Re: shared folders

From: Christo (chris_at_juststuff.co.uk)
Date: 11/14/04 

Date: Sun, 14 Nov 2004 13:35:13 -0000

"Thore "Tocis" Schmechtig" <MAILTOcommoner@carcosa.de> wrote in message
news:2vogiqF2j3t81U1@uni-berlin.de...
> Christo wrote:
>
>> are these security holes, specifically the Remote admin
>
> These are builtin M$ features to help the spread of malware. ;)
>
> Honestly:
>
> They are called administrative shares and are meant for the administrators
> of large networks to ease their work. To access them you need the
> machine's
> admin password, so if you have a good, strong one you aren't in too much
> danger. All those who think that admin passwords are for wimps, however,
> are in for a nasty surprise sooner or later.
> Yes they can be disabled via a certain registry key that, IIRC, you have
> to
> create yourself (it's not there by default). Unfortunately I can't tell
> you
> right away what this key is because I largely moved to SuSE Linux months
> ago, only starting M$ for games and some very special multimedia apps.
>
> Ah, wait, I may still have the batch file here, accessable from Linux...
>
> (digs through his XP partition)
>
> ...there it is. On my XP pro system, the following worked:
>
>
>
> in the registry branch
>
> HKLM\system\currentcontrolset\services\lanmanserver\parameters
>
> create a new DWORD key named
>
> autosharewks
>
> and give it the value 0.
>
>
>
> That should disable those admin shares at next reboot at the latest,
> though
> I'm not perfectly sure if IPC$ will be affected too - it may be too
> important for the system as a whole to be switched off. But ADMIN$ and the
> drive shares should be gone.
>
> You need admin privileges for that of course, so either start your regedit
> with "Run as..." or login as admin to do it. And if you haven't already
> done so, PLEASE do yourself the favor and assign a strong password to the
> admin account - one that can't be guessed by a dictionary attack. :)
>
> Hope to have helped...
>
> --
> Regards
>
> Thore "Tocis" Schmechtig

thanks for the advice, my account is pwd prod thanks

however after adding the reg value autosharewks as 0 (doesnt matter if its
hex or dec does it)

and checking the shares again they all still appear to be there (this is
after a rboot)

the key is in the regedit to so I am not sure why that hasn't worked?

Relevant Pages

  • Re: DC Admin question
    ... If someone needed to manage file shares, I would say, there are these X ... I would prefer no printers on DCs nor even queues, ... enhanced rights to is for some, likely good, reason. ... solutions to the unacceptible obvious one of giving admin. ...
    (microsoft.public.windows.server.security)
  • Re: Accessing SBS 2003 Shares with XP Home
    ... can see in server in network neighborhood. ... I have tried user password and admin password. ... access shares very easily. ... of the Admin account that was assigned to that share. ...
    (microsoft.public.windows.server.sbs)
  • Re: Defautl Hidden Shares
    ... the admin shares do slightly simplify life for that rogue person that must ... It's an even bigger risk if you left the local admin password blank... ... Those only allow access by an admin account. ...
    (microsoft.public.win2000.security)
  • use of compmgmt.msc to create/manage remote shares + ntfs permissions
    ... creation) only when they need to carry out those tasks. ... administrators group on these remote servers (they are server ... shares to connect on the fly to the remote server, ... obviously don't have admin rights to. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Any way to remove ADMIN$ only?
    ... shares except for ADMIN$. ... modify it under the terms of the GNU GPL, as published by the Free Software ...
    (Focus-Microsoft)