Security Basics mailing list archives

RE: About default sharing folders in Windows

From: "Cosentino, Guilherme V." <Guilherme.Cosentino () alcoa com br>
Date: Wed, 4 Jun 2003 16:41:00 -0300

Correct me if I'm wrong, but as I know, you can't delete the built in
accounts on W2k. 
Thus, the best way to improve security is renaming those accounts and
creating dummy ones. 

Guilherme 


-----Original Message-----
From: stephen at unix dot za dot net [mailto:stephen () unix za net] 
Sent: Wednesday, 4 de June de 2003 6:24 AM
To: dave
Cc: security-basics () securityfocus com
Subject: RE: About default sharing folders in Windows



how about deleting the admininistrator  account (killing that sid)
recreating a new account, redoing the privileges for that account, and
adding the new username to the administrator or appropriate group.

then 'hack the registry'  :D

then you should be left with a box with no default shares,
administrator/guest default accounts are non-existant, and the new ones have
new SIDs.

that a possible solution?

oh yeh,   this is my first post  :D


stephen


--
Success On Hold
(www.soh.co.za)

stephen () unix za net
tel: (031) 207 4811



On Tue, 3 Jun 2003, dave wrote:

It is best to "disable" the built in administrator account.

Dave



_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net



-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu]
Sent: Monday, June 02, 2003 17:38
To: security-basics () securityfocus com
Subject: RE: About default sharing folders in Windows

I strongly suggest renaming the local Administrator and Guest 
account to something that is not easily guessed at.  In addition, 
you should probably create "dummy" accounts named "Administrator" 
and "Guest" that have no rights/no group memberships and are 
disabled.  Monitor the dummy accounts closely for log in attempts.


  Note that there's no point to this unless you *also* disable the 
ability to enumerate accounts over a null connection.  The renamed 
Administrator account will be trivial to spot by its ID otherwise.

David Gillett



----------------------------------------------------------------------
-----

----------------------------------------------------------------------------






----------------------------------------------------------------------
-----

----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

RE: About default sharing folders in Windows, (continued)
- RE: About default sharing folders in Windows dave (Jun 03)
- RE: About default sharing folders in Windows dschaible (Jun 03)
- Message not available
  - Re[2]: About default sharing folders in Windows vh (Jun 03)
- Re: About default sharing folders in Windows Michelle Mueller (Jun 03)
  - RE: About default sharing folders in Windows skyfront (Jun 04)
- Re: About default sharing folders in Windows Nicholas Diotte (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
  - Re: About default sharing folders in Windows Roger A. Grimes (Jun 04)
  - RE: About default sharing folders in Windows dave (Jun 04)
    - RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 05)
- RE: About default sharing folders in Windows Cosentino, Guilherme V. (Jun 04)
- RE: About default sharing folders in Windows Chris Berry (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
  - RE: About default sharing folders in Windows Raoul Armfield (Jun 05)
- RE: About default sharing folders in Windows Doc Farmer (Jun 05)