JesterB Posted March 20, 2007 Posted March 20, 2007 (edited) I know it is possible to change the order of the Service Groups on startup, but is it possible (withouth setting service dependencies) to change the order of individual Services? With what I am needing to do cannot be done with Service Dependencies as the initial service must start and then immediately stop (basically for a script type execution). Any suggestions? Edited March 20, 2007 by JesterB
nmX.Memnoch Posted March 20, 2007 Posted March 20, 2007 Setting it as a Machine Startup Script using a policy won't work?
JesterB Posted March 20, 2007 Author Posted March 20, 2007 (edited) It's to delete a file on startup and it needs to happen before that. Basically here's the issue. A client allowed some of his employees to access the server and browse the web. they now have a virus that loads with winlogon. I have to delete the file before winlogon starts in order to get rid of it. The drive RAID (setup by DELL) is a stripe, so i cannot remove the drive to delete the file. I have created a small app to delete the file, but i have to have it start as a service before WinLogon to delete the file. I may have to reload the server, but am not wanting to as this is SBS2003 with isa and exchange in use, there billing computer for medicare/medicade and insurance providers, and file server. the reload would take a few days. any other suggestions?EDIT:or i could login to the recovery console and remove the file...if i could get out there, but i need to be able to do this remotely. I can't get back there till thursday, and thats not good Edited March 20, 2007 by JesterB
nmX.Memnoch Posted March 20, 2007 Posted March 20, 2007 (edited) Build a BartPE disk with the SCSI driver integrated (easy to do with BartPE). Boot the server with the BartPE CD and delete said file. This will keep ANY system services from running because you aren't actually booting the OS. Edited March 20, 2007 by nmX.Memnoch
cluberti Posted March 21, 2007 Posted March 21, 2007 You better hope winlogon doesn't have a dependency on that file - you'll bugcheck when winlogon loads if this is the case, and you delete the file. Is there any way to boot into safe mode and clean the box?This is why we say that any compromised box should be rebuilt, period .
softice Posted March 21, 2007 Posted March 21, 2007 I have writed a app two years ago, it can delete the file which is using or opening. maybe it can help you.example: top_del c:\aa.exetop_del.zip
nmX.Memnoch Posted March 21, 2007 Posted March 21, 2007 You better hope winlogon doesn't have a dependency on that file - you'll bugcheck when winlogon loads if this is the case, and you delete the file. Is there any way to boot into safe mode and clean the box?This is why we say that any compromised box should be rebuilt, period .He's right...I should've said "rename the file". That way if it does have a dependency you can put it back.
Stoic Joker Posted March 24, 2007 Posted March 24, 2007 A client allowed some of his employees to access the server and browse the web....Which is precisely why they should be forced to pay a Hugh fee for un-Borking their server (Write it off as an educational expense). I recommend to all clients that servers be run "Headless" for the purpose of preventing this kind of incident from happening; Because IT Shouldn't.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now