Re: Net Share IPC$ /Delete
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Sat, 5 Aug 2006 09:16:31 -0700
Hi Rob,
Thanks for posting the link.
I find that KB poorly written, at best. It seems to be mixing up
what may happen when the shares are disabled on DCs vs non-DCs,
and what results from admin shares absence vs from the implanting
malicious software and its interference with these shares.
Now, granted that I do not run Mac support many places, but on
servers, both W2k and W2k3, within AD (non-DC) with the admin
shares disabled, I have never seen any of the indicated issues.
Since admin shares are quite commonly stopped, one would think
that what this KB describes would be reported quite often if these
were to happen just from setting the Autoshare entries to 0 on client
and member server systems.
As Will, the originator of this thread, indicated, stopping admin shares
does not get rid of IPC$. Some of what the KB describes seems to
be a likely result from IPC$ being unavailable, hence I wonder about
the extent to which the KB actually is describing malware impacts that
have also blocked this.
--
Roger
"Rob Greene [MSFT]" <roberg@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:OfASGPKuGHA.4968@xxxxxxxxxxxxxxxxxxxxxxx
Hi Will,
Here is a knowledge base article that lists out some of the things that
break when Administrative Shares are missing:
842715 Overview of problems that may occur when administrative shares are
missing
http://support.microsoft.com/default.aspx?scid=kb;EN-US;842715
--
Rob Greene
Microsoft Enterprise Platforms Support
All postings on this newsgroup are provided "AS IS" with no warranties,
and
confer no rights.
For more information please visit
http://www.microsoft.com/info/cpyright.mspx to find terms of use.
"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:eGlUIlrtGHA.4336@xxxxxxxxxxxxxxxxxxxxxxx
I have some Windows 2000 (and eventually 2003) computers in a DMZ that I
would like to harden a bit more than a typical computer. I want to
understand the implications of two actions:
1) Disabling network administrative shares. Apparently you can disable
the C$, D$, ADMIN$ shares by a registry key AutoShareServer = 0. What
applications will stop working as a result? I gather you won't be able
to
use SMS or applications that outright modify a remote computer's files
using
these shares. I'm okay with that, but I want to know what else would
break. I plan to disable these shares on both member servers and domain
controller.
2) Disabling IPC$. I gather that this hidden share is created by the
server service and used somehow with RPC. I guess you would have to
keep
this running on a domain controller, otherwise many basic domain
operations
would break?
On member servers that have no file shares enabled, what would break if
you
disabled IPC$? I don't need to be able to open up event viewer
remotely,
for example.
As far as how to disable the IPC$ share on member servers, I don't find
any
way to stop its creation short of disabling the server service. Would
it
be preferable to just run a script when the computer boots that issues a
net
share ipc$ /delete command? What is the registry key or group policy
option that would allos this?
Disabling IPC$ on the member server won't stop the use of RPC client on
the
member server, right?
--
Will
.
- References:
- Net Share IPC$ /Delete
- From: Will
- Re: Net Share IPC$ /Delete
- From: Rob Greene [MSFT]
- Net Share IPC$ /Delete
- Prev by Date: Re: Net Share IPC$ /Delete
- Next by Date: Re: How to change the minimum password length in a Windows 2003 se
- Previous by thread: Re: Net Share IPC$ /Delete
- Next by thread: Accessing Local Security Policy Programatically
- Index(es):
Relevant Pages
|
