I believe one of my old collegees has set a scheduled task to start at 9:30 every day on one of the pc's in our office ( he now no longer works here ). At 9:30 precisely the pc shutdowns however this doesnt seem to be the case if im not logged in to that pc. Ive searched for erroneous batch files and hunted high and low in the task schedular but i cant find anything to indicate that the task is being generated by the pc. Could anyone come up with some suggestions as to where i might find this pesky little process ?
solomonski
0
Newbie Poster
Recommended Answers
Jump to PostIs it possible that this task is being executed from a remote computer? Shutting down PCs remotely is easily accomplished.
Jump to PostOk so you are on a domain? There could be various tools that would shutdown the PCs at a certain time. Your idea about disconnecting the network interface would prove if its coming from a remote system.
however, aside from a scheduled task on your computer, it could also be …
All 5 Replies
JorgeM
958
Problem Solver
Team Colleague
Featured Poster
Is it possible that this task is being executed from a remote computer? Shutting down PCs remotely is easily accomplished.
solomonski
0
Newbie Poster
I would hassard a guess that it might be from the PDC, i guess i could try removing the network connection at 9:30 tomorrow to prove the point.
JorgeM
958
Problem Solver
Team Colleague
Featured Poster
Ok so you are on a domain? There could be various tools that would shutdown the PCs at a certain time. Your idea about disconnecting the network interface would prove if its coming from a remote system.
however, aside from a scheduled task on your computer, it could also be handled from some type of client program/agent running on that system.
Does this process occur on any other computer on the network?
CimmerianX
197
Junior Poster
JorgeM is correct. THe windows "shutdown" command can be used to shutdown any remote computer so long as you have admin access to that host. Any computer on the network could be sending that command. Now since it doesn't shut down unless he is logged in, that's a big clue to tell me it is running locally.
My 2 cents would be to start with Hijackthis and have it pull the pc log. http://www.hijackthis.com/hijackthis
This shows you all the startup items and services.
Then you should check the sceduled tasks to look for anything that was running.
If you still suspect a remote machine, you can enable a 3rd party firewall to block and log all ports, or you can use wireshark to trace everything at 9:30 and see what shows up.
solomonski
0
Newbie Poster
Thanks for the ideas and yes this is the only pc this happens to. I'll give the wireshark ago and see where that leds me. Failing that i'll post the log for hijackthis. Many thanks guys.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.