There are a few ways of doing it - Windows itself is designed with a system called Remote Desktop, that allows you to operate one system from another. There are other remote systems, Dameware, various flavors of VNC, that all do the same thing. For instance, in my company, I have administrative rights to machines within a certain domain - I can connect to any machines in that domain and 'push' my remote control app (Dameware, usually, but we use several flavors) and take control of that machine.

More than likely, the IT guys have a record of your machine name and use that as an identifier to connect. I'm not sure what you mean by the second part of the question - when a computer connects to network, there's a number called an IP address to identify it on a network, but that's not always the same number. There's also a MAC Address that identifies a network device (your ethernet card, wifi card, etc). Usually though, the default is a computer name that's registered to your machine only. The names are kept in some sort of organized list (for many Windows-based systems these days they use something called Active Directory - it's more complicated than you really want to ask about I think).

There are also systems to do automated software updates and changes (Altiris, Radia, etc) that again, mostly go by the registered computer name on the network to push out updates and the like - there's a small piece of client software on the machine that connects to a main server at home base.

Probably more complex than you asked for, but there you have it.
posted by pupdog at 3:43 AM on September 8, 2008 [2 favorites]

Now that I see your title, I'm guessing you're wondering who else can see your computer - for most of these systems to work you have to be within that trusted network. If you're loggin in from home or a hotel room on teh road, your IT guys won;t be able to see your computer unless you use something to connect to work (for nearly everyone, it's some sort of VPN solution, either software or a dedicated box between your computer and your internet connection. Your IT guys being able to connect to your computer doesn't really make it any less secure as far as someone unknown gaining unauthorized access.
posted by pupdog at 3:47 AM on September 8, 2008

There is some software on your machine that is set up to allow them to connect.

Changing their address wouldn't do it. That would be like me getting a print run of business cards with my name and your address on it - confusing but doesn't help me to get in your house.

This setup is more like me renting you a house, but leaving some pixies in the cupboard that I phone up and ask them to move your stuff around and do some cleaning.
posted by emilyw at 4:04 AM on September 8, 2008

To add on to pupdog's answer: there is also a product called Bomgar that allow IT to remote connect to your laptop, even when you're not on a trusted network (in an office, or via a VPN). Basically an application on the laptop can phone home to a home server to let it know your current IP address, and allow the IT folks to connect to your machine as long as you're on the Internet.

(Can I shill for Bomgar for a bit? It's so nice being able to get a remote desktop on machines that aren't on internal networks, or are behind routers or firewalls. As long as you don't think too hard about the security risks, anyway...)

The point is, just knowing the network address isn't enough for someone to connect to your PC unless they also have login credentials or some other program is installed.
posted by a young man in spats at 4:33 AM on September 8, 2008 [1 favorite]

If they can get into your computer remotely without you having to run something first, you've got some kind of remote control software installed. There are many different ones designed for this specific purpose - vnc, pcanywhere, gotoassist etc etc.

You don't specify as to whether your pc is being controlled on a corporate network, or when you're out roaming on the world at large. Depending upon how they set it up, it might be only usable on the company networks they control, or it might be usable by them anywhere - some remote control software can remote tunnel out past firewalls, so its accessible by your IT guys even on a firewalled network. It all depends on how they did it, there's a number of different ways to accomplish the same goal.

When your machine connects to a network, it gets a unique IP number for that network. Different networks use different ranges of numbers (though some networks use duplicate settings as other networks, for reasons not worth going into). Depending upon how things were set up, it's entirely possible they can get into your pc anywhere, at any time, by your machine reporting that number to their systems, or by reporting it to a trusted third party.

They will also have setup some sort of access login for themselves. Anyone else won't be able to get in without the password, and also knowing your IP at the time.
posted by ArkhanJG at 6:11 AM on September 8, 2008

It is a matter of rights. Your computer is on the domain, they are domain admins, they have full control over the domain. That is a rudimentary description, but to the point.
If I want to see your hard drive, and maybe do a manual sweep for images: \\computername\C$ and then search for gif, jpg, jpeg, mpeg etc... Reveals all the pics & vids on a box. Usually done when a manager calls and says, can you look at employeename's computer for porn/whatnot please... This of course can be done without the user even knowing it is going on.
If you are seeing the help desk or admins on your PC in realtime, then as mentioned earlier in the thread, you are seeing a VNC session, or dameware or SMS... A fair amount of these types of apps out there too.
Applications are usually reported on by software sweeps. All kinds of apps to do this with. A lot of them are for ensuring license compliance.
posted by a3matrix at 6:12 AM on September 8, 2008

I'm kind of chuckling at some of the replies above.

Unless we have a lot more details about your computer it's impossible to make such statements as "your computer is on the domain". We don't even know if you're using Windows, let alone if you are logging on to a domain.

There are a large numbers of ways your admins could have access to your computer. It could be in-house software which they have every user install. It could be windows remote desktop. It could be VNC. It could be SSH. It could be completely secure, it could be completely open.

We don't know. Ask your administrators, they will certainly be better equipped to answer than random internet users. Especially since they will know exactly what your environment is like, whereas people here just make assumptions and thus come up with conflincting answers.
posted by splice at 6:37 AM on September 8, 2008

Suffice it to say(in a thick Russian accent) "In corporate workplace we have ways of making your computer speak".

There are many many ways to remotely inventory/control your computer. Why not ask your IT department, that kind of stuff isn't usually top secret and more than likely you'll get a geek who's proud of the setup and will answer your questions to an extent.
posted by wavering at 6:49 AM on September 8, 2008

This is both a networking and application issue. (this is a typical scenario)

On the network side, your company has a firewalled closed "walled garden." There is a gate to this garden and it has a magic number like 206.45.35.24 (this is called an IP address). Your IT guy puts that magic code into a program which connects him to your network. Without the code (which is the address) and whatever authentication, others cannot get in.

Once in your network then all the computers are exposed. He then connects through the walled garden into your computer. Your computer is running some kind of remote control software like vnc or remote desktop.

If its a laptop and youre on the road then you can ignore the part of the walled garden. Now the laptop is exposed to the internet and anyone can try to control it, but without the password its not going to work. On top that your IT department has a program running on your machine which reports the magic code to them so they know which computer to talk to.
posted by damn dirty ape at 6:59 AM on September 8, 2008

Also be aware that many remote solutions can be configured so as to show no indication that someone is proxied in. We use Novell ZENworks here, and while we have it configured to request permission to remote in if someone is logged in to the machine, it's a fairly simple matter to allow remote viewing without any outward signs that it's being done.

spats-man, that Bomgar thing actually looks pretty slick. Does it create it's own VPN connection back to the device? I probably shouldn't derail here...I'll shoot you a mefimail message or an email.
posted by JaredSeth at 7:05 AM on September 8, 2008

You don't say if this is user-initiated or whether IT can get in without you, but it doesn't change the basic premise. You most likely have an application running in the background (or a run once program in the case of something being initiated by you), the program reports your address to the company address. Your address can change all the time, or never at all, but if you're not on a managed network, there's no way to be sure of what your address is. The simple solution is to have the program report to a known good address, like helpdesk.yourcompany.com. It says "Hello, I am here." Now they know where you are, they can take control of your computer. This is actually a very complicated process, but through the magic known as the Internet it is fairly easy to accomplish.
posted by geoff. at 7:22 AM on September 8, 2008

This thread is closed to new comments.