Access to Local Administrator account

[Clyde Hoadley <hoadleyc () MSCD EDU>]

I am not a Windows Administrator so forgive me if I am asking
some 'newbe' questions.  I need some input from some people who are
more knowledgeable than I regarding the Windows C$ and D$
administrative shares and the MS Terminal Services.

We clone a standard XP image when we deploy a new computer.
We have quite a few people who know the password for the Local
Administrator account.  Some of these people are full time IT
employees and some of them are part time Work Study students
(past and present).

My questions are:

Are the C$ and D$ administrative shares truly needed for proper
operation of the PC?  Or, are they only created 'in case' someone
wants to access files remotely?  Is it possible for someone who
knows the Local Administrator password to browse the files on
someone else's PC by way of the C$ and D$ file shares?

With Terminal Services installed and automatically started on the
XP standard image, is it possible for someone who knows the
Local Administrator password to connect to another PC via
Terminal Services?  What would the user see on their PC?

I think we have too many people who know the Local Administrator
password and, I think the way we have our PC's configured, there
are too many ways that someone with the password can access the
computers remotely.

Am I 'full of it' or do I have a valid concern?

How are others addressing these issues?

--
Clyde Hoadley
Metropolitan State College of Denver
hoadleyc () mscd edu

(303) 556-5074

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.