone on the subnet getting a "bad message here" popup
You'd be reliant upon a working WINS infrastructure, but would still
have issues if the specific user was not logged in. If a user is
logged into > 1 machine, I believe only the last machine they logged
into will get it (as my WINS console only shows my username registered
once for the [03h] netbios name type.
So, you would be potentially activating another service, thus gaining
whatever potential security vulnerabilites lie within, only to obtain
a fairly unreliable notification method.
Matt
On 2 Jun 2005 19:20:04 -0000, deadly.halo@gmail.com
<deadly.halo@gmail.com> wrote:
A fellow network administrator at the company I work for is interested in
implementing a system that utilizes the Messenger Service (not to be confused
with the MS Messenger chat tool) to initiate Net Send notifications to
clients throughout the user community. Our network hosts consist of Windows
2000/XP machines (XP has the service disabled by default, 2000 may as well).
I remember that there was a large vulnerability reported at the end of 2003
regarding the Messenger Service. I know that the issue was addressed in
subsequent service packs, but this doesn't necessarily mean it's a good idea
to use it.
Bottom line; I'm concerned that enabling the Messenger Service throughout the
network will open our environment to security vulnerabilities. What are you
thoughts? Any know issues at this time? Your input would be greatly
appreciated.
Regards,
Brian
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
