foxpc123
asked on
SBS 2011 restricting access to the server
Hi,
We've recently taken over IT support for a small company, which runs a SBS 2011 server, the previous IT provider has not taken this well.
There were a couple of remote access/monitoring programs which had been installed;
PCMonitor
Remote Utilities Host
VNC Free
LogMeIn
These have all been removed and the server has been restarted.
There were also two administrator accounts, which were in use, which I have changed the password for both. The built-in administrator account was also active, which again I have changed the password for.
I've removed access to the RDP port , RWW, and the only open ports are port 25, and also HTTPS (443). The router is a draytek router.
The previous IT support, is still claiming that they have access to the server, and also that it is reporting status to them. However, I've been through the entire program list and can see nothing there (despite sending screenshots of the program list, apparently I'm stupid to not be able to see the program which should 'have been removed').
I'm concerned that despite all the precautions taken, that it is still possible for remote access to be occurring in some way (the other party has sent a screenshot to prove this - although this could be an old screenshot) - so will go through the user PC's to make sure that there is no remote access there.
My questions is two-fold;
1) I've attached screenshots of the entire program list and the scheduled task list, can you see anything which could be reporting back?
2) How can I be sure that remote access to the server is not possible?
Any advice on how to secure this further would be gratefully received, as the 3rd party is casting aspersions and I want to make sure that we've covered all bases here.
Thanks a lot.
We've recently taken over IT support for a small company, which runs a SBS 2011 server, the previous IT provider has not taken this well.
There were a couple of remote access/monitoring programs which had been installed;
PCMonitor
Remote Utilities Host
VNC Free
LogMeIn
These have all been removed and the server has been restarted.
There were also two administrator accounts, which were in use, which I have changed the password for both. The built-in administrator account was also active, which again I have changed the password for.
I've removed access to the RDP port , RWW, and the only open ports are port 25, and also HTTPS (443). The router is a draytek router.
The previous IT support, is still claiming that they have access to the server, and also that it is reporting status to them. However, I've been through the entire program list and can see nothing there (despite sending screenshots of the program list, apparently I'm stupid to not be able to see the program which should 'have been removed').
I'm concerned that despite all the precautions taken, that it is still possible for remote access to be occurring in some way (the other party has sent a screenshot to prove this - although this could be an old screenshot) - so will go through the user PC's to make sure that there is no remote access there.
My questions is two-fold;
1) I've attached screenshots of the entire program list and the scheduled task list, can you see anything which could be reporting back?
2) How can I be sure that remote access to the server is not possible?
Any advice on how to secure this further would be gratefully received, as the 3rd party is casting aspersions and I want to make sure that we've covered all bases here.
Thanks a lot.
Harper McDonald
Remove TeamViewer or change the code if it is active. There will be a blue box on the task bar that if you hoover over it will display some numbers. If you have that installed they probably have the unattended access feature enabled. Also, are you running any VPN on your router?
ASKER
Hi there thanks for the fast response, I should have said, that the Teamviewer is our remote access!!
There is no VPN.
Whilst I've been going through this again, I can see that there is a program in the Program Files list called 'Simple Help' which doesn't appear in the add/remove program list.
I'm just looking at this now, and can see that this appears to allow remote access connections, so am going to uninstall this as well.
There is no VPN.
Whilst I've been going through this again, I can see that there is a program in the Program Files list called 'Simple Help' which doesn't appear in the add/remove program list.
I'm just looking at this now, and can see that this appears to allow remote access connections, so am going to uninstall this as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This has now been removed and can see that this has also removed a service called 'Remote Access Service', I'd obviously made a mistake there as I thought that was part of the 'remote access services' installed along with SBS 2011.
However, I can see now that this is part of the PC Monitor/Simple Help software, which obviously doesn't get removed when the PC Monitor software is removed as well.
Lesson to self, hide all Microsoft services and then go through the list in msconfig, finally gave this one away!!
Thanks a lot for your help - feel better now, thought was going mad for a moment!
However, I can see now that this is part of the PC Monitor/Simple Help software, which obviously doesn't get removed when the PC Monitor software is removed as well.
Lesson to self, hide all Microsoft services and then go through the list in msconfig, finally gave this one away!!
Thanks a lot for your help - feel better now, thought was going mad for a moment!
LOL no problem! Have a good one :)