Re: Deleteing C$ sharing
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/04/05
- Next message: Stan Kladko: "Re: Crptography and FIPS"
- Previous message: MSM: "Re: Deleteing C$ sharing"
- In reply to: MSM: "Re: Deleteing C$ sharing"
- Next in thread: MSM: "Re: Deleteing C$ sharing"
- Reply: MSM: "Re: Deleteing C$ sharing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Feb 2005 23:55:31 -0600
If the user is local administrator then the inmates are running the asylum
and that user could be doing anything on that computer including removing
the computer from the domain, changing ntfs and share permissions, or more
likely has removed your account or domain admins group from local
administrators group. You should consider looking at ways to not allow users
to be local administrators. Instead of trying to play games with this user
take his computer and reimage it or repair it and have him and other users
sign a computer user statement that prohibits junior hacking which includes
anything that will deny domain admins access to the computer. Also be sure
that auditing of logon events, policy change, and account management is
enabled on those computers. You should also be able to connect to any domain
users computer as a domain admin and use Computer Management to access those
computers to view the shares on that computer. A Group Policy startup script
can be used to add domain admins or any user/group to the local
administrators group on a domain computer as in [ net localgroup
administrators /add "mydomain\domain admins" ]--- Steve
"MSM" <MSM@discussions.microsoft.com> wrote in message
news:BC185BDF-48AC-4B2C-87F9-C3FE64B7B4A3@microsoft.com...
> hi:
>
> I am tasked to monitor the network and the computers on the network. I am
> not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am
> trying
> to use the brute force method of using the Admin Shares, and a index
> reader
> program. You are right these users have admin rights, I am wondering if
> this
> particular user has set up the secruity/sharing feature in such a manner
> that
> only thier user account can access thier computer. I can not even log in
> using the admin account. Thus I need to know how they may have done this,
> and if the way you discribe can be done in such a way that this person can
> not know it has been re-estiblished?
>
> Mark M.
>
> PS: this user is very adept at using the task manager
>
> "Steven L Umbach" wrote:
>
>> What exactly are you trying to do? It sure sounds like they are local
>> administrators if they can do what you describe which may be part of your
>> problem. You can delete the default administrator shares by disabling
>> file
>> and print sharing, using poledit, or modifying the registry as shown in
>> the
>> link below. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;318755
>>
>> "MSM" <MSM@discussions.microsoft.com> wrote in message
>> news:C082D991-B1DD-4925-B347-5E2DBBEEA757@microsoft.com...
>> > Hi:
>> >
>> > I have a need to montor the hard drives in my network, however, I have
>> > a
>> > user who has not only mangae to figure out how to delete a
>> > "Administrative
>> > Share" for the session, but it seems they have manage to delete it,
>> > except
>> > of
>> > a "Log In Situation" even during a re-boot of the system. How is this
>> > possible and is there anyway to circumnavigate this users attempts to
>> > lock
>> > thier PC out of the loop, with out them knowing they are back in the
>> > loop.
>> > --
>> > Thank you for you help
>> >
>> > Mark M
>>
>>
>>
- Next message: Stan Kladko: "Re: Crptography and FIPS"
- Previous message: MSM: "Re: Deleteing C$ sharing"
- In reply to: MSM: "Re: Deleteing C$ sharing"
- Next in thread: MSM: "Re: Deleteing C$ sharing"
- Reply: MSM: "Re: Deleteing C$ sharing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
