Security Basics mailing list archives

RE: About default sharing folders in Windows

From: "Doc Farmer" <doc.farmer () qatarbank com>
Date: Thu, 5 Jun 2003 09:22:04 +0300

I find those default shares to be extremely annoying, especially on my home PC where I've got a lot of extra disk space 
configured.  So I run a batch file at startup that whacks all of the shares - 
 
ShareKil.bat
net share C$ /delete
net share D$ /delete
...
net share Z$ /delete
net share IPC$ /delete
net share ADMIN$ /delete
 
Seems to work pretty well.  Hope that was helpful.
 
Doc Farmer
Senior Manager
Security and Business Continuity
Qatar National Bank
Doha, Qatar

        -----Original Message----- 
        From: Paris Stone [mailto:paris () ciscoinstructor com] 
        Sent: Thu 05/06/2003 01:00 
        To: dave; 'ParisStone'; 'stephen at unix dot za dot net' 
        Cc: security-basics () securityfocus com 
        Subject: RE: About default sharing folders in Windows
        
        

        Cut-n-Paste of my original post:
        ~snip~
        Can't delete Administrator or Guest.  RENAME & DISABLE THEM, then create dummy
        accounts with those two default names.
        ~end snip~
        Disabling is easy and definitely a preferred configuration option.  I've done it
        wherever a customer has let me.  Deleting, well 3rd party utilities from another
        poster, I've heard about too.  Never really looked into it seriously.  I was too
        chicken-stuff!
        
        dave (dave () netmedic net) wrote:
        >
        >Actually Paris you can in theory "disable" the default admin.  It just takes
        >a few tricks
        >
        >
        >
        >_____________________
        >Dave Kleiman
        >dave () netmedic net
        >www.netmedic.net
        >
        >
        >
        >
        >-----Original Message-----
        >From: Paris Stone [mailto:paris () ciscoinstructor com]
        >Sent: Wednesday, June 04, 2003 13:59
        >To: stephen at unix dot za dot net; dave
        >Cc: security-basics () securityfocus com
        >Subject: RE: About default sharing folders in Windows
        >
        >Can't delete Administrator or Guest.  Rename & Disable them, then create
        >dummy
        >accounts with those two default names.  All acl's are checked against the
        >SID's not
        >the actual name and the SID's won't change with a rename.  Therefore if you
        >can't
        >delete it and renaming it won't remove the assignments, you're hosed.  There
        >are
        >tools out there that will scan your filesystem for rights, can't remember
        >any just
        >now.  Audit the system and manually remove rights.
        >
        >stephen at unix dot za dot net (stephen () unix za net) wrote:
        >>
        >>
        >>how about deleting the admininistrator  account (killing that sid)
        >>recreating a new account, redoing the privileges for that account,
        >>and adding the new username to the administrator or appropriate group.
        >>
        >>then 'hack the registry'  :D
        >>
        >>then you should be left with a box with no default shares,
        >>administrator/guest default accounts are non-existant, and the new ones
        >>have new SIDs.
        >>
        >>that a possible solution?
        >>
        >>oh yeh,   this is my first post  :D
        >>
        >>
        >>stephen
        >>
        >>
        >>
        >>stephen () unix za net
        >>tel: (031) 207 4811
        >>
        >>
        >>
        >>On Tue, 3 Jun 2003, dave wrote:
        >>
        >>> It is best to "disable" the built in administrator account.
        >>>
        >>> Dave
        >>>
        >>>
        >>>
        >>> _____________________
        >>> Dave Kleiman
        >>> dave () netmedic net
        >>> www.netmedic.net
        >>>
        >>>
        >>>
        >>> -----Original Message-----
        >>> From: David Gillett [mailto:gillettdavid () fhda edu]
        >>> Sent: Monday, June 02, 2003 17:38
        >>> To: security-basics () securityfocus com
        >>> Subject: RE: About default sharing folders in Windows
        >>>
        >>> > I strongly suggest renaming the local Administrator and Guest account
        >>> > to something that is not easily guessed at.  In addition, you should
        >>> > probably create "dummy" accounts named "Administrator" and "Guest"
        >>> > that have no rights/no group memberships and are disabled.  Monitor
        >>> > the dummy accounts closely for log in attempts.
        >>>
        >>>   Note that there's no point to this unless you *also* disable the
        >ability
        >>> to enumerate accounts over a null connection.  The renamed Administrator
        >>> account will be trivial to spot by its ID otherwise.
        >>>
        >>> David Gillett
        >>>
        >>>
        >>>
        >>>
        >---------------------------------------------------------------------------
        >>>
        >----------------------------------------------------------------------------
        >>>
        >>>
        >>>
        >>>
        >>>
        >>>
        >---------------------------------------------------------------------------
        >>>
        >----------------------------------------------------------------------------
        >>>
        >>>
        >>
        >>
        >>---------------------------------------------------------------------------
        >>---------------------------------------------------------------------------
        >-
        >>
        >
        >--
        >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        >Paris Stone
        >CISSP, CCNP, CNE, MCSE
        >CIW Master Administrator / Security Analyst, NSA
        >http://www.ciscoinstructor.net/
        >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        >"The rich man is not the one with the most, but the one who needs the least"
        >
        >
        >
        >---------------------------------------------------------------------------
        >----------------------------------------------------------------------------
        >
        >
        >
        >
        >
        >---------------------------------------------------------------------------
        >----------------------------------------------------------------------------
        >
        >
        
        --
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Paris Stone
        CISSP, CCNP, CNE, MCSE
        CIW Master Administrator / Security Analyst, NSA
        http://www.ciscoinstructor.net/
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        "The rich man is not the one with the most, but the one who needs the least"
        
        
        
        ---------------------------------------------------------------------------
        ----------------------------------------------------------------------------

Current thread:

RE: About default sharing folders in Windows, (continued)
- - RE: About default sharing folders in Windows skyfront (Jun 04)
- Re: About default sharing folders in Windows Nicholas Diotte (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
  - Re: About default sharing folders in Windows Roger A. Grimes (Jun 04)
  - RE: About default sharing folders in Windows dave (Jun 04)
    - RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 05)
- RE: About default sharing folders in Windows Cosentino, Guilherme V. (Jun 04)
- RE: About default sharing folders in Windows Chris Berry (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
  - RE: About default sharing folders in Windows Raoul Armfield (Jun 05)
- RE: About default sharing folders in Windows Doc Farmer (Jun 05)