Re: Defautl Hidden Shares
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 13 Apr 2006 22:47:30 -0700
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23WFVxo3XGHA.196@xxxxxxxxxxxxxxxxxxxxxxx
Though that is of concern Roger's solution was that only trusted
computers/users have access to those shares which can be accomplished by
enabling and configuring Windows Firewall on operating systems that have
it and/or the use of ipsec policies to make sure access is allowed only
from authorized IPs or computers with compatible ipsec policy. --- Steve
quite so, or by having the machine behind firewall through which only
narrowly defined traffic is passed.
Never-the-less, Ray has in fact hit the nail on the head, indicating one of
the great weaknesses - that people tend to have an admin account of the
same name and password on large numbers of machines. Worse yet,
because these are so widely distributed they tend to very infrequently
(if ever) change these. In that environment, assume a rogue "trusted"
user who manages to leverage something, an overallocation of privilege
or an unpatch exploit, in order to get the local SAM and crack it, then
the admin shares do slightly simplify life for that rogue person that must
otherwise first define a needed share.
Yes, yes, long, strong passwords, etc. can reduce this some.
But IMO final analysis is that admin shares are not the danger here.
"." <noemails@please> wrote in message
news:url4O2xXGHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
The really big risk is if you have only one local administrator password
for all laptops and desktops (and maybe servers) and someone finds it or
is given it for whatever reason. Even though it's the "local"
administrator account, it can be used across the network
net use x: \\computername\c$ /user:computername\administrator
Enter the local admin password at prompt and you now have full admin
access across the network.
It's an even bigger risk if you left the local admin password blank...
Ray
"lwmccksg" <lwmccksg@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:19D85E6E-161B-4A2B-A6D8-A055D23FA745@xxxxxxxxxxxxxxxx
thanks for your info.
"Roger Abell [MVP]" wrote:
The risks from the administrative shares are minimal if normal sane
practices are in use. Those only allow access by an admin account.
There is a risk of someone attempting login via the authentication
mechanisms that protect the administrative shares, using it as a way
to try to find username/password pairs. However, if only allowed
locations with supposedly trusted people have access to the needed
ports on those IPs, perhaps people that already have accounts, there
is little, if any, added risk.
Somewhat similarly for the IPC$ share you have mentioned, which
does not require an admin account.
"lwmccksg" <lwmccksg@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:85B9C50B-ABC8-4309-A8C2-BAD5EA9F3DA6@xxxxxxxxxxxxxxxx
I noted that during Windows 2000 Server setup, these hidden shares
Admin$,
C$, D$ and IPC$ are created.
Most of the best practices from books mentioned to remove the hidden
shares.
What are the risks if these hidden shares are not remove?
Can i say that these hidden shares consist of
1) Admin$ - for administering the server which contains of Windows
system
utilities.
2) C$ & D$ - for may consist of application and data.
.
- References:
- Re: Defautl Hidden Shares
- From: Roger Abell [MVP]
- Re: Defautl Hidden Shares
- From: .
- Re: Defautl Hidden Shares
- From: Steven L Umbach
- Re: Defautl Hidden Shares
- Prev by Date: Re: Defautl Hidden Shares
- Next by Date: Re: Domain/Workgroup Login problem
- Previous by thread: Re: Defautl Hidden Shares
- Next by thread: what permissions does a windows service need to execute another process? System.Diagnostics.Process process = System.Diagnostics.Process.Start(info); just local administrator? any specific permitions?
- Index(es):
Relevant Pages
|
|
