March 10th, 2004 05:46 PM
Windows 2000 Hidden Share~!!!
In Windows 2000, there is always a hidden share $ for all the drive, IPC$, Admin$ & etc....
I had try to un-share it by "Stop sharing" in computer management. but it come back after i reboot~~ i found a article about adding a registry for "AutoShare" to 0 will stop the sharing...
and i think that value key only apply to Windows 2000 Professional, but not Server /Adv. Serv.
I also try to physically remove all the share in each drive, as well as remove $ in the drive letter... but still share out after reboot~~
That so-called "sharing for administrative purpose" bring me tons of trouble~~ anyone had any idea how can i permanently stop this auto-sharing? not for the admin$ or IPC$... but at lease the drive (C$, D$...)
This is my first post, hope can get a helping hand from friends over here.... thankz a lot~
March 10th, 2004 07:39 PM
This may be more drastic than you are looking for but if you stop and disable the server service these shares will go away. If you do this, please test thuroughly, it will break a LOT of stuff.
March 10th, 2004 08:07 PM
Her is a more delicate way of fixing the problem. Please note that there is a different reg hack for Server and Workstation/Professional versions.
This article should help you.
It says that this works for WinNT, Win2K Server and Windows Server 2003.
These are good ones too:
If this computer is part of a cluster I think you have to be on SP4 to get rid of the admin shares.
March 10th, 2004 09:00 PM
There is a policy setting to disable administrative shares on NT4 and above.
However, there's little security benefit (None, IMHO) in disabling them, as someone with remote admin access can just create their own shares anyway.
Also, the admin shares have hard-coded ACLs to only allow the Administrators group access.
March 11th, 2004 02:01 PM
This topic was allready been discuted. Hidden Share are only accessible to Administrator. Their no security breach here. Disabling them will probably do more harm that good. I know some of my backup don't work unless the C$ hidden share is available. The best thing to do is to created another share name "blablaC$" and give hard permission and to remove the C$ share.
March 11th, 2004 02:26 PM
It is a setting. Besides, you should check elsewhere before resorting to messing with the registry, it could have unpleasent consequences.
March 12th, 2004 01:02 AM
re: hidden shares
What? Only a admin can connect to hidden shares? That's completely incorrect advice...the only restrictions on any share are the share permissions and ntfs permissions. any account which is granted permissions can access the share, hidden or not.
and don't think hidden shares aren't discoverable; trust me, they are discoverable and there are several enumuration tools that automate the process. The 'enum' resource kit utility is just one of them.
The easiest method is to perform the registry tweaks. They're simple and easy as long as you follow the MS Q article. You don't loose any functionality from it like you would if you disabled the 'server' service but you increase your security. That's a rare exchange indeed.
Ego is the great Logic killer
March 12th, 2004 02:12 AM
For your information :
In command line you can remove them on the fly doing a net share <sharename> /delete.
By GUI, you could use Group Policy Editor to remove them. Since NT4 i've deleted them on any desktop/home computer, call me paranoid but what you expect with xploitable system like NT.
On the Microsoft website, you could download the Baseline security tool, to find *more* hidden features.
1 line FAQ writing \"Don\'t do that, than!\"...
March 12th, 2004 07:30 AM
Thankz a lot for da advice~ found quite helpful~
March 12th, 2004 01:53 PM
hey man just listen to me and im only going to say this once make a batch file and place it inside you strartup menu.... you caqn make by using text document the cmd line is
save as a .bat file then put in your your startup folder your weclome