RE: XP admin shares

["Mike Cole" <ColeM () ohca state ok us>]

Leon,

What you can do is Secure the built-in accounts (which constitute much
greater than average targets of attack) by going to the Control Panel,
Administrative Tools, Computer Management, System Tools, Local Users and
Groups, then Users: 

- Rename the default Administrator account to a nonconspicuous name,
change the account description to "User account," and enter a very long
(up to 104 characters) and as difficult-to-guess a password as possible.
Record the password on the piece of paper that you place in an extremely
secure location, e.g., in your wallet or purse. Do not share this
password with anyone else and do not leave the slip of paper on which
the password is written where anyone else might see it. Use the built-in
Administrator account, which in Windows XP (as in Windows 2000) does not
lock after excessive bad logon attempts, only for emergency access. 

- Create one additional account that is a member of the Administrators
group for yourself and another for each person who needs to administer
your system. Create an unprivileged account for each Administrator,
also. Use the unprivileged account when you are engaged in normal
activities such as web surfing, obtaining ftp access, and downloading
mail. Use the privileged account only when you are performing system
administration tasks. 

- Create a new, unprivileged account named "Administrator," a decoy
account designed to deflect attacks designed to give unauthorized access
to the Administrator account. Ensure that this account is in only the
Guest group. Enter the description of "Built-in account for
administering the system" (even though this is not true). Inspect your
Event Logs often to determine whether people are trying to logon to this
account.


Michael

|-----Original Message-----
|From: Leon Pholi [mailto:L.Pholi () secureinteractive com]
|Sent: Sunday, December 08, 2002 6:28 PM
|To: security-basics () securityfocus com
|Subject: XP admin shares
|
|Hi everyone,
|
|Just a quick one, does anyone know how to stop the default
administrative
|file shares in Win XP (professional edition)? One would think this
would be
|a standard part of locking down a box, but can't find much on it for
XP.
|
|You can do it through Computer Management but they'll be re-enabled at
|reboot, and the Win2k key of
|HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShar
eWks
|doesn't seem to exist. Any ideas?
|
|Thanks,
|Leon
Disclaimer - 12/09/2002, 13:38:08
This message contains confidential information and is intended only for security-basics () securityfocus com. If you 
are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail 
transmission cannot be guaranteed to be secured or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors 
or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is 
required please request a hard-copy version.