Re: default shares
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 04/02/05
- Previous message: David Wang [Msft]: "Re: Change in ASP.Net authentication between Win2000 and Win2003"
- In reply to: Steven L Umbach: "Re: default shares"
- Next in thread: Steven L Umbach: "Re: default shares"
- Reply: Steven L Umbach: "Re: default shares"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Apr 2005 23:09:15 -0700
Just a small point. The default shares are accessible by members
of the Administrators group. This group on a domain controller
can contrain more than just the domain administrators.
Suffice it to say MS does recommend that a DC needs to have
the default shares available. Note how the article cited list as
included the IPC$, Netlogon, and Sysvol shares which are of
course critical to a DC's role.
-- Roger "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message news:OtfA65wNFHA.2136@TK2MSFTNGP14.phx.gbl... > Microsoft does not recommend it as per the KB link below. Those shares are > only available to domain administrators. If you think you have a problem > with unauthorized users gaining domain admins access you have a much bigger > problem in the domain. You need to make sure that only trained and trusted > users are domain admins, that they understand that they must use complex and > protect their passwords and never use them for routine network access. You > can also use Restricted Groups to help enforce membership of domain admins > and administrators group, and may want to consider allowing domain admins to > use only smart cards to use their domain admin account if your > infrastructure will support it. You can also create a group that is in the > local administrators group on all domain computers that can consist of > regular domain user account to manage domain computers. --- Steve > > http://support.microsoft.com/default.aspx?scid=kb;en-us;816113 > > Microsoft recommends that you not delete or modify these special shared > resources. If the default administrative shares were removed or if the > automatic creation of these shares is turned off, you can edit the registry > to restore the shares so that they are automatically created in Windows. > > > "Burnabyryan" <Burnabyryan@discussions.microsoft.com> wrote in message > news:6CB599EF-3FBB-42F4-88B2-2C703565F9CA@microsoft.com... > > Im just wondering how safe it is to turn off the default shares on a > > domain > > controller. ? wins dhcp dns and so on are running > > > > -- > > Thanks > > > >
- Previous message: David Wang [Msft]: "Re: Change in ASP.Net authentication between Win2000 and Win2003"
- In reply to: Steven L Umbach: "Re: default shares"
- Next in thread: Steven L Umbach: "Re: default shares"
- Reply: Steven L Umbach: "Re: default shares"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
