Hosting Provided By

RE: Any way to remove ADMIN$ only?

From: Deus, Attonbitus <Thor(at)HammerofGod.com>
Date: Tue Nov 05 2002 - 13:36:47 EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 09:59 AM 11/5/2002, Jim Harrison (SPG) wrote:
> The only problem with using "net share" to create shares is that it
> applies default permissions to those shares it creates. These include
> "Everyone=Full"; obviously not an ideal scenario, especially given the
> default security of Windows drives (Everyone=Full). I've written a
> script that will create shares that only allow those accounts listed
> in the local server's administrator's group to have access to the
> share you choose to create.

Hey Jim!

Actually, the permissions for ADMIN$ are pre-set, and cannot be changed (and are admin only). Even if you delete the ADMIN$ with the net command and create it back again manually, it will still only have admin permissions. So in this case, it is not really an issue.

But more importantly, as Eric pointed out, there is really no value in deleting the admin share at all, as only admins have access to it, which means they can always add it back with a simple "net share admin$" command.

hth

-- AD

"Do not lead, for I may not follow. Do not follow, for I may not lead. And don't stand next to me either. Just leave me the hell alone."

Do you need help?

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPcgPv4hsmyD15h5gEQLKsQCfaDNxUEjlhiLAUXjoypY5MTRBOTQAnjIM xIE6TFZjnbGDJPCCdm61G0o5
=xkGm
-----END PGP SIGNATURE----- Received on Sat Nov 9 10:39:39 2002

This message: [ Message body ]
Next message: ohnonono(at)hushmail.com: "Re: Win 2000 password Complexity Requirements"
Previous message: Roger Seielstad: "Re: Any way to remove ADMIN$ only?"
Maybe in reply to: Jim Harrison (SPG): "RE: Any way to remove ADMIN$ only?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:24 EDT