-
December 30th, 2003, 03:51 AM
#1
Member
why does win 2k insist on sharing C$ and D$?
i run a windows 2000 sp4 and full security updates box and i turn off the default shares of C$ and D$. then i check a while later and they are turned back on! this is a huge security risk. why does 2000 insist on reseting these? i've noticed this type of behavior wtih things such as msn messenger where it resets the avatar. the box is adware, spyware, trojan, virus free. i have also tried it on many computers.
-
December 30th, 2003, 04:44 AM
#2
These are called Administrative Shares... Here is some information on how to control/remove them...
http://support.microsoft.com/default...roduct=win2000
http://support.microsoft.com/default...roduct=win2000
Hope this helps.
Work... Some days it's just not worth chewing through the restraints...
-
December 30th, 2003, 05:12 AM
#3
Senior Member
one note to make is that the $ sign at the end of them make them not visiable through file sharing etc..
-
December 30th, 2003, 10:07 AM
#4
Also note that the C$ and D$ are only accessable by members of the administrators group so it's not the huge security risk you think it is. If your administrative shares are accessable by someone else you have bigger problems (ie somebody has administrative rights they're not supposed to).
Oliver's Law:
Experience is something you don't get until just after you need it.
-
December 30th, 2003, 10:59 AM
#5
Yes, The C$ shares are especially useful on Windows Domains, Because they allow Domain administrators to see the whole drive from any machine, whist denieing users who are not part of the admins group
-
December 30th, 2003, 12:38 PM
#6
Re: why does win 2k insist on sharing C$ and D$?
Originally posted here by wassup
[B]this is a huge security risk.
How, exactly, is having the default shares, a "huge" security risk? Excuse me if I'm being pedantic but:
1. They are only accessible to members of administrators group
2. Those members are capable of creating shares remotely anyway, including sharing any folder they want including C and D
3. Those members are basically capable of doing absolutely anything remotely, provided the server service is enabled.
why does 2000 insist on reseting these?
It's a policy setting, it may be set in the domain. But don't change it unless you understand.
i've noticed this type of behavior wtih things such as msn messenger where it resets the avatar.
Now you're being rediculous - MSN messenger resetting its avatar is clearly due to some bug in that program, and is totally unrelated to default shares being created.
Slarty
-
December 30th, 2003, 05:33 PM
#7
Member
well i found a quick way to fix it. and it can be a huge security risk if you have a blank admin password. yes i know this is stupid but this is for my home network and my dad wants functionality > security. i have found a quick .reg file that seems to have fix this.
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
"AutoShareWks"=dword:00000000
just put that into a file with the .reg extension and export it into the registry.
i know about the $ signs meaning a hidden share. but any slightly experienced hacker also knows about these.
also i didnt find a way to control it in local security policy.
-
December 31st, 2003, 01:39 AM
#8
Originally posted here by wassup
well i found a quick way to fix it. and it can be a huge security risk if you have a blank admin password.
NOOO
you totally missed the point, idiot!
Having a blank admin password is the security risk.
NOT the default shares.
Having disabled default shares, admin users CAN STILL, REMOTELY, DO ANYTHING
Just because you can't access C$, doesn't mean you can't own the machine with the admin pw.
Slarty
-
December 31st, 2003, 02:27 AM
#9
Member
Slarty pretty much nailed. I would add c$ is the least of your concerns, having dcom and netbios/smb services available over the internet is the huge security risk. Much easier target then trying to brute force even a reasonbly obscure password.
[gloworange]
find /home/$newbie -name *? | www.google.com 2>/dev/null
[/gloworange]
-
December 31st, 2003, 06:40 PM
#10
Member
Originally posted here by slarty
NOOO
you totally missed the point, idiot!
Having a blank admin password is the security risk.
NOT the default shares.
Having disabled default shares, admin users CAN STILL, REMOTELY, DO ANYTHING
Just because you can't access C$, doesn't mean you can't own the machine with the admin pw.
Slarty
no i didnt miss the point. i realize that the shares in itself are not a security risk. but combined with the null admin pass it is a security risk. hell a null admin pass in itself is NOT a security risk if the users cant do anything with it. as i said i cant add a pass because my dad wants functionality over security.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|