c$, d$ and on

[malshade]

OK, what the h3|| is up with the dollar shares?! Why can anyone get into them and how do I control access to them, MS won't let me.

 

[Davetoo]

Those are administrative shares, and they should not be open to just anyone.

You might want to explain with a little more detail what your situation is.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[malshade]

We have a Win2k domain. On a client machine I can log in as a user that is NOT in the domain admin group and view/browse the hidden shares on the domain controller. Naturally, I want that turned off immediately. If normal system activity doesn't require use of the hidden shares then I want them all disabled. Furthermore, I don't want them turning themselves back on after a reboot.

Thanks

~Mal

 

[strongm]

The hidden shares should only allow administrators to access them. If a non-administrator account has access, then something is wrong ...

Anyway, here's how to remove the shares: add a DWORD entry called AutoShareWks (or AutoShareServer on a server) to the following registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

and set the DWORD value to 0. Now manually remove the share via the relevant drive's Sharing tab on the Properties dialog, or through Shared Folders in the Computer Management console

If you later need to restore access just remove set the AutoShareWks (or AUtoShareServer on a server) value to 1, or delete the relevant entry entirely from the registry, and reboot

 

[strongm]

Oh, forgot to mention: you can do it through a Group Policy as well

 

[kmcferrin]

Check the file permissions on the C: and D: drives. If those have the proper security restrictions on them, then those shares won't be open to everyone. If your C: and D: drives allow everyone full access, then you have a security issue.

As stated previously, those are administrative shares. The $ at the end of a share name makes them hidden, which means that you cannot see them listed in the groups of shares while browsing the network. But if you know that they are there (and who doesn't these days) and you have file permissions to those drives then you will be able to map to them if you know the path.

 

[strongm]

Erm ... normally the most restrictive permissions (from the share settings and the file settings) apply ... so, whilst it is true that you can map to it, but you can't actually access it.

 

[malshade]

Did some searching through AD Users and Groups. Excuse my french: Some dip$hit added Domain Users to the Administrators group.... There are only 2 people that couldve done that and it wasn't me.... >:|

Do managers really know what they are doing anymore? Did they ever????

Thanks guys, you are a reliable source of reliable info. as always...

Tech on! :/

 

[malshade]

As part of a separate request: I'd REALLY like to know who is responsible. I'd like to track all moves and changes when it comes to changes in file and share permissions. Does Win2k server have the ability to track who does what over a LONG period of time? If not, are there 3rd party tools that can? PLEASE, do tell.