Windows 2000 Hidden Share~!!!

[Angusky]

In Windows 2000, there is always a hidden share $ for all the drive, IPC$, Admin$ & etc....

I had try to un-share it by "Stop sharing" in computer management. but it come back after i reboot~~ i found a article about adding a registry for "AutoShare" to 0 will stop the sharing...
and i think that value key only apply to Windows 2000 Professional, but not Server /Adv. Serv.

I also try to physically remove all the share in each drive, as well as remove $ in the drive letter... but still share out after reboot~~

That so-called "sharing for administrative purpose" bring me tons of trouble~~ anyone had any idea how can i permanently stop this auto-sharing? not for the admin$ or IPC$... but at lease the drive (C$, D$...)

This is my first post, hope can get a helping hand from friends over here.... thankz a lot~

[Draco980172]

This may be more drastic than you are looking for but if you stop and disable the server service these shares will go away. If you do this, please test thuroughly, it will break a LOT of stuff.

[Draco980172]

Her is a more delicate way of fixing the problem. Please note that there is a different reg hack for Server and Workstation/Professional versions.

This article should help you.
http://support.microsoft.com/default...314984&sd=tech

It says that this works for WinNT, Win2K Server and Windows Server 2003.

These are good ones too:
http://is-it-true.org/nt/atips/atips2.shtml
http://www.petri.co.il/disable_admin...ive_shares.htm

If this computer is part of a cluster I think you have to be on SP4 to get rid of the admin shares.

[slarty]

There is a policy setting to disable administrative shares on NT4 and above.

However, there's little security benefit (None, IMHO) in disabling them, as someone with remote admin access can just create their own shares anyway.

Also, the admin shares have hard-coded ACLs to only allow the Administrators group access.

Slarty

[SDK]

This topic was allready been discuted. Hidden Share are only accessible to Administrator. Their no security breach here. Disabling them will probably do more harm that good. I know some of my backup don't work unless the C$ hidden share is available. The best thing to do is to created another share name "blablaC$" and give hard permission and to remove the C$ share.

[silver-bullets]

It is a setting. Besides, you should check elsewhere before resorting to messing with the registry, it could have unpleasent consequences.

-Cheers-

[lessthanzero]

SDK -

What? Only a admin can connect to hidden shares? That's completely incorrect advice...the only restrictions on any share are the share permissions and ntfs permissions. any account which is granted permissions can access the share, hidden or not.

and don't think hidden shares aren't discoverable; trust me, they are discoverable and there are several enumuration tools that automate the process. The 'enum' resource kit utility is just one of them.

Angusky -

The easiest method is to perform the registry tweaks. They're simple and easy as long as you follow the MS Q article. You don't loose any functionality from it like you would if you disabled the 'server' service but you increase your security. That's a rare exchange indeed.

Cheers,
<0

[Shamunkwarrior]

For your information :

In command line you can remove them on the fly doing a net share <sharename> /delete.
By GUI, you could use Group Policy Editor to remove them. Since NT4 i've deleted them on any desktop/home computer, call me paranoid but what you expect with xploitable system like NT.

On the Microsoft website, you could download the Baseline security tool, to find *more* hidden features.

[Angusky]

Thankz a lot for da advice~ found quite helpful~

[vengettidakon]

hey man just listen to me and im only going to say this once make a batch file and place it inside you strartup menu.... you caqn make by using text document the cmd line is

[drive]$ /del

ex.
c$ /del
ipc$ /del
admin$ /del

etc.

save as a .bat file then put in your your startup folder your weclome