Windows Thread, Can I stop local admins accessing C$ default shares? in Technical; I find the default admin shares extremely useful, use them all the time, so cant really disable them alltogether.
What ...
-
22nd February 2007, 02:57 PM #1 Can I stop local admins accessing C$ default shares?
I find the default admin shares extremely useful, use them all the time, so cant really disable them alltogether.
What I'd like though, is for only domain admins to be able to access them. The reason I ask is that I am setting up some standalone machines which still need some network access.
Any local admin user I create can directly access any PC's C$ share as long as they know the name, and that is a bit of a security problem
Is there a way to restrict access to these shares to just domain admins?
-
-
IDG Tech News
-
22nd February 2007, 03:00 PM #2 Re: Can I stop local admins accessing C$ default shares?
Disable administrative shares in group policies.
Recreate the shares manually with whatever share level permissions you want.
-
-
22nd February 2007, 04:31 PM #3 
- Rep Power
- 0
Re: Can I stop local admins accessing C$ default shares?
Originally Posted by
Geoff Disable administrative shares in group policies.
Recreate the shares manually with whatever share level permissions you want.
The problem is that a localadmin has the power whatever access they ahve been denied. So they can just take ownership of a resource and add themelves to the permissions list.
-
-
22nd February 2007, 04:34 PM #4 Re: Can I stop local admins accessing C$ default shares?
I said use share level permissions, not NTFS permissions.
-
-
22nd February 2007, 04:35 PM #5 Re: Can I stop local admins accessing C$ default shares?
Given what NetworkGeezer has said, the only way around this may be to not give out local Admin level access. Is it possible to synthesize a level of access which is 'admin enough' without actually being admin? What exactly do you give out local admin rights for?
-
-
22nd February 2007, 06:04 PM #6
- Rep Power
- 0
Re: Can I stop local admins accessing C$ default shares?
Originally Posted by
Geoff I said use share level permissions, not NTFS permissions.
Splitting hairs really. They could just create themselves some new shares when they next have physical access.
The problem here is that we have users who have deliberately been given deliberately local admin rights.
-
-
22nd February 2007, 07:36 PM #7 Re: Can I stop local admins accessing C$ default shares?
As it seems fairly difficult its a good job ive thought of a solution that doesnt require me to have standalone machines
We do still have users that are local admin but they are office and admin staff that I trust. I was worrying here really because they were going to be student machines
We did actually use to have students as local admin but they were locked down enough with GP that they couldnt get to these shares as I remember
Thanks though everyone
-
SHARE: 
Similar Threads
-
By CM786 in forum Windows
Replies: 7
Last Post: 26th February 2010, 10:00 AM
-
By RockIt in forum How do you do....it?
Replies: 3
Last Post: 30th August 2007, 10:37 PM
-
Replies: 21
Last Post: 2nd April 2007, 03:02 PM
-
By Heebeejeebee in forum Windows
Replies: 15
Last Post: 5th February 2007, 03:00 PM
-
By browolf in forum Windows
Replies: 25
Last Post: 1st November 2006, 03:29 PM
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
LinkBack URL
About LinkBacks
