|
Posted by Emyeu on March 5, 2006, 9:21 pm
Please log in for more thread options i think it is due to the GPO!
i moved the Web servers computer objects to other OU and now services don't
disabled anymore. but i cannot find any setting in GPO that disabled web
services. where exactly the setting is?
> If it is coming from AD based group policy, each machine applies
> this on its own schedule, roughly each 90 minutes.
> If you can rule out GPOs doing this through policy then you are
> going to have to track it down based on event log messages and
> what is running, what accounts are logged in (locally or over net).
>
>> Those servers are member of the Domain.
>> Problem doesn't happened all at the same time! It happened anytime of the
>> day.
>>
>>
>>> One would not classify that as a denial of service attack, which
>>> normally is just plugging up a key resource so it cannot complete
>>> its task. Rather, if this is due to some outside agent one would
>>> just call it a compromise of the system, since to make the change
>>> you report someone/something must be running with admin or
>>> system.
>>>
>>> Are these servers in a domain ??
>>> Have you examined what might be happening from GPO setting
>>> of services from Active Directory if they are ?
>>>
>>>
>>>> for the past one week, i always have problem on some of my websites
>>>> servers
>>>> which "World Wide Web Publishing " and "IIS Admin" services disabled by
>>>> itself. Those web servers are released to the public.
>>>> Both services are set to "Automatic" in the Startup Type. However, the
>>>> services was 'Stopped' and changed to "Disabled" by itself.
>>>> Could it be Denial-of-Service attack?
>>>>
>>>>
>>>
>>>
>>
>>
>
>
| 
XML Sitemap