Educause Security Discussion mailing list archives
Re: Access to Local Administrator account
From: Jon Mitchiner <jon.mitchiner () GALLAUDET EDU>
Date: Wed, 6 Oct 2004 14:17:47 -0400
Clyde, At Gallaudet we have File and Print sharing service feature turned off. This is also disabled via the group policy, as well as the local security policy on each PC. There is probably no real reason for people to share files, printers, etc from their personal computers. No, C$ and D$ are not needed for proper operation. What we tell people if they want to share printers then get a LPT (or USB) to Ethernet convertor (usually around $50) and put the printer on the network. If they want to have files accessible on the network then they can utilize the users network drive. Jon Mitchiner Gallaudet University Clyde Hoadley wrote:
I am not a Windows Administrator so forgive me if I am asking some 'newbe' questions. I need some input from some people who are more knowledgeable than I regarding the Windows C$ and D$ administrative shares and the MS Terminal Services. We clone a standard XP image when we deploy a new computer. We have quite a few people who know the password for the Local Administrator account. Some of these people are full time IT employees and some of them are part time Work Study students (past and present). My questions are: Are the C$ and D$ administrative shares truly needed for proper operation of the PC? Or, are they only created 'in case' someone wants to access files remotely? Is it possible for someone who knows the Local Administrator password to browse the files on someone else's PC by way of the C$ and D$ file shares? With Terminal Services installed and automatically started on the XP standard image, is it possible for someone who knows the Local Administrator password to connect to another PC via Terminal Services? What would the user see on their PC? I think we have too many people who know the Local Administrator password and, I think the way we have our PC's configured, there are too many ways that someone with the password can access the computers remotely. Am I 'full of it' or do I have a valid concern? How are others addressing these issues? -- Clyde Hoadley Metropolitan State College of Denver hoadleyc () mscd edu (303) 556-5074 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Access to Local Administrator account Clyde Hoadley (Oct 06)
- <Possible follow-ups>
- Re: Access to Local Administrator account Jon Mitchiner (Oct 06)