Security Basics mailing list archives

RE: About default sharing folders in Windows

From: "Paris Stone" <paris () ciscoinstructor com>
Date: Wed, 04 Jun 2003 22:00:44 +0000

Cut-n-Paste of my original post:
~snip~
Can't delete Administrator or Guest.  RENAME & DISABLE THEM, then create dummy
accounts with those two default names.
~end snip~
Disabling is easy and definitely a preferred configuration option.  I've done it
wherever a customer has let me.  Deleting, well 3rd party utilities from another
poster, I've heard about too.  Never really looked into it seriously.  I was too
chicken-stuff!

dave (dave () netmedic net) wrote:


Actually Paris you can in theory "disable" the default admin.  It just takes
a few tricks



_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net




-----Original Message-----
From: Paris Stone [mailto:paris () ciscoinstructor com]
Sent: Wednesday, June 04, 2003 13:59
To: stephen at unix dot za dot net; dave
Cc: security-basics () securityfocus com
Subject: RE: About default sharing folders in Windows

Can't delete Administrator or Guest.  Rename & Disable them, then create
dummy
accounts with those two default names.  All acl's are checked against the
SID's not
the actual name and the SID's won't change with a rename.  Therefore if you
can't
delete it and renaming it won't remove the assignments, you're hosed.  There
are
tools out there that will scan your filesystem for rights, can't remember
any just
now.  Audit the system and manually remove rights.

stephen at unix dot za dot net (stephen () unix za net) wrote:



how about deleting the admininistrator  account (killing that sid)
recreating a new account, redoing the privileges for that account,
and adding the new username to the administrator or appropriate group.

then 'hack the registry'  :D

then you should be left with a box with no default shares,
administrator/guest default accounts are non-existant, and the new ones
have new SIDs.

that a possible solution?

oh yeh,   this is my first post  :D


stephen



stephen () unix za net
tel: (031) 207 4811



On Tue, 3 Jun 2003, dave wrote:

It is best to "disable" the built in administrator account.

Dave



_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net



-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu]
Sent: Monday, June 02, 2003 17:38
To: security-basics () securityfocus com
Subject: RE: About default sharing folders in Windows

I strongly suggest renaming the local Administrator and Guest account
to something that is not easily guessed at.  In addition, you should
probably create "dummy" accounts named "Administrator" and "Guest"
that have no rights/no group memberships and are disabled.  Monitor
the dummy accounts closely for log in attempts.


  Note that there's no point to this unless you *also* disable the

ability

to enumerate accounts over a null connection.  The renamed Administrator
account will be trivial to spot by its ID otherwise.

David Gillett

---------------------------------------------------------------------------

----------------------------------------------------------------------------

---------------------------------------------------------------------------

----------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paris Stone
CISSP, CCNP, CNE, MCSE
CIW Master Administrator / Security Analyst, NSA
http://www.ciscoinstructor.net/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The rich man is not the one with the most, but the one who needs the least"



---------------------------------------------------------------------------
----------------------------------------------------------------------------





---------------------------------------------------------------------------
----------------------------------------------------------------------------


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paris Stone
CISSP, CCNP, CNE, MCSE
CIW Master Administrator / Security Analyst, NSA
http://www.ciscoinstructor.net/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The rich man is not the one with the most, but the one who needs the least"



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re[2]: About default sharing folders in Windows, (continued)
- - Message not available
    - Re[2]: About default sharing folders in Windows vh (Jun 03)
- Re: About default sharing folders in Windows Michelle Mueller (Jun 03)
  - RE: About default sharing folders in Windows skyfront (Jun 04)
- Re: About default sharing folders in Windows Nicholas Diotte (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
  - Re: About default sharing folders in Windows Roger A. Grimes (Jun 04)
  - RE: About default sharing folders in Windows dave (Jun 04)
    - RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 05)
- RE: About default sharing folders in Windows Cosentino, Guilherme V. (Jun 04)
- RE: About default sharing folders in Windows Chris Berry (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
  - RE: About default sharing folders in Windows Raoul Armfield (Jun 05)
- RE: About default sharing folders in Windows Doc Farmer (Jun 05)