Re: Deleteing C$ sharing
From: MSM (MSM_at_discussions.microsoft.com)
Date: 02/04/05
- Next message: Bob V: "Disable print screen in Windows 2000 Pro"
- Previous message: Ann: "More Secured"
- In reply to: Steven L Umbach: "Re: Deleteing C$ sharing"
- Next in thread: Steven L Umbach: "Re: Deleteing C$ sharing"
- Reply: Steven L Umbach: "Re: Deleteing C$ sharing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Feb 2005 12:35:09 -0800
Hi:
Thanks for the info, unfortinately, I am betweena rock and a hard place.
These users are a very private bunch and to have them agree to an sign
anything that they will percieve as restricting them or giving someone access
to hard drives will cause a major uproar and the onwners who want everything
micromanaged. Your eailer post about resetting the the autoshare is good. I
just managed to look at the comuter. All the setting for the C$ shares are
there, however my admmin account has been deleted. I have just tried logging
into the hard drive with the Administrator account and it works. Thank you
for you help, by the way do you use a chat service, maybe next time I have a
issue I can contact you direct.
"Steven L Umbach" wrote:
> If the user is local administrator then the inmates are running the asylum
> and that user could be doing anything on that computer including removing
> the computer from the domain, changing ntfs and share permissions, or more
> likely has removed your account or domain admins group from local
> administrators group. You should consider looking at ways to not allow users
> to be local administrators. Instead of trying to play games with this user
> take his computer and reimage it or repair it and have him and other users
> sign a computer user statement that prohibits junior hacking which includes
> anything that will deny domain admins access to the computer. Also be sure
> that auditing of logon events, policy change, and account management is
> enabled on those computers. You should also be able to connect to any domain
> users computer as a domain admin and use Computer Management to access those
> computers to view the shares on that computer. A Group Policy startup script
> can be used to add domain admins or any user/group to the local
> administrators group on a domain computer as in [ net localgroup
> administrators /add "mydomain\domain admins" ]--- Steve
>
>
> "MSM" <MSM@discussions.microsoft.com> wrote in message
> news:BC185BDF-48AC-4B2C-87F9-C3FE64B7B4A3@microsoft.com...
> > hi:
> >
> > I am tasked to monitor the network and the computers on the network. I am
> > not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am
> > trying
> > to use the brute force method of using the Admin Shares, and a index
> > reader
> > program. You are right these users have admin rights, I am wondering if
> > this
> > particular user has set up the secruity/sharing feature in such a manner
> > that
> > only thier user account can access thier computer. I can not even log in
> > using the admin account. Thus I need to know how they may have done this,
> > and if the way you discribe can be done in such a way that this person can
> > not know it has been re-estiblished?
> >
> > Mark M.
> >
> > PS: this user is very adept at using the task manager
> >
> > "Steven L Umbach" wrote:
> >
> >> What exactly are you trying to do? It sure sounds like they are local
> >> administrators if they can do what you describe which may be part of your
> >> problem. You can delete the default administrator shares by disabling
> >> file
> >> and print sharing, using poledit, or modifying the registry as shown in
> >> the
> >> link below. --- Steve
> >>
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;318755
> >>
> >> "MSM" <MSM@discussions.microsoft.com> wrote in message
> >> news:C082D991-B1DD-4925-B347-5E2DBBEEA757@microsoft.com...
> >> > Hi:
> >> >
> >> > I have a need to montor the hard drives in my network, however, I have
> >> > a
> >> > user who has not only mangae to figure out how to delete a
> >> > "Administrative
> >> > Share" for the session, but it seems they have manage to delete it,
> >> > except
> >> > of
> >> > a "Log In Situation" even during a re-boot of the system. How is this
> >> > possible and is there anyway to circumnavigate this users attempts to
> >> > lock
> >> > thier PC out of the loop, with out them knowing they are back in the
> >> > loop.
> >> > --
> >> > Thank you for you help
> >> >
> >> > Mark M
> >>
> >>
> >>
>
>
>
- Next message: Bob V: "Disable print screen in Windows 2000 Pro"
- Previous message: Ann: "More Secured"
- In reply to: Steven L Umbach: "Re: Deleteing C$ sharing"
- Next in thread: Steven L Umbach: "Re: Deleteing C$ sharing"
- Reply: Steven L Umbach: "Re: Deleteing C$ sharing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
