DNS question
in [Windows XP Basics]
|
From: thebluefox on 26 Jun 2010 11:40 Greetings, I have recently had an issue with the dns address on a windows xp professional workstation... some background. I have a windows domain environment, with sbs server 2003 R2 and 20 XP pro workstations. My work stations point to the server for DNS in the network settings tcp/ip dialog box. My ip's are all static, as well as the gateway. A recent virus/malware renamed the dns address to some address in russia. how can I lockdown the dns settings so that no program, malware, etc. can make changes to it. I assume something at the server level in group policy can handle this, but need some help in getting there. Anything is greatly appreciated. Thanks. -thebluefox
From: Shenan Stanley on 26 Jun 2010 11:54 thebluefox wrote: > I have recently had an issue with the dns address on a windows xp > professional workstation... some background. > > I have a windows domain environment, with sbs server 2003 R2 and 20 > XP pro workstations. > > My work stations point to the server for DNS in the network settings > tcp/ip dialog box. My ip's are all static, as well as the gateway. > > A recent virus/malware renamed the dns address to some address in > russia. how can I lockdown the dns settings so that no program, > malware, etc. can make changes to it. I assume something at the > server level in group policy can handle this, but need some help in > getting there. Anything is greatly appreciated. Thanks. Same answer as the one I put in another (non-corssposted bult multiposted version) of your posts... Since the user who got infested had to have administrative rights in order to make such changes - your answer is that you cannot. Take away administrative rights and do not use the computer daily with such rights. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html
From: VanguardLH on 26 Jun 2010 17:24 thebluefox wrote: > A recent virus/malware renamed the dns address to some address in > russia. how can I lockdown the dns settings so that no program, > malware, etc. can make changes to it. You could use a network appliance to route all port 53 connects to your own DNS server instead of the specified one. Obviously you don't want to use software on the workstation because that's what gets infected and anything you do there in software can be undone with other software. You'll need to have all workstations go through a gateway or router than can specify where all port 53 connects will go. If the malware points changes the gateway, well, it won't be pointing at the only gateway in your setup that permits Internet access by your workstations.
From: thebluefox on 29 Jun 2010 06:30 On 6/26/2010 5:24 PM, VanguardLH wrote: > thebluefox wrote: > >> A recent virus/malware renamed the dns address to some address in >> russia. how can I lockdown the dns settings so that no program, >> malware, etc. can make changes to it. > > You could use a network appliance to route all port 53 connects to your > own DNS server instead of the specified one. Obviously you don't want > to use software on the workstation because that's what gets infected and > anything you do there in software can be undone with other software. > You'll need to have all workstations go through a gateway or router than > can specify where all port 53 connects will go. If the malware points > changes the gateway, well, it won't be pointing at the only gateway in > your setup that permits Internet access by your workstations. Thanks for the tip, much appreciated! -pat
|
Pages: 1 Prev: Missing boot-start driver bthex.dll Next: Network Adapter Missing |