Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: About default sharing folders in Windows

From: "dave" <dave () netmedic net>
Date: Wed, 4 Jun 2003 16:48:02 -0400
Actually Paris you can in theory "disable" the default admin.  It just takes
a few tricks


 
_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net

 


-----Original Message-----
From: Paris Stone [mailto:paris () ciscoinstructor com] 
Sent: Wednesday, June 04, 2003 13:59
To: stephen at unix dot za dot net; dave
Cc: security-basics () securityfocus com
Subject: RE: About default sharing folders in Windows

Can't delete Administrator or Guest.  Rename & Disable them, then create
dummy
accounts with those two default names.  All acl's are checked against the
SID's not
the actual name and the SID's won't change with a rename.  Therefore if you
can't
delete it and renaming it won't remove the assignments, you're hosed.  There
are
tools out there that will scan your filesystem for rights, can't remember
any just
now.  Audit the system and manually remove rights.

stephen at unix dot za dot net (stephen () unix za net) wrote:



how about deleting the admininistrator  account (killing that sid)
recreating a new account, redoing the privileges for that account,
and adding the new username to the administrator or appropriate group.

then 'hack the registry'  :D

then you should be left with a box with no default shares,
administrator/guest default accounts are non-existant, and the new ones
have new SIDs.

that a possible solution?

oh yeh,   this is my first post  :D


stephen



stephen () unix za net
tel: (031) 207 4811



On Tue, 3 Jun 2003, dave wrote:


It is best to "disable" the built in administrator account.

Dave



_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net



-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu]
Sent: Monday, June 02, 2003 17:38
To: security-basics () securityfocus com
Subject: RE: About default sharing folders in Windows


I strongly suggest renaming the local Administrator and Guest account
to something that is not easily guessed at.  In addition, you should
probably create "dummy" accounts named "Administrator" and "Guest"
that have no rights/no group memberships and are disabled.  Monitor
the dummy accounts closely for log in attempts.


  Note that there's no point to this unless you *also* disable the

ability

to enumerate accounts over a null connection.  The renamed Administrator
account will be trivial to spot by its ID otherwise.

David Gillett





---------------------------------------------------------------------------



----------------------------------------------------------------------------








---------------------------------------------------------------------------



----------------------------------------------------------------------------






---------------------------------------------------------------------------
---------------------------------------------------------------------------

-




--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paris Stone
CISSP, CCNP, CNE, MCSE
CIW Master Administrator / Security Analyst, NSA
http://www.ciscoinstructor.net/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The rich man is not the one with the most, but the one who needs the least"



---------------------------------------------------------------------------
----------------------------------------------------------------------------





---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: