Re: Access to Local Administrator account

[Jon Mitchiner <jon.mitchiner () GALLAUDET EDU>]

Clyde,

At Gallaudet we have File and Print sharing service feature turned off.
This is also disabled via the group policy, as well as the local
security policy on each PC.  There is probably no real reason for people
to share files, printers, etc from their personal computers.  No, C$ and
D$ are not needed for proper operation.

What we tell people if they want to share printers then get a LPT (or
USB) to Ethernet convertor (usually around $50) and put the printer on
the network.

If they want to have files accessible on the network then they can
utilize the users network drive.

Jon Mitchiner
Gallaudet University

Clyde Hoadley wrote:

> I am not a Windows Administrator so forgive me if I am asking
> some 'newbe' questions.  I need some input from some people who are
> more knowledgeable than I regarding the Windows C$ and D$
> administrative shares and the MS Terminal Services.
>
> We clone a standard XP image when we deploy a new computer.
> We have quite a few people who know the password for the Local
> Administrator account.  Some of these people are full time IT
> employees and some of them are part time Work Study students
> (past and present).
>
> My questions are:
>
> Are the C$ and D$ administrative shares truly needed for proper
> operation of the PC?  Or, are they only created 'in case' someone
> wants to access files remotely?  Is it possible for someone who
> knows the Local Administrator password to browse the files on
> someone else's PC by way of the C$ and D$ file shares?
>
> With Terminal Services installed and automatically started on the
> XP standard image, is it possible for someone who knows the
> Local Administrator password to connect to another PC via
> Terminal Services?  What would the user see on their PC?
>
> I think we have too many people who know the Local Administrator
> password and, I think the way we have our PC's configured, there
> are too many ways that someone with the password can access the
> computers remotely.
>
> Am I 'full of it' or do I have a valid concern?
>
> How are others addressing these issues?
>
> --
> Clyde Hoadley
> Metropolitan State College of Denver
> hoadleyc () mscd edu
>
> (303) 556-5074
>
> **********
> Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at
> http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.