Protecting my PC

Posted on 2005-05-11
Last Modified: 2013-11-16
I'm trying to keep intruders out of my PC from the following sources:

1)  Remoting into my PC through remote desktop, etc.

2)  Connecting to my PC through a VPN to our company network

3)  Getting onto my machine by searching through network neighborhood

Thanks for any help you can give me.
Question by:Remulac
    LVL 14

    Accepted Solution

    1) Go to Control Panel -> System -> Remote tab.  Make sure "Allow users to connect remotely to this computer" is NOT checked.

    2) Could you clarify a little?  Do you mean a) "I don't want someone to use VPN to connect to our company network, and then use that to connect to my computer" or b) "I don't want someone to use VPN to connect to my computer, and then use that to connect to my company's computer."  If a) - on a basic level, a person connecting to your company's network over VPN will have the same access as they would logging on to a computer at your company.

    3) If you have XP Service Pack 2, go to Control Panel -> Windows Firewall -> Exceptions tab.  Make sure "File and Print Sharing" is not checked.
    Whether or not you have SP2, you can also do this: In the Address Bar of My Computer or Windows Explorer, type in \\the_name_of_your_computer  This will show you what, if any folders are being shared on the network.  Close this window, and then go back into My Computer or Windows Explorer, find the shared folders (will have a little hand underneath the folder), right click on them, and select Sharing....  Then, select "Do not share this folder."

    Other general things:
    Use a personal firewall, such as XP SP2's or the free version of ZoneAlarm, if permitted by your company.
    Be sure to keep up to date with your Windows Updates to avoid security holes.

    Author Comment

    For number 2, I mean that I don't want anyone (other than me) to be able to VPN to our network and then access my computer.
    LVL 2

    Assisted Solution

    if VPN was not a secure solution it wouldn't be very popular, don't you think?   So I think you're safe there.

    Other things: software firewall, always install latest updates, don't browse questionable websites, make sure antivirus is up to  date, review user permissions (yours, other users).

    I wonder why you asking?  Is there a bunch of hackers after you or something?

    In case you got some info on your computer that's worth millions then keep it offline. :o)

    Author Comment

    No, I just have a collegue who somehow manages to put prank software on my machine.  It's pretty funny actually.  His latest was to somehow trigger a program that kept opening and shutting my CD drive.  It gets spawned when I try to run TightVNC.

    I don't know how he's getting in.  Maybe I made the mistake of not locking my computer when I went rollerblading, and he just loaded it from a floppy or CD.  And all I did to him was put liquid soap in his water glass.  What a sore-head.  

    Obviously, to admit I can't fix the problem myself is to admit defeat.  This is not an option.  I need some help going toe-to-toe with this guy when it comes to meaningless techno-pranks.  

    Is there a typical place from where this type of software runs?  Also, how can I tell when or how he gets onto my machine?
    LVL 2

    Expert Comment

    check the processes that are running, while the program is running and opening and closing the CD.  if you find the the suspicious executable, search for it (but enable "show hidden files" first). That way you can locate the prog. check the msconfig startup progs too.

    When someone has physical access to your computer, then I suggest turn off CD and floppy booting and set BIOS password.  there ways of getting into system if you can boot.

    There is Bart's XP Bootable CD or something like it, it can boot a complete working windows XP and you can edit registry and do whole bunch of things with the OS that's on the system. It's pretty neat.

    Obviuosly if it's not the first time, he's got some kind of back door to your computer.

    Install Norton Internet Security suite and do the bios password thing. But for Internet Security do not accept the local network as a safe network. Because it will be accepting local connections.  You can play with firewall settings to restrict access.  Also install a keylogger and check it regularly. There are one that do screenshots too.
    LVL 1

    Assisted Solution

    If you are unable/disallowed to install either ZoneAlarm, the Norton Internet Security suite, or any other security software, you could try setting up a security policy to audit your computer's security (e.g. logons, access, etc).  For example, you could try checking the event log to see if he has logged on physically at your computer while you were away, or from the network (this would be under the security tab in the event viewer).  Hope this helps.

    LVL 38

    Assisted Solution

    by:Rich Rumble
    ZoneAlarm is a good idea, if your stealth your machine, your friend cannot get on your pc, unless he's physically at the console.
    If you turn off the Secondary Logon service in the service control panel, remotedesktop will no longer function, you can also specify what accounts can and cannot access RD, right-click my computer, go to Remote, "select remote users" or as stated above, Uncheck remotedesktop.

    If you have VNC installed as a service, your friend would be able to vnc into your machine, espically if the remote registry service is running, as he could read HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WINVNC, password key.

    But with ZA installed, he won't be able to RD or VNC into your machine any longer, and you can set a password on ZA that he doesn't know, and it should keep him from messing with your PC, or anyone else for that matter. But if ZA isn't an option, turn off remote registry (probably should anyway) and turn off secondary logon.
    LVL 12

    Expert Comment

    Get xpantispy to close holes.

    Free, simple and effective.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now