General discussion

Locked

dameware

By jackorama ·
i have searched the site and found only discussions on how good Dameware is for remote admin. ... unfortunately, this is precisely my problem:

our company is owned by another company across the ocean. we separate but trusted domain. the admins from the other side keep installing Dameware on my servers. i have asked them several times to not do this, to no avail. i have tried to change port number, and change service acct. on dameware, but they seem to get around that also (by installing a fresh copy i suppose).

the behavior of Dameware almost sounds like Back Orifice.

i was wondering if anyone knows how to secure my computers completely against anyone being able to install this.

unfortunately, blocking anything on our WAN and firewalls is not an option.

any help or pointers will be appreciated.

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

We use it here

by aellingson In reply to dameware

As far as I know it installs the service when connecting and can remove itself once it disconnects. I use it for remote admin of users machines, but never had to use it on servers ( we have to use terminal services for that). They may not be setting up to uninstall the service once disconnected.

Collapse -

possibilities

by RTFM Error In reply to dameware

dameware installs itself using the Admin$ default share. if that share isnt present, or if the user installing it doesn't have rights to the folder, dameware will assume that Admin$ does not exist (like a 9x box) and wont install. if you go into that folder, there will be a program DWMRC.exe or something like that, and that is actually the server program, along with a couple dll files. you could remove it, and then remove the write permission on that share, or explicitly deny whichever username they are using to install it. put simply, without Admin$ or proper authentication, dameware will not install, which is the only real difference between it and something like back orifice

--nick

Back to Security Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums