Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ms > 02 > 110019.html (Request Expert securityfocus.com Support)

RE: Any way to remove ADMIN$ only?

From: Jim Harrison (SPG) <jmharr(at)microsoft.com>
Date: Thu Nov 07 2002 - 13:23:01 EST


The way NTFS operates, anyone not specifically allowed is implicitly denied. Therefore, if you create a "deny only" rule, then no one is allowed. It's actually more "human-friendly" to define allowed users and let the rest get refused.  

Jim 

	-----Original Message----- 
	From: Roger Seielstad [mailto:roger@wiredeuclid.COM] 
	Sent: Tue 11/5/2002 17:49 
	To: Jim Harrison (SPG); 'Eric'; 'Palumbo, Dave (Factiva)'; focus-ms@securityfocus.com 
	Cc: 
	Subject: RE: Any way to remove ADMIN$ only?
	
	

	Would it not just make more sense to deny the everyone group at the
	ADMIN$ share level?
	
	----------
	Roger D. Seielstad
	Email Geek
	
	-----Original Message-----
	From: Jim Harrison (SPG) [mailto:jmharr@microsoft.com]
	Sent: Tuesday, November 05, 2002 12:59 PM
	To: Eric; Palumbo, Dave (Factiva); focus-ms@securityfocus.com
	Subject: RE: Any way to remove ADMIN$ only?
	
	
	 The only problem with using "net share" to create shares is that it
	 applies default permissions to those shares it creates. These include
	 "Everyone=Full"; obviously not an ideal scenario, especially given the
	 default security of Windows drives (Everyone=Full). I've written a
	 script that will create shares that only allow those accounts listed
	 in the local server's administrator's group to have access to the
	 share you choose to create.
	
	http://isatools.org/createshare.zip
	
	* Jim Harrison
	MCP(NT4/2K), A+, Network+
	Services Platform Division
	
	The burden of proof is not satisfied by a lack of evidence to the
	contrary..
	
	
	
	-----Original Message-----
	From: Eric [mailto:ews@tellurian.net]
	Sent: Monday, November 04, 2002 11:55 AM
	To: Palumbo, Dave (Factiva); 'focus-ms@securityfocus.com'
	Subject: Re: Any way to remove ADMIN$ only?
	
	
	write a script that will launch each time upon machine bootup that
	'unshares' that share.
	
	'net share admin$ /delete'
	
	I don't know of any registry setting that will remove only that share
	and
	leave the others.
	
	Understand also that anyone with admin privileges to that machine can
	recreate that share at any time.
	
	
	At 01:11 PM 11/4/2002 -0500, Palumbo, Dave (Factiva) wrote:


	>Hello,


	


	>to accomplish this?  If this is documented, please forgive me....but I


	IPC$).


	>Again, I'm just looking to remove ADMIN$.
Received on Fri Nov 8 18:12:46 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:24 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library