SBS 2011 restricting access to the server


We've recently taken over IT support for a small company, which runs a SBS 2011 server, the previous IT provider has not taken this well.

There were a couple of remote access/monitoring programs which had been installed;

Remote Utilities Host
VNC Free

These have all been removed and the server has been restarted.

There were also two administrator accounts, which were in use, which I have changed the password for both. The built-in administrator account was also active, which again I have changed the password for.  

I've removed access to the RDP port , RWW, and the only open ports are port 25, and also HTTPS (443). The router is a draytek router.

The previous IT support, is still claiming that they have access to the server, and also that it is reporting status to them. However, I've been through the entire program list and can see nothing there (despite sending screenshots of the program list, apparently I'm stupid to not be able to see the program which should 'have been removed').

I'm concerned that despite all the precautions taken, that it is still possible for remote access to be occurring in some way (the other party has sent a screenshot to prove this - although this could be an old screenshot)  - so will go through the user PC's to make sure that there is no remote access there.

My questions is two-fold;

1) I've attached screenshots of the entire program list and the scheduled task list, can you see anything which could be reporting back?

2) How can I be sure that remote access to the server is not possible?

Any advice on how to secure this further would be gratefully received, as the 3rd party is casting aspersions and I want to make sure that we've covered all bases here.

Thanks a lot.

Program File List 1Program File List 2Program File List 3Scheduled Task List
Who is Participating?
Harper McDonaldCommented:
Yes, I would remove both of those :)
Harper McDonaldCommented:
Remove TeamViewer or change the code if it is active.  There will be a blue box on the task bar that if you hoover over it will display some numbers.  If you have that installed they probably have the unattended access feature enabled.  Also, are you running any VPN on your router?
foxpc123Author Commented:
Hi there thanks for the fast response, I should have said, that the Teamviewer is our remote access!!

There is no VPN.

Whilst I've been going through this again, I can see that there is a program in the Program Files list called 'Simple Help' which doesn't appear in the add/remove program list.

I'm just looking at this now, and can see that this appears to allow remote access connections, so am going to uninstall this as well.
foxpc123Author Commented:
This has now been removed and can see that this has also removed a service called 'Remote Access Service', I'd obviously made a mistake there as I thought that was part of the 'remote access services' installed along with SBS 2011.

However, I can see now that this is part of the PC Monitor/Simple Help software, which obviously doesn't get removed when the PC Monitor software is removed as well.

Lesson to self, hide all Microsoft services and then go through the list in msconfig, finally gave this one away!!

Thanks a lot for your help - feel better now, thought was going mad for a moment!
Harper McDonaldCommented:
LOL no problem!  Have a good one :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.