Windows 2000 Hidden Share~!!!
Results 1 to 10 of 10

Thread: Windows 2000 Hidden Share~!!!

  1. #1
    Banned
    Join Date
    Mar 2004
    Posts
    20

    Question Windows 2000 Hidden Share~!!!

    In Windows 2000, there is always a hidden share $ for all the drive, IPC$, Admin$ & etc....

    I had try to un-share it by "Stop sharing" in computer management. but it come back after i reboot~~ i found a article about adding a registry for "AutoShare" to 0 will stop the sharing...
    and i think that value key only apply to Windows 2000 Professional, but not Server /Adv. Serv.

    I also try to physically remove all the share in each drive, as well as remove $ in the drive letter... but still share out after reboot~~

    That so-called "sharing for administrative purpose" bring me tons of trouble~~ anyone had any idea how can i permanently stop this auto-sharing? not for the admin$ or IPC$... but at lease the drive (C$, D$...)

    This is my first post, hope can get a helping hand from friends over here.... thankz a lot~

  2. #2
    Junior Member
    Join Date
    Sep 2003
    Posts
    21
    This may be more drastic than you are looking for but if you stop and disable the server service these shares will go away. If you do this, please test thuroughly, it will break a LOT of stuff.

  3. #3
    Junior Member
    Join Date
    Sep 2003
    Posts
    21
    Her is a more delicate way of fixing the problem. Please note that there is a different reg hack for Server and Workstation/Professional versions.

    This article should help you.
    http://support.microsoft.com/default...314984&sd=tech

    It says that this works for WinNT, Win2K Server and Windows Server 2003.

    These are good ones too:
    http://is-it-true.org/nt/atips/atips2.shtml
    http://www.petri.co.il/disable_admin...ive_shares.htm

    If this computer is part of a cluster I think you have to be on SP4 to get rid of the admin shares.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    There is a policy setting to disable administrative shares on NT4 and above.

    However, there's little security benefit (None, IMHO) in disabling them, as someone with remote admin access can just create their own shares anyway.

    Also, the admin shares have hard-coded ACLs to only allow the Administrators group access.

    Slarty

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    This topic was allready been discuted. Hidden Share are only accessible to Administrator. Their no security breach here. Disabling them will probably do more harm that good. I know some of my backup don't work unless the C$ hidden share is available. The best thing to do is to created another share name "blablaC$" and give hard permission and to remove the C$ share.
    -Simon \"SDK\"

  6. #6
    Banned
    Join Date
    Feb 2004
    Posts
    94
    It is a setting. Besides, you should check elsewhere before resorting to messing with the registry, it could have unpleasent consequences.

    -Cheers-

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    re: hidden shares

    SDK -

    What? Only a admin can connect to hidden shares? That's completely incorrect advice...the only restrictions on any share are the share permissions and ntfs permissions. any account which is granted permissions can access the share, hidden or not.

    and don't think hidden shares aren't discoverable; trust me, they are discoverable and there are several enumuration tools that automate the process. The 'enum' resource kit utility is just one of them.

    Angusky -

    The easiest method is to perform the registry tweaks. They're simple and easy as long as you follow the MS Q article. You don't loose any functionality from it like you would if you disabled the 'server' service but you increase your security. That's a rare exchange indeed.

    Cheers,
    <0
    Ego is the great Logic killer

  8. #8
    For your information :

    In command line you can remove them on the fly doing a net share <sharename> /delete.
    By GUI, you could use Group Policy Editor to remove them. Since NT4 i've deleted them on any desktop/home computer, call me paranoid but what you expect with xploitable system like NT.

    On the Microsoft website, you could download the Baseline security tool, to find *more* hidden features.
    ---

    1 line FAQ writing \"Don\'t do that, than!\"...
    [gloworange]Shaolin Munkwarrior[/gloworange]

  9. #9
    Banned
    Join Date
    Mar 2004
    Posts
    20
    Thankz a lot for da advice~ found quite helpful~

  10. #10
    Junior Member
    Join Date
    Mar 2004
    Posts
    1
    hey man just listen to me and im only going to say this once make a batch file and place it inside you strartup menu.... you caqn make by using text document the cmd line is

    [drive]$ /del

    ex.
    c$ /del
    ipc$ /del
    admin$ /del

    etc.

    save as a .bat file then put in your your startup folder your weclome
    <img src=\"signatur.bmp\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides