Re: Net Share IPC$ /Delete

Hi Will,

Here is a knowledge base article that lists out some of the things that break when Administrative Shares are missing:

842715 Overview of problems that may occur when administrative shares are missing
http://support.microsoft.com/default.aspx?scid=kb;EN-US;842715




--

Rob Greene
Microsoft Enterprise Platforms Support

All postings on this newsgroup are provided "AS IS" with no warranties, and
confer no rights.
For more information please visit
http://www.microsoft.com/info/cpyright.mspx to find terms of use.

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message news:eGlUIlrtGHA.4336@xxxxxxxxxxxxxxxxxxxxxxx
I have some Windows 2000 (and eventually 2003) computers in a DMZ that I
would like to harden a bit more than a typical computer. I want to
understand the implications of two actions:

1) Disabling network administrative shares. Apparently you can disable
the C$, D$, ADMIN$ shares by a registry key AutoShareServer = 0. What
applications will stop working as a result? I gather you won't be able to
use SMS or applications that outright modify a remote computer's files using
these shares. I'm okay with that, but I want to know what else would
break. I plan to disable these shares on both member servers and domain
controller.

2) Disabling IPC$. I gather that this hidden share is created by the
server service and used somehow with RPC. I guess you would have to keep
this running on a domain controller, otherwise many basic domain operations
would break?

On member servers that have no file shares enabled, what would break if you
disabled IPC$? I don't need to be able to open up event viewer remotely,
for example.

As far as how to disable the IPC$ share on member servers, I don't find any
way to stop its creation short of disabling the server service. Would it
be preferable to just run a script when the computer boots that issues a net
share ipc$ /delete command? What is the registry key or group policy
option that would allos this?

Disabling IPC$ on the member server won't stop the use of RPC client on the
member server, right?

--
Will



.

Relevant Pages

  • Net Share IPC$ /Delete
    ... Disabling network administrative shares. ... On member servers that have no file shares enabled, ... Disabling IPC$ on the member server won't stop the use of RPC client on the ...
    (microsoft.public.windows.server.security)
  • Re: Net Share IPC$ /Delete
    ... Disabling network administrative shares. ... I plan to disable these shares on both member servers and domain ... Disabling IPC$ on the member server won't stop the use of RPC client on ...
    (microsoft.public.windows.server.security)
  • Re: Net Share IPC$ /Delete
    ... and what results from admin shares absence vs from the implanting ... does not get rid of IPC$. ... Disabling network administrative shares. ... Disabling IPC$ on the member server won't stop the use of RPC client on ...
    (microsoft.public.windows.server.security)
  • Re: Cablemodem and hardware firewall device.
    ... skip the hardware. ... Your greatest vulnerability is with services and shares. ... NAT routers are designed for sharing a single IP among several ... no extra protection over disabling shares and unnecessary services. ...
    (comp.security.firewalls)
  • Re: anonymous access to win2000 machine
    ... Since you offer shares to users you need to have file and print sharing ... -- First try disabling the remote registry service. ... > disabled and every stringent security option in the local security policy ... > user accounts, however I want my computer COMPLETELY protected from any ...
    (microsoft.public.win2000.security)
Quantcast