why does win 2k insist on sharing C$ and D$?

[wassup]

i run a windows 2000 sp4 and full security updates box and i turn off the default shares of C$ and D$. then i check a while later and they are turned back on! this is a huge security risk. why does 2000 insist on reseting these? i've noticed this type of behavior wtih things such as msn messenger where it resets the avatar. the box is adware, spyware, trojan, virus free. i have also tried it on many computers.

[mmelby]

These are called Administrative Shares... Here is some information on how to control/remove them...

http://support.microsoft.com/default...roduct=win2000

http://support.microsoft.com/default...roduct=win2000

Hope this helps.

[qod]

one note to make is that the $ sign at the end of them make them not visiable through file sharing etc..

[SirDice]

Also note that the C$ and D$ are only accessable by members of the administrators group so it's not the huge security risk you think it is. If your administrative shares are accessable by someone else you have bigger problems (ie somebody has administrative rights they're not supposed to).

[cheesegoduk]

Yes, The C$ shares are especially useful on Windows Domains, Because they allow Domain administrators to see the whole drive from any machine, whist denieing users who are not part of the admins group

[slarty]

Originally posted here by wassup
[B]this is a huge security risk.

How, exactly, is having the default shares, a "huge" security risk? Excuse me if I'm being pedantic but:

1. They are only accessible to members of administrators group
2. Those members are capable of creating shares remotely anyway, including sharing any folder they want including C and D
3. Those members are basically capable of doing absolutely anything remotely, provided the server service is enabled.

why does 2000 insist on reseting these?

It's a policy setting, it may be set in the domain. But don't change it unless you understand.

i've noticed this type of behavior wtih things such as msn messenger where it resets the avatar.

Now you're being rediculous - MSN messenger resetting its avatar is clearly due to some bug in that program, and is totally unrelated to default shares being created.

Slarty

[wassup]

well i found a quick way to fix it. and it can be a huge security risk if you have a blank admin password. yes i know this is stupid but this is for my home network and my dad wants functionality > security. i have found a quick .reg file that seems to have fix this.

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
"AutoShareWks"=dword:00000000

just put that into a file with the .reg extension and export it into the registry.

i know about the $ signs meaning a hidden share. but any slightly experienced hacker also knows about these.

also i didnt find a way to control it in local security policy.

[slarty]

Originally posted here by wassup
well i found a quick way to fix it. and it can be a huge security risk if you have a blank admin password.

NOOO
you totally missed the point, idiot!

Having a blank admin password is the security risk.

NOT the default shares.

Having disabled default shares, admin users CAN STILL, REMOTELY, DO ANYTHING

Just because you can't access C$, doesn't mean you can't own the machine with the admin pw.

Slarty

[extremez]

Slarty pretty much nailed. I would add c$ is the least of your concerns, having dcom and netbios/smb services available over the internet is the huge security risk. Much easier target then trying to brute force even a reasonbly obscure password.

[wassup]

Originally posted here by slarty
NOOO
you totally missed the point, idiot!

Having a blank admin password is the security risk.

NOT the default shares.

Having disabled default shares, admin users CAN STILL, REMOTELY, DO ANYTHING

Just because you can't access C$, doesn't mean you can't own the machine with the admin pw.

Slarty

no i didnt miss the point. i realize that the shares in itself are not a security risk. but combined with the null admin pass it is a security risk. hell a null admin pass in itself is NOT a security risk if the users cant do anything with it. as i said i cant add a pass because my dad wants functionality over security.