can the system administrator access my local files?

Welcome to Wilders terrypratchettfan.

Probably not. I would still use something like MRUblaster from JavaCoolSoftware to clean up the most recently used lists. If they install something on your computer, like a keylogger or other tracking software, then they would be able to see where you visited. I would also make sure I have the firewall configured well to prevent nosey admins.

 

A personal laptop connected to the office lan?
Makes me question their skills....
If the harddisk is a big one:
why not make a dual boot system home/office on separate partitions?
Or connect from a vmware session ?

 

How would you advise configuring the firewall? I use the Norton Internet Security firewall at the moment.

 

I am not familiar with that firewall. But just don't allow all inbound connections or servers. Test stealth with port scanners like at GRC.com. ZoneAlarmPro has an option for ARP protection (Address Resolution Protocol), you might check if Norton has something like that. It may help to stealth you more in the LAN environment, but ARP protection may cause some issues with connecting depending on the setup. You will have to just try it and see.
Generally just tighten up the firewall's rules. This would be good to do even if you don't take it to work.

 

Hi Terrypratchettfan,

Since putting Nobby at guard probably won't work

try Opalis Robot and monitor your folders/files
If you want notification when things are being accessed
e.g. Create a monitoring rule that sends you an email if so


at www.opalis.com you can download a free trail version

 

I don't think I'm connecting directly to a LAN, rather as a remote user of the network. Will everything you've said still apply?

Also, I've just tried to de-activate file sharing and the 'Make this Folder Private' check box is greyed-out and can't be accessed. This is my personal computer and I have administrator priveliges on it so why can't I access this option?

 

You probably already disabled file and printer sharing for Microsoft Networks.
When it is disabled or removed, then the check box you refer to will be ghosted.
Go to start/control panel/Network connections/rightclick your LAN connection/Properties. Verify that file and printer sharing is unchecked, (also consider removing it if you won't need it).
Even if you are a remote user (like on a VPN), you are still connected to the network as if you plugged in directly to the LAN.

 

I've unchecked it - thanx again. I'm mystified as to why its greyed-out, though, since it was still on! I wish MS would make programs that were honest with you.

 

Hi! I am a new member of the forum and having a similar problem to terrypratchettfan in connecting a personal laptop to a network. My friend tells me, however, that as soon as I connect the server, as well as logging visited sites, it will automatically recieve information about every URL and site I've visited on the computer over my home internet connection!

I only asked him about networks in general - he doesn't know the specifics of the network I will use. There aren't any tracking programs on my machine likely to do this since it is my own machine and I've not connected it to the network yet, and regularly sweep it with detection programs. I haven't even set up a network account yet.

Is he correct? This seems a very strange software decision regarding user privacy and could be quite open to abuse.

By the way, my username should have been The_Usernameless_Horror (like HP Lovecraft's Nameless Horror) but the login program truncated it.

 

Hi The_Usernameless_Horror,

Welcome to the House of Horrors....er....Wilders World.

It depends. Did the company "give you the laptop" with Windows already setup? If so, they could have easily planted a variety of monitoring programs.
If it is your computer and the admin never touched it, you still need to take precautions. For example if you use IE, even if you get rid of all the cookies, temporary internet files, and history, there are still index.dat files that persist and still contain all that info. Those files can't be deleted normally either. You would need to go into safe mode or use special cleaning tools.
So if the admin is able to access those index.dat files (either through file sharing or physical access), then your friend is right.
As mentioned earlier in this thread, you should have a firewall configured properly and turn off file sharing. Some firewalls let you stealth your computer on a LAN even more with ARP (Address Resolution Protocol) protection. Zone Alarm Pro and Outpost Pro (with Super Stealth Plugin) can allow for this (others may also). That should block most of the LAN snooping. It would also be harder to plant a keylogger or other monitoring software.
But they could simply slip you one by adding it to an executable powerpoint presentation or other file that you must view.

As to why any company would allow any employee to connect a personal computer to the company LAN is beyond me. The admins are taking a HUGE risk by potentially exposing the entire company to an inside security breach. Admins that allow this are not protecting their network well enough. Just my opinion though.

 

The computer is my own, not issued by anyone, but my friend seems to suggest that as soon as I connect it, regardless of file sharing, the server will automatically (whether admin deliberately access my machine or not) recieve a record of every URL visited even those not visited over the network but on my own internet connection. Is this true?

I have got rid of index.dat, cache, cookies, and virtually everything else including using Spybot Search and Destroy and MRUBlaster to clean usage tracks from the registry.

 

I don't think it is true. Anyone else?
Perhaps your friend could explain the specific mechanism that they are able to access your history files.
If they were able to get into your computer through your LAN connection, they would have to undelete those files. This could be countered with something like eraser.
I believe there are three index.dat one for cookies, history, and temp. internet files. Not 100% if MRUBlaster takes care of all those.

 

Hi The_Usernameless_Horror,

If the laptop is part of a domain and the user profiles are stored or synchronised on the network, than all browser info can very well be stored on the network.
If you connect to the internet by use of a local modem from within a local account on the laptop, you can probably avoid that. Provided you keep the machine free of unwanted remote admin tools etc.

 

What happens if the laptop becomes part of a domain? Will old information from before this go on the network? And would deleting index.dat, cookies and cache avoid this?

 

I've been watching this thread, and basically, unless you're doing something you shouldn't be doing--over the admin's network--he/she probably has better things to do than to fiddle with your laptop.

Speaking only for myself--what you do on your own machine is your business. It only becomes my business (as an admin) when it affects the network, bandwidth, company TOS or other things that I have "dominion" over.

 

What exactly do you mean here? Do you mean that browser info on sites visited through the local modem will be transferred to the LAN when I connect to it? Or that only browser info on sites visited through the LAN will be stored on the LAN?

 

Under normal conditions the local user info will stay on the laptop.
That's why it's called local !
As soon as you need to logon to the network you're no longer local!
Have a look in the Documents an Settings folder.
There you can see all (types of) users that exist on the laptop.

If you connect the network account to the network through both the LAN and and the modem, things are different. This creates a big security hole and should be avoided. Never ever connect to both at the same time if possible!

Absolutely right JimIT! We certainly have beter things to do.

 

So will deleting browser cache, index.dat etc. prevent this information from going on the network?

 

What's not there can't be transferred, that's right.

 

mru wont do it.