Re: default shares
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 04/02/05
- Next message: MC: "Re: ARP Poisoning"
- Previous message: Steven L Umbach: "Re: default shares"
- In reply to: Steven L Umbach: "Re: default shares"
- Next in thread: Benji: "Re: default shares"
- Reply: Benji: "Re: default shares"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 2 Apr 2005 07:49:13 -0700
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:eXDXU91NFHA.3336@TK2MSFTNGP09.phx.gbl...
> That is exactly what I meant - administrators group for the domain versus
> the domain admins group alone. You have to excuse me this week. My wife
and
> daughter are on vacation in Florida and because of such I am a bit under
> nourished. --- Steve
>
<g>
And you need to excuse me also Steve, as I believe in the late/early
hour I relied into the wrong spot in the thread.
You may need to raid a grocery soon !!
-- Roger > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > news:OL3u2n0NFHA.3512@TK2MSFTNGP15.phx.gbl... > > Just a small point. The default shares are accessible by members > > of the Administrators group. This group on a domain controller > > can contrain more than just the domain administrators. > > > > Suffice it to say MS does recommend that a DC needs to have > > the default shares available. Note how the article cited list as > > included the IPC$, Netlogon, and Sysvol shares which are of > > course critical to a DC's role. > > > > -- > > Roger > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message > > news:OtfA65wNFHA.2136@TK2MSFTNGP14.phx.gbl... > >> Microsoft does not recommend it as per the KB link below. Those shares > >> are > >> only available to domain administrators. If you think you have a problem > >> with unauthorized users gaining domain admins access you have a much > > bigger > >> problem in the domain. You need to make sure that only trained and > >> trusted > >> users are domain admins, that they understand that they must use complex > > and > >> protect their passwords and never use them for routine network access. > >> You > >> can also use Restricted Groups to help enforce membership of domain > >> admins > >> and administrators group, and may want to consider allowing domain admins > > to > >> use only smart cards to use their domain admin account if your > >> infrastructure will support it. You can also create a group that is in > >> the > >> local administrators group on all domain computers that can consist of > >> regular domain user account to manage domain computers. --- Steve > >> > >> http://support.microsoft.com/default.aspx?scid=kb;en-us;816113 > >> > >> Microsoft recommends that you not delete or modify these special shared > >> resources. If the default administrative shares were removed or if the > >> automatic creation of these shares is turned off, you can edit the > > registry > >> to restore the shares so that they are automatically created in Windows. > >> > >> > >> "Burnabyryan" <Burnabyryan@discussions.microsoft.com> wrote in message > >> news:6CB599EF-3FBB-42F4-88B2-2C703565F9CA@microsoft.com... > >> > Im just wondering how safe it is to turn off the default shares on a > >> > domain > >> > controller. ? wins dhcp dns and so on are running > >> > > >> > -- > >> > Thanks > >> > > >> > >> > > > > > >
- Next message: MC: "Re: ARP Poisoning"
- Previous message: Steven L Umbach: "Re: default shares"
- In reply to: Steven L Umbach: "Re: default shares"
- Next in thread: Benji: "Re: default shares"
- Reply: Benji: "Re: default shares"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
