I'm in this system admin basic course class with a couple of other friends and our current assignment is to block most remote access to our box. It's like a wargames simulation with the teacher being the pdc, he does something remotely to our box and it's our job to disable it. We are all on domain admin accounts for this exercise.
First my run command and desktop icons were taken away so i figured it was remote registry and turned that off. Then i was shut down remotely without warning so i disabled advanced power management on my box. Then event logs kept running so i disabled "alert" service. Then my dos prompt was disabled so i locked myself out of gpedit after restoring rights of course. Then stuff keeps appearing on my desktop so i disabled admin shares. Then a .bat file was ran to open like 1000 windows so i disabled telnet. Now iam being shut down remotely again, this time WITH a prompt warning saying "warning, admin/@domain has shut iceland(my hostname)" and it has a countdown of like 15 seconds and my box shuts off. I have no clue how the teacher did this, he gave us a hint though, something about IIS? I disabled that but he could still shut me down. A little help would be much appreciated, thanks.