Security Basics mailing list archives
Re: About default sharing folders in Windows
From: "Roger A. Grimes" <rogerg () cox net>
Date: Wed, 4 Jun 2003 14:39:23 -0400
FYI, you can delete the administrator account with a free third party utility. I forget its name off the top of my head, but it's discussed in Hacking Exposed Windows 2000. Of course, I've never been brave enough to try it in a production environment. Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: rogerg () cox net *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode **************************************************************************** ****** ----- Original Message ----- From: "Paris Stone" <paris () ciscoinstructor com> To: "stephen at unix dot za dot net" <stephen () unix za net>; "dave" <dave () netmedic net> Cc: <security-basics () securityfocus com> Sent: Wednesday, June 04, 2003 1:59 PM Subject: RE: About default sharing folders in Windows
Can't delete Administrator or Guest. Rename & Disable them, then create
dummy
accounts with those two default names. All acl's are checked against the
SID's not
the actual name and the SID's won't change with a rename. Therefore if
you can't
delete it and renaming it won't remove the assignments, you're hosed.
There are
tools out there that will scan your filesystem for rights, can't remember
any just
now. Audit the system and manually remove rights. stephen at unix dot za dot net (stephen () unix za net) wrote:how about deleting the admininistrator account (killing that sid) recreating a new account, redoing the privileges for that account, and adding the new username to the administrator or appropriate group. then 'hack the registry' :D then you should be left with a box with no default shares, administrator/guest default accounts are non-existant, and the new ones have new SIDs. that a possible solution? oh yeh, this is my first post :D stephen stephen () unix za net tel: (031) 207 4811 On Tue, 3 Jun 2003, dave wrote:It is best to "disable" the built in administrator account. Dave _____________________ Dave Kleiman dave () netmedic net www.netmedic.net -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Monday, June 02, 2003 17:38 To: security-basics () securityfocus com Subject: RE: About default sharing folders in WindowsI strongly suggest renaming the local Administrator and Guest account to something that is not easily guessed at. In addition, you should probably create "dummy" accounts named "Administrator" and "Guest" that have no rights/no group memberships and are disabled. Monitor the dummy accounts closely for log in attempts.Note that there's no point to this unless you *also* disable the
ability
to enumerate accounts over a null connection. The renamed
Administrator
account will be trivial to spot by its ID otherwise. David Gillett-------------------------------------------------------------------------
--
-------------------------------------------------------------------------
---
-------------------------------------------------------------------------
--
-------------------------------------------------------------------------
---
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
-
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paris Stone CISSP, CCNP, CNE, MCSE CIW Master Administrator / Security Analyst, NSA http://www.ciscoinstructor.net/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "The rich man is not the one with the most, but the one who needs the
least"
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: About default sharing folders in Windows, (continued)
- RE: About default sharing folders in Windows dave (Jun 03)
- RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 04)
- RE: About default sharing folders in Windows dave (Jun 03)
- Re: About default sharing folders in Windows Mark Kockerbeck (Jun 03)
- RE: About default sharing folders in Windows dave (Jun 03)
- RE: About default sharing folders in Windows dschaible (Jun 03)
- Message not available
- Re[2]: About default sharing folders in Windows vh (Jun 03)
- Re: About default sharing folders in Windows Michelle Mueller (Jun 03)
- RE: About default sharing folders in Windows skyfront (Jun 04)
- Re: About default sharing folders in Windows Nicholas Diotte (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
- Re: About default sharing folders in Windows Roger A. Grimes (Jun 04)
- RE: About default sharing folders in Windows dave (Jun 04)
- RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 05)
- RE: About default sharing folders in Windows Cosentino, Guilherme V. (Jun 04)
- RE: About default sharing folders in Windows Chris Berry (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
- RE: About default sharing folders in Windows Raoul Armfield (Jun 05)
- RE: About default sharing folders in Windows Doc Farmer (Jun 05)