Re: shared folders

From: Christo (chris_at_juststuff.co.uk)
Date: 11/14/04 

Date: Sun, 14 Nov 2004 14:37:44 -0000

"Thore "Tocis" Schmechtig" <MAILTOcommoner@carcosa.de> wrote in message
news:2vogiqF2j3t81U1@uni-berlin.de...
> Christo wrote:
>
>> are these security holes, specifically the Remote admin
>
> These are builtin M$ features to help the spread of malware. ;)
>
> Honestly:
>
> They are called administrative shares and are meant for the administrators
> of large networks to ease their work. To access them you need the
> machine's
> admin password, so if you have a good, strong one you aren't in too much
> danger. All those who think that admin passwords are for wimps, however,
> are in for a nasty surprise sooner or later.
> Yes they can be disabled via a certain registry key that, IIRC, you have
> to
> create yourself (it's not there by default). Unfortunately I can't tell
> you
> right away what this key is because I largely moved to SuSE Linux months
> ago, only starting M$ for games and some very special multimedia apps.
>
> Ah, wait, I may still have the batch file here, accessable from Linux...
>
> (digs through his XP partition)
>
> ...there it is. On my XP pro system, the following worked:
>
>
>
> in the registry branch
>
> HKLM\system\currentcontrolset\services\lanmanserver\parameters
>
> create a new DWORD key named
>
> autosharewks
>
> and give it the value 0.
>
>
>
> That should disable those admin shares at next reboot at the latest,
> though
> I'm not perfectly sure if IPC$ will be affected too - it may be too
> important for the system as a whole to be switched off. But ADMIN$ and the
> drive shares should be gone.
>
> You need admin privileges for that of course, so either start your regedit
> with "Run as..." or login as admin to do it. And if you haven't already
> done so, PLEASE do yourself the favor and assign a strong password to the
> admin account - one that can't be guessed by a dictionary attack. :)
>
> Hope to have helped...
>
> --
> Regards
>
> Thore "Tocis" Schmechtig

AutoShareServer

hasn't worked

i have read that these are created autmatically, so no one has had access to
my machine in order to create them, i am running a firewall so it should be
ok, hopefully, I will keep an eye on it.

Relevant Pages

  • Re: Create an Admin$ Share using the Create Win_32 class
    ... As simple way to achieve this is to run a logon script that deletes the ... AutoShareWks value in the parameters subkey from the Registry. ... I use this script on my network to keep the wise guys with admin rights from ... > Admin$ shares on multiple Windows NT computers using my Domain Admin ...
    (microsoft.public.scripting.wsh)
  • Re: [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LO
    ... An admin user who doesn't know the admin password is not an admin user. ... The next time you open System Preferences it is again locked and it wants a password... ...
    (Full-Disclosure)
  • Re: shared folders
    ... > They are called administrative shares and are meant for the administrators ... > admin password, so if you have a good, strong one you aren't in too much ... > You need admin privileges for that of course, so either start your regedit ...
    (alt.computer.security)
  • Re: Log on remotely - SOLUTION
    ... This laptop is setup with Windows XP so ... > that they can log onto the machine locally as a user (not power or admin). ... I know the admin password of the machine but I cannot give them ... Dial up to the net on the remote machine. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security concerns from 20050307 MacInTouch
    ... As root, you are and -should be- the ... it helps point out to people what the admin password dialog is doing ... blah blah" or "Safari needs to download an updated Realplayer ...
    (uk.comp.sys.mac)