Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: windows firewall rules


25 Apr 2013   #1
readysteady101

windows7
 
 
windows firewall rules

Hello. Im attending college and all students have admin rights on windows 7 pc's. Some people are abusing this by accessing others machines and wreaking havoc. It started out as a bit of fun but the joke is getting old. What rules in Windows firewall can be used to block unwanted access given that all have admin rights. Thanks for help


My System SpecsSystem Spec
.

26 Apr 2013   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
26 Apr 2013   #3
readysteady101

windows7
 
 

Hello Jacee, and thanks for your reply. I know how to set rules...but I dont know what rules to set. Im not trying to block a programme, just interference from other people with the same admin rights in the same domain, your tutorial doesnt go anywhere near this but thanks all the same.
My System SpecsSystem Spec
.


26 Apr 2013   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You might want to discuss this with your College IT person.

Let them know what's going on in the Domain you're connected to. No one has the right to by-pass a firewall and snoop in your computer.
My System SpecsSystem Spec
26 Apr 2013   #5
readysteady101

windows7
 
 

Hello again...that was quick. Other users changing, renaming and rearranging things in other peoples operating systems. Incredibly childish and really annoying. Windows Firewall is on with "recommended settings" in all cases, but its not doing the trick. Again, all have admin rights which I suppose is part of the problem, so, is it possible to tighten security on local machine against external interference? Thanks again.
EDIT: Two ways this is being achieved (that I know of). Under "Network" in explorer, all machines are listed, can access some by typing "\c$" after machine name, also, in regedit, file\connect to remote registry. These are just two ways of exploit. Can Windows Firewall block these? Thanks again
My System SpecsSystem Spec
27 Apr 2013   #6
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I may have found the answer ... read this Block Co-Workers from Seeing Your Computer Files Remotely
My System SpecsSystem Spec
27 Apr 2013   #7
Alejandro85

Windows 7 Ultimate x64
 
 

One point to note here. If you set the firewall rules and another user enters the computer as an admin (locally, not though the network), he will effectively be able to disable whatever protection you may place if the know how to do so, since admins can change the rules you set or disable the firewall. With standard users that won't be possible.
My System SpecsSystem Spec
27 Apr 2013   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

@Alejandro85, since I'm not familiar with Domain Network access (with all users as Administrators), would a password be possible to set up on this computer to prevent others from manipulating it?
My System SpecsSystem Spec
28 Apr 2013   #9
readysteady101

windows7
 
 

@Jacee, thanks for digging that up, may well be useful, but I have questions regarding this service. If its stopped, will it allow tutors to still place live questionaires on my machine? They do this for the whole group. @Alejandro. Thanks for advise, we do change passwords and account names regularly, but need to change back to standard issued ones to gain access to shares and the remote questionaires...I know this is a flaw and leaves us open to abuse by what I think is a couple of idiots....but there is more than a little knowledge of hacking here. I talked to one student who is quite in to this but am convinced she is not the culprit...problem is, she likes to brag about the hows and means to gain access and in my opinion thats where the problem lies. One more question. Ive spent a little time looking into "netstat", is there any way to record netstat output over a period of time...it seems to me it could be useful, but only if its activated at precisely the right time of access...if you know what I mean. Disabling the server service might be of use as long as it isnt too restrictive. Thanks once again to you both.

EDIT: I am still very reluctant to bring this to an instructor as it may actually result in people being thrown out of the course...would much rather keep that as a last resort, so, was looking at netstat to try and gain proof and maybe confront the person or persons responsible informally and hopefully put an end to it amicably. Thanks again.
My System SpecsSystem Spec
28 Apr 2013   #10
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by readysteady101 View Post
@Jacee, thanks for digging that up, may well be useful, but I have questions regarding this service. If its stopped, will it allow tutors to still place live questionaires on my machine?......
Yes, it would stop tutors from being able to place files, links, whatever on "your machine". Is the computer that you are seeking to protect your personal property or is the computer owned by the school?


Quote   Quote: Originally Posted by readysteady101 View Post
....@Alejandro. Thanks for advise, we do change passwords and account names regularly, but need to change back to standard issued ones to gain access to shares and the remote questionaires.....
You can gain access to files on a share that requires your domain username and domain password (domain credentials) without signing onto your computer with those same domain credentials. But, signing on to your computer with a different set of credentials does absolutely nothing to prevent the types of remote connections you are having trouble with. The best protection is to take the computer out of the domain >>> but doing so will prevent tutors from being able to place files, links, whatever on "your machine".


Quote   Quote: Originally Posted by readysteady101 View Post
.........One more question. Ive spent a little time looking into "netstat", is there any way to record netstat output over a period of time...it seems to me it could be useful, but only if its activated at precisely the right time of access...if you know what I mean.....
If you mention "exploits" like you did in post #5, then that makes it easy for people to find this info and play tricks on other users. It could be argued that the two things that you mentioned are well known... but it is hard to discuss stopping pranksters without giving out at least some info on how to pull off the prank. (See item 6 here.)


Quote   Quote: Originally Posted by readysteady101 View Post
~~~
EDIT: I am still very reluctant to bring this to an instructor as it may actually result in people being thrown out of the course...would much rather keep that as a last resort, so, was looking at netstat to try and gain proof and maybe confront the person or persons responsible informally and hopefully put an end to it amicably. Thanks again.
There are tools that could shut this activity down, but you would have to know so much about your network and the things that you need to allow to happen that it just is not worth your time. You are better off asking IT to look into things for you. They should have a record of every computer and username that connected to any other computer using the domain credentials.


If you are correct...
...if there is a domain group for students
...and that domain group has been added to the local admin group on your computer
...then you have a big problem!

But it is also possible that the other students are not admins on the computer that you use. It could be that the computer is simply not secured for the type of network that it is on. Again, it is a problem for us to try and tell you how best to secure the computer, because doing so could break some process that your school needs to have happen (like putting files on the computer). You can set your network type to Public (if you have not already done so). This will not keep admins out, but it would be a start toward securing your computer.
My System SpecsSystem Spec
Reply

 windows firewall rules




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:57 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App