Security Basics mailing list archives
Re: About default sharing folders in Windows
From: Nicholas Diotte <xphox () xphox net>
Date: 3 Jun 2003 17:10:48 -0000
In-Reply-To: <a05200f0abb00476b132f@[10.10.10.2]> Forgive my ignorance, but why is it so important to remove the default shares? Would this not hinder your manage abilities for all your desktops? For instance, the Domain Administers would no longer be able to simply type \\computername\c$ to access the drive. If the accounts are renamed, and password are strong, how is this still a security issue? Would it still be recommended for LANs/WANs to disable these shares, or just simply if it's a world routable IP? What are the disadvantages of disabeling these shares, and NULL logins? I'm about to impliment 100 WindowsXP workstations, and any security tweaks are very much appreciated. Please note however they are in different locations across a WAN, and will eventually have Active Directory with W2003, and SMS. So I don't want to run into problems because I disable these shares that might be needed in the future.
<SNIP> I believe there might be a way in the registry to remove the administrative shares altogether, but whether there is or isn't you need to make sure you have strong passwords for the administrator account and you should assign a strong password to the Guest account even if you keep the account disabled.</SNIP> I strongly suggest renaming the local Administrator and Guest account to something that is not easily guessed at. In addition, you should probably create "dummy" accounts named "Administrator" and "Guest" that have no rights/no group memberships and are disabled. Monitor the dummy accounts closely for log in attempts. If you machines are going to be exposed to the Internet, you will have to hack the registry to remove the all the default shares. Technet has several fine articles on this. -- Thanks, Ms. Jimi Thompson, CISSP, Rev. "Those who are too smart to engage in politics are punished by being governed by those who are dumber." --Plato
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: About default sharing folders in Windows Jimi Thompson (Jun 02)
- RE: About default sharing folders in Windows David Gillett (Jun 02)
- RE: About default sharing folders in Windows dave (Jun 03)
- RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 04)
- RE: About default sharing folders in Windows dave (Jun 03)
- Re: About default sharing folders in Windows Mark Kockerbeck (Jun 03)
- RE: About default sharing folders in Windows dave (Jun 03)
- RE: About default sharing folders in Windows dschaible (Jun 03)
- Message not available
- Re[2]: About default sharing folders in Windows vh (Jun 03)
- RE: About default sharing folders in Windows David Gillett (Jun 02)
- Re: About default sharing folders in Windows Michelle Mueller (Jun 03)
- RE: About default sharing folders in Windows skyfront (Jun 04)
- <Possible follow-ups>
- Re: About default sharing folders in Windows Nicholas Diotte (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
- Re: About default sharing folders in Windows Roger A. Grimes (Jun 04)
- RE: About default sharing folders in Windows dave (Jun 04)
- RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 05)
- RE: About default sharing folders in Windows Cosentino, Guilherme V. (Jun 04)
- RE: About default sharing folders in Windows Chris Berry (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
- RE: About default sharing folders in Windows Raoul Armfield (Jun 05)
- RE: About default sharing folders in Windows Doc Farmer (Jun 05)