RE: About default sharing folders in Windows

Actually Paris you can in theory "disable" the default admin. It just takes a few tricks  

-----Original Message-----
From: Paris Stone [mailto:paris@ciscoinstructor.com] Sent: Wednesday, June 04, 2003 13:59
To: stephen at unix dot za dot net; dave Cc: security-basics@securityfocus.com
Subject: RE: About default sharing folders in Windows

Can't delete Administrator or Guest. Rename & Disable them, then create dummy
accounts with those two default names. All acl's are checked against the SID's not
the actual name and the SID's won't change with a rename. Therefore if you can't
delete it and renaming it won't remove the assignments, you're hosed. There are
tools out there that will scan your filesystem for rights, can't remember any just
now. Audit the system and manually remove rights.

stephen at unix dot za dot net (stephen@unix.za.net) wrote:
>
>
>how about deleting the admininistrator account (killing that sid)
ability
>> to enumerate accounts over a null connection. The renamed Administrator
>> account will be trivial to spot by its ID otherwise.
>>
>> David Gillett
>>
>>
>>
>>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paris Stone
CISSP, CCNP, CNE, MCSE
CIW Master Administrator / Security Analyst, NSA
http://www.ciscoinstructor.net/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The rich man is not the one with the most, but the one who needs the least"



---------------------------------------------------------------------------
----------------------------------------------------------------------------





---------------------------------------------------------------------------
----------------------------------------------------------------------------