Windows 7 Remote Access Security

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Micro$oft, which provides a user with a graphical interface to connect to another computer from the same LAN or via the Internet. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

See: remote access connection manager, remote desktop configuration, remotepg.dll


Tech Support Scams using Remote Desktop

Scammers from outside the United States are calling people in the U.S they find in the phone directory. The caller claims to be with "Windows Support," or "Microsoft," in order to talk the victim into granting remote access to the computer. The scammer will try to gain remote control of the machine by tricking the victim with fake error reports and collect the money. The scammer may even threaten to delete all the user data and disable windows if the victim fails to pay after granting remote access.

If you ever get a call from a Microsoft or Windows tech support agent out of the blue, the best thing to do is simply hang up. Scammers like to use VoIP technology so their actual number and location are hidden. Source: Tech Support Scams – Help & Resource Page.

An example of the harddrive contents after the scammer has deleted data including the Windows operating system: 

C
|
+--- [[^_^]] RMTemp System Volume Information
|    +--- RecoveryMgrDump.txt
|    \--- RecoveryMgrDumpNew.txt
|
+--- RMTemp
|
+--- System Volume Information
    \--- MountPointManagerRemoteDatabase.

The first folder on the C drive is a face made up of ASCII characters.

If you do service work for basic residential users, especially those that are novice at using their PC, you can take measures to lock down the system so the user can't be tricked into granting remote access to a potential hacker.

Disable Remote Desktop

  1. Right-click My Computer and click Properties.
  2. Click the Remote tab.
  3. In the Remote Desktop section, click to clear Allow users to connect remotely to this computer, and then click OK.

Disable Remote Desktop via Group Policy

To use the computer's local group policy to disable Remote Desktop:

  1. Click Start, click Run, type gpedit.msc, and then click OK.
  2. In the Group Policy editor, click to expand Computer Configuration, click to expand Administrative Templates, click to expand Windows Components, and then click to expand Terminal Services.
  3. Double-click the Allow users to connect remotely using Terminal Services policy.
  4. Set the policy to Enabled, and then click OK.

Uninstall Remote Desktop

  1. Click "Start" and then open the "Control Panel."
  2. Open "Programs and Features."
  3. Check "View installed updates"
  4. Click on the "KB925876" program in the program list and then click "Remove."
  5. Restart the computer once the Remote Desktop program finishes uninstalling.

Registry

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]

"UserAuthentication"=dword:00000001 = NLA enabled

 

 

Retrieved from "http://wiki.robotz.com/index.php?title=Windows_7_Remote_Access_Security&oldid=9300"