Hello:

I've repeatedly turned off sharing on my C: drive. However each time I restart my Windows 2000 computer the C: drive is again set to be shared across the network. Is
this an automatic setting that I can't disable?
I've been using the administrator's account also.

Any advice is much appreciated.
Thanks,
Matthew

Report this post to a moderator

You cannot unshare the default shares. All you can do is restrict access.

Report this post to a moderator

C$ is shared and used to remotely perform admin tasks. The root of each partition on a HD (C$,D$,E$, etc...)is automatically shared. You can not change/unshare this.

By default, members of the Administrators group have FC permission for adminstrative shared folders. You cannot modify the permissions on administrative shared folders.

As a side note - the $ sign makes the share hidden, but it does not make it a default administrative share.

__________________
"I was planning to take over the world, but got distracted by something sparkly..."

Report this post to a moderator

In fact it is a recommended security practice in some cases.

There is a KB article on MSofts site, just do a search and it will tell you which registry keys to modify.

Report this post to a moderator

There's also the Admin$ share which is C:\Winnt and the Print$ share which provides access to printer driver files. Both are hidden.

__________________
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
-- Ben Franklin

http://www.stopfcc.com/

Report this post to a moderator

There is a registry hack that will permenantly remove those $ shares. You won't see them again after reboots. I usually remove them all on a IIS server. In fact, the lockdown utility itself does this for some $ shares.

If your workstation is standalone home PC (not connected to any NT/w2k domains or workgroups, you can remove them without any side effects.

Report this post to a moderator

Here's the article these guys are refering to.
http://support.microsoft.com/defaul...kb;en-us;314984

__________________
"I was planning to take over the world, but got distracted by something sparkly..."

Report this post to a moderator

quote:

---

Originally posted by em_ar_ducks
In fact it is a recommended security practice in some cases.

---

As a side note, could you point me in the direction of these cases? Because the MS article states differently. In fact, I've never seen a need nor a recomendation from an IIS, SMS, etc... configuration standpoint stating that one should disable these.

This is from the article posted above:

"IMPORTANT: The default IPC$ administrative share is required by the Server service and cannot be deleted. Microsoft recommends that you not delete administrative shares that were created by Windows for root partitions and volumes (such as C$) and the system root folder (ADMIN$). This can cause problems for administrators and programs or services that rely on these shares. example, both Microsoft Systems Management Server (SMS) and Microsoft Operations Manager 2000 require administrative shares for correct installation and operation.

So I guess my comment is, if members are going to state that there are instances that one 'should' do this for security purposes, and or post about a 'lockdown' utility, please post a link supporting this so others (like myself) can read up on these items.

Obviously you can disable the administrative shares. I'm just having difficulty seeing a need as I for one have really never seen nor heard of a lockdown utility to do this or seen any real reason/need to disable these.

__________________
"I was planning to take over the world, but got distracted by something sparkly..."

Report this post to a moderator

I didn't have time to perform the search and add the link. (my apologies again)

The conditions or situations in which disabling the admin shares may be required or recommended are extremely high security environments (Government).

In my limited experience, it typically becomes a battle between what is administratively required vs. the potential security risks/vulnerabilities. In one particular case I have been required to disable the shares to prove that doing so created more work or interfered with network applications more than the potential vulnerability justified. (want to know how long that took, I'm still turning stuff back on because some Government twink wanted it gone, and I couldn't be entirely sure I needed it)

As was stated earlier, it is probably a good practice to disable admin shares on any IIS or other public boxes residing on a DMZ, provided adequate safeguards on the firewalls protect the internal network.

On Government systems, the rule of thumb is that if a service is absolutely not required it must be disabled, deinstalled, never installed, etc. You would not believe what I go through to lock down a system.

Report this post to a moderator

Good stuff em_ar_ducks. Thanks for the reply.

__________________
"I was planning to take over the world, but got distracted by something sparkly..."

Report this post to a moderator