Score:-2

Does connecting to a work VPN via Cisco AnyConnect give the domain administrator access to your computer?

br flag

I've been connecting to my work computer via Cisco AnyConnect for the duration of the pandemic and I'm now concerned about privacy. Can a domain admin on the company network access my files or my PC remotely while I'm connected to the network? Can he/she install software without my knowledge on my personal PC? I'm on Windows Home and have file sharing turned off. Thanks.

cn flag
Do administrators have the capability to manage remote endpoints? I certainly hope so.
stark avatar
mu flag
If it's a company-owned machine they may have other remote access tools. Cisco AnyConnect does have some hook to inspect your machine before allowing you to connect to the network to make sure you aren't bringing in malware.
br flag
It's not a company owned machine. It's my personal computer. I only installed AnyConnect on it and use it to connect to the company VPN. Using this configuration, once on the network, can they have access to my personal files?
Semicolon avatar
jo flag
Not directly; not because you've connected your machine to the corporate network. However it is probably possible in theory. You've installed the anyconnect client and it runs under the system account. As the configurations, settings, (options host-scans, etc) can be controlled by the endpoint to which you connect - that's part of the deal. If you want to connect to MY network, you abide by MY rules and that includes the fact that that I get to ensure appropriate anti-malware tools are installed, your machine is updated, and certain software is NOT installed.
br flag
@Semicolon So theoretically they can access my files and install software without me knowing even if I haven't enabled filesharing or granted any king of access?
Semicolon avatar
jo flag
If it were to happen it would only happen during the sign-on process. The most I’ve ever seen is a newer version of the AnyConnect client was auto-downloaded and installed - maybe also installing a trusted certificate to inspect web traffic. I’m not really sure what you’re trying to accomplish, but if you’re looking for corroboration that your employer may have maliciously installed software Willy-nilly on your personal machine to snoop on your private affairs, I think you’re barking up the wrong tree.
Semicolon avatar
jo flag
For the record- you DID grant access. You installed the VPN client and allowed it to make necessary changes to your machine for the VPN to function. They are probably (if they even kept logs) able to determine what sites you likely visited while you were connected based upon your DNS queries, and with advanced web filters (if you weren’t setup with a split-tunnel) may even have inspected your web traffic (while connected)
Score:0
ru flag

The VPN link creates a direct connection between your computer and the company network - nothing more, nothing less. It does not create any kind of administrative access (unless you join the domain, install management software, or similar).

So, if you've properly protected your computer, there's nothing a company admin can do. However, if you've got empty passwords, anonymous shares, open ports without security, etc. then anyone in the company could exploit that (could likely exploit that, depending on how VPN clients are separated and possibly protected from the central network).

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.