Radmin - PC Remote Control Software
Contact UsAbout UsPress RoomForumSite map
English
French
German
Dutch
Italian
Spanish
Brazilian
Portuguese
Danish
Norwegian
Swedish
Finnish
Czech
Romanian
Ukrainian
Polish
Russian
Turkish
Greek
Hebrew
Malay
Thai
Arabic
Chinese Traditional
Chinese
Korean
Japanese
English 
Search
Support
Support Home
Knowledge Base
Step-by-step Guides
Forum
Product Activation
Upgrade Policy
Customer Care Center
Authorization

Testimonials

I am a school teacher with a 17 station network in my classroom. I do not know if I could administer my network without Remote Administrator. I can monitor each computer in the class to protect the kids from going to inappropriate places on the internet. I can keep the kids from messing with the system tools. The list goes on and on.
Frank Schneemann
Bonita Vista High School
Chula Vista, Ca

Radmin Wallpapers

Radmin Wallpaper - Two Monitors 800x600
1024x768
1280x1024

Newsletter

  Change settings
Home / Support / Step-by-step Guides /

How to provide network security: recommendations for Radmin users

 

We at Famatech would like to give our users a few recommendations on how to increase their network security. If not enough attention is paid to the settings of both the Windows security system and of Remote Administrator software, malicious users could gain unauthorized access to your computers to upload and run any program. You will find recommendations on how to secure your Windows and Radmin to avoid such situation below.

Network security policy:

1. Never leave passwords to administrative accounts empty, especially when your computer is connected to the Internet directly with no firewall and/or NAT.

2. In order to provide information security do not share your %windir% folder (the folder where the OS is installed) or the entire hard drive containing this folder. Even limited to read-only access, a malicious user can copy system files (.pwl files, Windows registry files, etc) to their computer and extract the information from these files to illegally access your systems.

Double (and triple) check that only those folders you must share are shared and no others. Make sure they are only shared for specific users who need to use them. Avoid excess permissions (e.g., when Joe's permissions is not limited by \Users\Joe\ folder and Joe can access \Users\ folder):

1) Find a shared folder;
2) Right-click it and select Properties from the pop-up menu;
3) Switch to the Sharing tab and press Permissions button.

You can get a list of all the shared folders by using the NET SHARE command. For more detailed information on this, refer to the Microsoft Windows documentation.

3. When using Remote Administrator's own password, never leave Radmin Server passwords empty. Do not use dictionary words as a password. Such a password is not secure and can be easily tried using a dictionary. This is applicable to any password protected software.

4. If security policy is configured incorrectly, even an anonymous user can gain access to a remote computer's registry using the Remote Registry service. As Radmin Server stores it's encrypted password in [HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\Parameter] registry key, this would be a threat to your system security. Someone having write-access to this key is able to change or delete your Radmin Server password. The ability to read this registry key is not enough, however, to obtain the actual password, because decrypting Radmin Server password is almost impossible.

(It is theoretically possible for a malicious user to use an encrypted password to connect to a remote Radmin Server, but this would require coding an alternative client for Radmin Server.

We recommend the following actions to ensure your system is secure:

Security recommendations for Windows NT/2000/XP/2003:

I. Stop the Remote Registry service so no one can remotely access your Windows registry:

1. Go to Start->Run->Control Panel->Administrative Tools->Services;
2. Browse to Remote Registry Service;
3. Right-click "Remote Registry Service" and select Properties;
4. Change the Startup type to "Disabled" and press "OK";
5. Execute the Action->Stop command.

II. Restrict access to [HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\] registry branch:

1. Go to Start->Run-> and execute regedt32;
2. Find [HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters] branch;
3. Execute the Security->Permissions command;
4. Uncheck "Allow inheritable permissions from parent..." and select "Copy" from the dialog that appears;
5. Click the "Remove" button to empty the list of everyone except local groups (Administrators, Power Users, Users) and SYSTEM user;
6. Make sure that Full Control rights are only granted to local Administrators group and SYSTEM user, while all other local groups have Read only;
7. Press "OK".

Note: Now you must log on under a local user profile to run Radmin Server.

Security recommendations for Windows 95/98/ME:

I. Block the possibility of remote access to your Windows registry by following these steps:

1. Run Start->Settings->Control Panel->Network;
2. If "Microsoft Remote Registry" or "Remote Registry Service" is present in the installed components list, select it and press "Uninstall";
3. Press "OK".

II. Make sure that you only share those folders that must be shared. Check that they are only shared for those specific users who really do need to use them (see above). Don't share your %windir% folder (the folder where the OS is installed and where the Windows registry is stored).

Respecting this simple network security policy you keep your information safe and confidential.



Products | Solutions | Downloads | Store | Partners | Support
Contact Us | About Us | Press Room | Forum | Site map
Famatech International Corporation Copyright © 1999-2009 Famatech. All rights reserved. Legal notices | Privacy policy