Essentially, remote access to your system can be split into 2 categories, 1. Screen Shadowing and 2. File Access. This is a short overview of common remote access methods but is not meant to be all-encompassing. If anyone has additional additions, please add those in the comments!
Do not confuse this with active monitoring, web snooping, or email filtering. What we are defining here is remote access as being obtrusive access onto your workstation or laptop.
There are many methods of remote access for IT admins. Some are transparent, especially if performed at the driver/hardware level, while others are easily detected by keeping a keen eye on a few icons and desktop windows. These remote capabilities are not limited to IT staff and are commonly provided to a manager or group of supervisors.
Common Windows Screen Shadowing
One of the most common methods of remote access is through a program called VNC. Look in your system tray (next to the clock) for the VNC icon.
You can see status and disconnect users by right clicking the icon
When an admin logs onto your desktop using VNC, you may notice the screens quickly flash as well.
The lvsclnt.exe process indicates a program called LANVisor is being run. Open your task manager (either by ctrl+alt+del or by right clicking your lower desktop menu tray) to view the running processes tab and sort by name.
Another option is to open the registry and search. Click Start>Run, type regedit, Find LANVisor
Kaseya is a client management software which allows all types of remote access to your system, some of which are detectable, some are not. Usually, IT departments intentions are good but sometimes this can be abused. If your PC is connected to the internet, Kaseya connections can be made.
Look for the “K” icon in your system tray. This icon can be customized so hover over to look for Kaseya management.
or open services (start>run>services) and search for Kaseya Agent
Microsoft Remote Assistance
This is built into desktop operating systems and is commonly controlled by Group Policy. Most IT departments will keep the prompt shown below so you will be notified when someone wants to help out. However, this can be turned off for admins to take full control without letting you know first. When remote assistance is being used, your desktop background may switch to a solid color or the theme can change to basic (no smooth edges, etc)
Also a Microsoft solution, System Center Configuration manager is used by many enterprise-level, large organizations to maintain all the machines in the network. When the administrator logs into the desktop, this can be transparent. Again, A good indication SCCM remote access is being used is when your desktop background goes to a solid color or the theme changes to basic (no smooth edges, etc)
See if SCCM is being used by opening your control panel and searching for Configuration Manager
Individuals with the proper security membership can browse other machines on the local network. To view who is browsing files on your desktop, follow the procedure below. Note this will show many files or folders you may have open at the time as well.
Open Computer Management
right click “computer” or “my computer”
Open Shared Folders>Open Files
Names and directories of open files are listed. See who is connected. # locks indicate they have a specific file open at the time.
Linux desktops are clear when someone is logged in
Fellow IT admins may ostracize me for writing this article. However, I am a proponent of employee privacy and have seen these capabilities abused in the past. Knowledge is power!