Hidden Share overrides NTFS File Permissions ????

[Linux203]

A business has a workstation that is shared by approx. 20 employees. Each employee logs in with his/her own username and password. Each user is a member of Domain Users and buitin\Users. Roaming profiles are in use.

The profiles contained in C:\Documents and Settings have default permissions. Each can see his/her own profile directory and not others.

When the workstation is accessed via \\WS015\C$, any user can see all other user profiles.

How is this possible? Why is this happening? What can I do to prevent this?

 

[bcastner]

By default the drive letters are shared (C$, D$, etc.) as hidden shares for Administrator access. Even if you delete the shares manually they will be recreated at next bootup.

To remove these shares for good add the following DWORD registry values :

NT Server :

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
AutoShareServer=0

NT Workstation :

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
AutoShareWks=0

Note that the IPC$ share will not be removed by setting these registry values.

Note that it will only stop Windows from creating the shares at startup, one have to delete the admin shares one self, but only once after changing the above registry keys. Besides using the standard interface for removing the shares, one can also find and delete the shares by editing the registry database at this location:
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Shares]

References:

http://snakefoot.fateback.com/tweak/winnt/sharing.html#ADMIN_SHARE