it has been 6 day since our network was hit by W32.Downadup.B
this is a very NASTY virus it disables all the accounts in Active directory (AD)
It was becoming pain in the neck enablink all 70 accounts one by one from console. the accounts gets disabled even before I reached the halfway mark. it was frustrating.
then i remembered that there is a command to handel AD related tasks, and with the same we can enable the locked accounts.
so i searched the net and got this command
NET USER Domain\login name /Domain /ACTIVE:YES
but this command was not working... did lot of combinations but still it didnt work... all the resources i could find on the net they were leading to this command only.
Then finally after reading at Microsoft site the detailed help regarding this command i got the solution....
The Correct command is:
NET USER User /Domain /ACTIVE:YES
eg if user is "ABC" an domain is "mydomain.com" then the command becomes
NET USER abc /mydomain /ACTIVE:YES
I created a batch file of all the users login name and then had it scheduled to run every 1 minute from 3 servers ( this command can be run from any mahine in domain provided you have administrator equal login rights)
I am still trying to get solution to remove this virus from my Network.. will post my results when ever i am successfull in doing so...
have a nice day.
No comments:
Post a Comment