Re: About default sharing folders in Windows

[Michelle Mueller <muellerm () mtmary edu>]

You can remove administrative shares on a workstation by setting this key:

HKLM\System\ 
CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks 
(REG_DWORD) 0

This information comes from http://www.cisecurity.org/  If you install 
their security benchmarking tool, a .pdf file is included with all of 
the registry key settings needed to secure a workstation.  I imagine you 
can get this .pdf is somewhere on the site but I haven't looked for it. 
The benchmarking tool also includes security admin templates for 
workstations and group policies.  Use the tool.  If you haven't taken 
any steps to secure your computers you'll be shocked at the results.



Jimi Thompson wrote:

> > <SNIP>
> >
> > I believe there might be a way in the registry to remove the
> > administrative shares altogether, but whether there is or isn't you need
> > to make sure you have strong passwords for the administrator account and
> > you should assign a strong password to the Guest account even if you
> > keep the account disabled.
>
> </SNIP>
>
> I strongly suggest renaming the local Administrator and Guest account 
> to something that is not easily guessed at.  In addition, you should 
> probably create "dummy" accounts named "Administrator" and "Guest" 
> that have no rights/no group memberships and are disabled.  Monitor 
> the dummy accounts closely for log in attempts.
>
> If you machines are going to be exposed to the Internet, you will have 
> to hack the registry to remove the all the default shares. Technet has 
> several fine articles on this.




---------------------------------------------------------------------------
----------------------------------------------------------------------------