All Forums
> Network Scanner
> Current topic
Netscan forcing Windows updates
Started by Rob Gibson
Rob Gibson
Netscan forcing Windows updates 02 February 2016, 21:32 |
We seem to have discovered an issue when running a scan using Network Scanner. If the computers being scanned have pending updates, (Windows, Flash, Silverlight etc.), Network Scanner scanning the computer is enough to restart the computer even if a student is logged on (our WSUS is set so that only users with Administrative Rights can perform updates). Is there a way to stop Network Scanner from creating an event in the Security Log when scanning computers?
Re: Netscan forcing windows updates 02 February 2016, 21:45 |
Admin Registered: 18 years ago Posts: 3 520 |
Rob Gibson
Re: Netscan forcing windows updates 02 February 2016, 22:10 |
Re: Netscan forcing windows updates 02 February 2016, 22:17 |
Admin Registered: 18 years ago Posts: 3 520 |
Sorry, I am not sure which scan it is.
The Lookup logged on users option calls a system API first NetWkstaUserEnum
If this function fails, then it sends a specially crafted NetBios packet in the same way as the nbtstat -a command.
Hope this helps.
The Lookup logged on users option calls a system API first NetWkstaUserEnum
If this function fails, then it sends a specially crafted NetBios packet in the same way as the nbtstat -a command.
Hope this helps.
Rob Gibson
Re: Netscan forcing windows updates 02 February 2016, 22:34 |
Network Scanner seems to be creating the following in the Security Event Log - even with all the additional scans turned off.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 02/02/2016 12:23:16
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: computer_Name
Description:
Special privileges assigned to new logon.
Subject:
Security ID: Domain_Name\username
Account Name: Username
Account Domain: Domain_Name
Logon ID: 0x687702
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
It then creates a an additional event when the Logoff is destroyed roughly 30 seconds later with the same Logon ID. it appears that this logoff event is enough to trigger the windows update.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 02/02/2016 12:23:16
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: computer_Name
Description:
Special privileges assigned to new logon.
Subject:
Security ID: Domain_Name\username
Account Name: Username
Account Domain: Domain_Name
Logon ID: 0x687702
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
It then creates a an additional event when the Logoff is destroyed roughly 30 seconds later with the same Logon ID. it appears that this logoff event is enough to trigger the windows update.