Security Basics mailing list archives
Re: About default sharing folders in Windows
From: Michelle Mueller <muellerm () mtmary edu>
Date: Tue, 03 Jun 2003 10:08:03 -0500
You can remove administrative shares on a workstation by setting this key:HKLM\System\ CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks (REG_DWORD) 0
This information comes from http://www.cisecurity.org/ If you install their security benchmarking tool, a .pdf file is included with all of the registry key settings needed to secure a workstation. I imagine you can get this .pdf is somewhere on the site but I haven't looked for it. The benchmarking tool also includes security admin templates for workstations and group policies. Use the tool. If you haven't taken any steps to secure your computers you'll be shocked at the results.
Jimi Thompson wrote:
<SNIP> I believe there might be a way in the registry to remove the administrative shares altogether, but whether there is or isn't you need to make sure you have strong passwords for the administrator account and you should assign a strong password to the Guest account even if you keep the account disabled.</SNIP>I strongly suggest renaming the local Administrator and Guest account to something that is not easily guessed at. In addition, you should probably create "dummy" accounts named "Administrator" and "Guest" that have no rights/no group memberships and are disabled. Monitor the dummy accounts closely for log in attempts.If you machines are going to be exposed to the Internet, you will have to hack the registry to remove the all the default shares. Technet has several fine articles on this.
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: About default sharing folders in Windows Jimi Thompson (Jun 02)
- RE: About default sharing folders in Windows David Gillett (Jun 02)
- RE: About default sharing folders in Windows dave (Jun 03)
- RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 04)
- RE: About default sharing folders in Windows dave (Jun 03)
- Re: About default sharing folders in Windows Mark Kockerbeck (Jun 03)
- RE: About default sharing folders in Windows dave (Jun 03)
- RE: About default sharing folders in Windows dschaible (Jun 03)
- Message not available
- Re[2]: About default sharing folders in Windows vh (Jun 03)
- RE: About default sharing folders in Windows David Gillett (Jun 02)
- Re: About default sharing folders in Windows Michelle Mueller (Jun 03)
- RE: About default sharing folders in Windows skyfront (Jun 04)
- <Possible follow-ups>
- Re: About default sharing folders in Windows Nicholas Diotte (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
- Re: About default sharing folders in Windows Roger A. Grimes (Jun 04)
- RE: About default sharing folders in Windows dave (Jun 04)
- RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 05)
- RE: About default sharing folders in Windows Cosentino, Guilherme V. (Jun 04)
- RE: About default sharing folders in Windows Chris Berry (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
- RE: About default sharing folders in Windows Raoul Armfield (Jun 05)