Re: Viewability of shared folders ?

The only way you can access those drives by using administrative shares is
by knowing administrator password. So -- how is this a security risk? :-) If
someone knows your administrator password then it can access your system any
way (with or without those shares)...
You can also protect the computer by using personal or dedicated firewall to
protect your trusted network from untrusted network (e.g. internet).

Yes, it is possible to remote these shares by editing registry. Still this
is not something that would be recommended since some services and e.g.
remote installations depend on these services.

E.g. if you want to install antivirus on all your computers remotely by
telling it where to install -- it will need this shares to connect to the
computer and do an installation.

--
Mike
Microsoft MVP - Windows Security

"Bob" <uctraing@xxxxxxxxxxxx> wrote in message
news:01njr1t5nbh39r6uvgi47p6pf0v68qbt67@xxxxxxxxxx
> On Mon, 2 Jan 2006 19:46:28 +0100, "Miha Pihler [MVP]"
> <mihap-news@xxxxxxxxxxx> wrote:
>
>>Hi Bob,
>>
>>Yes. If you create a share with $ sign at the end of the name it will be a
>>"hidden" share.
>>
>>e.g. My_Share$ would now be hidden and is only accessible if:
>>- user knows full path to the share (e.g. \\server\shares\My_Share$
>>- user has permissions to access the share
>>
>>There are some well known hidden shares e.g. c$, admin$ and few others
>>that
>>exist by default. You can gain access to these shares by going to
>>
>>\\remote_computer_name\c$
>>
>>but you also have to be local administrator to gain access to these
>>default
>>shares.
>
> Thanks. That will do it for me.
>
> Since you mentioned it, I noticed those drive$ shares on all the
> drives... and if you try to remove them, you get a message "this drive
> is being shared for administrative purposes and you can't remove it"
> (or similar message). What is the point of them? Aren't they a big
> security risk? I realize they are password protected - but a default,
> known, non-removable share to a system drive a very bad thing... a
> cracker program with can hit it with "administrator" and plugged
> passwords until it gets in.
>
> Is there someway to shut them off? Seems like a big hole.
>
>


.

Relevant Pages

  • Re: Heddin shares restrections
    ... I spent an hour or so looking all over the net and couldn't find anything to protect the shares. ... but i am the administrator on that ... so how can i make restriction for unsharing the ... hidden shared drives. ...
    (microsoft.public.win2000.security)
  • Re: Mapping Private Drive
    ... Contact the administrator of this server to find ... >I go to the drives shared settings and try to change the permissions and get ... If you need to access additional shares, they have to accept the same ...
    (microsoft.public.windowsxp.network_web)
  • Re: Sharing a computer versus its drives?
    ... administrator can access the "hidden" shares on the remote computer assuming ... administrative shares can be accessed only by administrators. ... see all non hidden shares on a remote computer if that helps. ... connected laptop, including all its drives, rather than having to create ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Default Shares
    ... I would not worry too much about disabling the default shares if they are ... administrator account to logon to any domain computer that is not known to ... local administrators group of domain computers which can be easily managed ...
    (microsoft.public.win2000.security)
  • Re: Unable to turn off sharing
    ... > Hidden shares are created by default, ... > level users on the system and are typically used for remote management ... administrator privileges have access to them. ...
    (microsoft.public.security)