pcanywhere security

[telykv]

We have installed pcanywhere on a remote computer and everything is working fine except for one problem.
A question came up about security. If someone has access to the computer running pcanywhere and wants to add a logon for a new remote, is there a way to stop them from doing this? I tried setting up the modem (which is what we are using to log on) with password protection but it still doesn't stop you from creating a new log account and setting up your own information so that anyone from outside could call in. Is there an area where I can set up password protection from anyone else getting into the program.
The people at the remote site need access to the running programs on the computer during normal work hours which would also allow them access to setting up new logon accounts from pcanywhere.

 

[mattjurado]

You can define priviledges for your users when you create them, or you can double click them after to set priviledges. Without superuser access, they shouldn't be able to administer the program remotely. Alternatively, when you install the program, there is an option to "Allow users to administer PC Anywhere remotely," if you choose a custom installation. You can deselect this. Hope this info helps!

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[telykv]

I don't think that will solve the problem from preventing them from creating a logon. I guess what we need a prompt for a password when adding a new logon. I don't see that anywhere. The way it is set up, you can have all the password protections for an existing account but anyone walking by a computer could add a logon and then use it from home. We are probably going to add a screen saver to the computer to reduce some risk.
Is there anything else you might know of? Would appreciate it.
Thanks
TV

 

[mattjurado]

The tips I gave you will prevent someone from remotely changing things. You didn't specify that you wanted protection from local users. If the OS is 2000/XP, securing the local user accounts with good passwords and setting a screen saver password should be fine. If the OS is 98, keep in mind they can turn the computer off, and turn it back on, and bypass the windows login by hitting the escape key. In this case you might add a boot password in the CMOS setup. Good luck.

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[telykv]

I have managed to get an answer from Symantec that solved my problem. You can go into the templates for hosts and remotes and select properties on the files and protect the template so that they are password protected. I have listed the link below in case someone else has the same problem.

http://service1.symantec.com/SUPPOR...e=spca&dtype=corp&svy=&prev=&miniver=spca_115

 

[CommAdmin]

Have you thought about having the modem do a dial-back connection. If your remote user always calls from a specific number, it is possible to make the calling modem (remote user), and receiving modem (the accessible system) co-ordinate a remote call back. The remote user dials up the system, then the system dials back the remote user.

That would not prevent the PCAny'd system from having local users create bogus accounts, but if you managed the modem connection through configuration options and passwords it would secure it in that way.

Just a thought...