Hello. Im attending college and all students have admin rights on windows 7 pc's. Some people are abusing this by accessing others machines and wreaking havoc. It started out as a bit of fun but the joke is getting old. What rules in Windows firewall can be used to block unwanted access given that all have admin rights. Thanks for help
Hello Jacee, and thanks for your reply. I know how to set rules...but I dont know what rules to set. Im not trying to block a programme, just interference from other people with the same admin rights in the same domain, your tutorial doesnt go anywhere near this but thanks all the same.
You might want to discuss this with your College IT person.
Let them know what's going on in the Domain you're connected to. No one has the right to by-pass a firewall and snoop in your computer.
Hello again...that was quick
EDIT: Two ways this is being achieved (that I know of). Under "Network" in explorer, all machines are listed, can access some by typing "\c$" after machine name, also, in regedit, file\connect to remote registry. These are just two ways of exploit. Can Windows Firewall block these? Thanks again
Last edited by readysteady101; 26 Apr 2013 at 19:18.
I may have found the answer ... read this Block Co-Workers from Seeing Your Computer Files Remotely
One point to note here. If you set the firewall rules and another user enters the computer as an admin (locally, not though the network), he will effectively be able to disable whatever protection you may place if the know how to do so, since admins can change the rules you set or disable the firewall. With standard users that won't be possible.
@Alejandro85, since I'm not familiar with Domain Network access (with all users as Administrators), would a password be possible to set up on this computer to prevent others from manipulating it?
@Jacee, thanks for digging that up, may well be useful, but I have questions regarding this service. If its stopped, will it allow tutors to still place live questionaires on my machine? They do this for the whole group. @Alejandro. Thanks for advise, we do change passwords and account names regularly, but need to change back to standard issued ones to gain access to shares and the remote questionaires...I know this is a flaw and leaves us open to abuse by what I think is a couple of idiots....but there is more than a little knowledge of hacking here. I talked to one student who is quite in to this but am convinced she is not the culprit...problem is, she likes to brag about the hows and means to gain access and in my opinion thats where the problem lies. One more question. Ive spent a little time looking into "netstat", is there any way to record netstat output over a period of time...it seems to me it could be useful, but only if its activated at precisely the right time of access...if you know what I mean. Disabling the server service might be of use as long as it isnt too restrictive. Thanks once again to you both.
EDIT: I am still very reluctant to bring this to an instructor as it may actually result in people being thrown out of the course...would much rather keep that as a last resort, so, was looking at netstat to try and gain proof and maybe confront the person or persons responsible informally and hopefully put an end to it amicably. Thanks again.
Yes, it would stop tutors from being able to place files, links, whatever on "your machine". Is the computer that you are seeking to protect your personal property or is the computer owned by the school?
You can gain access to files on a share that requires your domain username and domain password (domain credentials) without signing onto your computer with those same domain credentials. But, signing on to your computer with a different set of credentials does absolutely nothing to prevent the types of remote connections you are having trouble with. The best protection is to take the computer out of the domain >>> but doing so will prevent tutors from being able to place files, links, whatever on "your machine".
If you mention "exploits" like you did in post #5, then that makes it easy for people to find this info and play tricks on other users. It could be argued that the two things that you mentioned are well known... but it is hard to discuss stopping pranksters without giving out at least some info on how to pull off the prank. (See item 6 here.)
There are tools that could shut this activity down, but you would have to know so much about your network and the things that you need to allow to happen that it just is not worth your time. You are better off asking IT to look into things for you. They should have a record of every computer and username that connected to any other computer using the domain credentials.
If you are correct...
...if there is a domain group for students
...and that domain group has been added to the local admin group on your computer
...then you have a big problem!
But it is also possible that the other students are not admins on the computer that you use. It could be that the computer is simply not secured for the type of network that it is on. Again, it is a problem for us to try and tell you how best to secure the computer, because doing so could break some process that your school needs to have happen (like putting files on the computer). You can set your network type to Public (if you have not already done so). This will not keep admins out, but it would be a start toward securing your computer.
Quote