Re: Administrative Shares
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/15/03
- Next message: Carey Frisch [MVP]: "Re: IS ANYONE ELSE FED UP WITH THIS SECURITY CRAP??"
- Previous message: Bruce: "Re: Ad-aware Error"
- In reply to: Neil: "Re: Administrative Shares"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 14 Dec 2003 20:30:27 -0700
No problem Neil, and as you have said
> the key being strong password protection
> of the admin accounts.....
is so very true, and often overlooked.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Neil" <me@home.com> wrote in message news:brhkas$1dsq$1@otis.netspace.net.au... > Thanks Roger and David, > > My concerns were mainly centered on the possibility of someone accessing > the entire computer through use of the admin shares, as you have pointed > out this is well controlled, with the key being strong password protection > of the admin accounts..... > > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > news:OQbH5TjwDHA.2712@tk2msftngp13.phx.gbl... > > As David said, the administrative shares are only available > > to administrators. No other accounts can use them. The NTFS > > permissions on the underlying filesystems is a separate thing > > from the share access permissions, and at least for the install > > partition the NTFS permissions restrict non-admin accounts > > fairly well, just as if they had logged in locally (but for these > > accounts to remotely access the filesystem you would have to > > first define shares - they cannot use the administrative shares > > and you cannot modify the share level permissions of the > > administrative shares) > > > > -- > > Roger Abell > > Microsoft MVP (Windows Server System: Security) > > MCSE (W2k3,W2k,Nt4) MCDBA > > "Neil" <me@home.com> wrote in message > > news:brgoe8$13dp$1@otis.netspace.net.au... > > > Thanks, > > > > > > Whilst this info. is handy for the purpose of turning shares on and off, > > > what I am inquiring about is the NTFS security levels that are > appropriate > > > for these 'admin' shares and how I might allocate varying levels of > access > > > to users and system type 'users' that still maintains functionality but > > > improves security... > > > > > > > > > > > > "David Jones" <anonymous@discussions.microsoft.com> wrote in message > > > news:020301c3c1f3$9294b9e0$a501280a@phx.gbl... > > > > http://support.microsoft.com/default.aspx?scid=314984 > > > > > > > > (found by searching for "Administrative Share", for > > > > future reference) > > > > > > > > >-----Original Message----- > > > > >I'm none too pleased about having admin shares (C$, D$, > > > > IPC$ etc.) available > > > > >to > > > > >all and sundry. > > > > > > > > > >Apart from setting all users to deny priviledge level, > > > > what is the best high > > > > >security yet > > > > >still functional setup for these shares or is there a > > > > way to rid myself of > > > > >them without > > > > >losing functionality ?? > > > > > > > > > >WIN XP Pro, workgroup based peer to peer network. > > > > > > > > > >Thanks. > > > > > > > > > > > > > > >. > > > > > > > > > > > > > > > > >
- Next message: Carey Frisch [MVP]: "Re: IS ANYONE ELSE FED UP WITH THIS SECURITY CRAP??"
- Previous message: Bruce: "Re: Ad-aware Error"
- In reply to: Neil: "Re: Administrative Shares"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
