Question How to check if my machine has 3rd party remote access software installed?

Mar 19, 2022
1
0
10
0
Hi

I work in Software Development Company (a startup) in Nashville Tennessee. Our head office is in NYC. We have only two offices the one I work in Nashville and NYC. In Nashville office, we have total staff of 20, about 90 % are developers with one System/Network administrator. Let’s call him Ted. All our in house system and network related matters in Nashville office, handled by Ted. However, in our Head office in NYC, there are about 100 staff and with massive servers with their own set of network administrators. Before stating the problem, I think its important to tell bit about Ted…. Ted is about 26 years old heavily addicted to virtual reality compute games and he is friendly or like to be friends with all in office. Its an ethical responsibility to a network administrator to protect the root admin passwords of systems and servers, but our Ted says ethics are good for the books. We all have window 10 Pro editions installed in our desktop workstations and I have two machines on my desk one with Windows 10 Pro and the other with Windows 10 Home. We have administration access to our workstation machines with same user name but with different passwords. However, there is another administrator account that Ted uses which has same user and password to all machines. Which means who ever knows that user and password can access any machine in office locally or using RDP.

So what is the issue?
When there is a technical issue with machines Ted logs in to that machine using the common user and password and he does it by going physically to the developer’s workstation while the developer looking at the typing keyboard he types in his administrator user , password. OMG….. So any one with sharp eyes can see clearly the user and password. So according to many people office, almost everyone in the office knows Ted’s User name and password.

So, why he does not care about protecting user , password?
If there is a breach happens he contacts HQ then, HQ sends an email to all developers with the message “user privacy has been breached please change password” and we and Ted change password. But on the next day (after changing password) some one calls Ted, telling him that there is an issue with the machine and Ted again types the password openly so the person can see the password ( that’s the whole Idea of calling Ted after changing password ). So I thought I should protect my system instead of going to a reckless network administrator….

How do I find if someone who is not authorized can access my desktop remotely?
I know when someone knows Ted’s password, he can remotely access my machine using Ted’s user, password from RDP, How do I stop someone access my machine remotely? In Windows 10 Pro machine I can disable RDP remote access but how do I disable someone from accessing Windows 10 Home edition machine?

How do I check if someone has installed any 3rd party application in my system ( in both windows 10 pro and Home ) to remotely connect to PC?
What are all 3rd party remote access software that can be installed in a system?

Are there any Silent software that runs in the background that will provide silent access to my system just as same as RDP or anydesk etc?

thanks
 

Ralston18

Titan
Moderator
No "end arounds" here.

Adding in you own fixes and/or solutions could go badly for you as well. Unintended consequences.....

Someone needs to have a serious talk with Ted about how he is putting the company at risk in many, many ways.

If he does not finally listen and change his behavior (and it seems that he is not willing to do so) then the matter needs to be escalated to higher management. In writing and with supporting documentation. Honest, objective, and to the point.

Well liked or not all may go badly for him if the networks and systems are penetrated at the expense of developer's work, company financial information, or employees/personal information is stolen.

There needs to be written security policies that all employees must sign and follow.

Violations can then be dealt with accordingly.

Just my thoughts on the matter.
 
Sounds like he is sloppy with his credentials, any way to force him to plug in a usb fingerprint reader to logon to the domain with admin credentials? he would move the reader from machine to machine and take his fingerprints with him.

Anyway to force a 2 factor authentication on his account. Something like he tries to log on, gets a phone message that he has to approve his own logon. It would make it easy for him to detect when his account has been breached.
guess microsoft favors Windows Hello over 2 factor authentication.

It is just so easy to steal passwords. You can hide cameras, you can put a little usb keylogger device on your keyboard or your friends keyboard if the office is not locked up.
best to automate detection or make a unique logon method if you can.

people can be sneaky. I knew a person that got very good at reading keystrokes upside down from across a desk. She actually practiced it on people when she chatted with them over coffee.

Detecting remote software is going to be hard. Especially if you have a bunch of developers who could just download public src code modify it and recompile so it would not be detected as any of the dozens of remote software packages.
 
Last edited:

ASK THE COMMUNITY