Windows Thread, Administrative share security issues in Technical; Hi,
I was at a teacher PC the other day and needed to get some software off my main PC ...
14th March 2012, 11:09 AM #1
Administrative share security issues
I was at a teacher PC the other day and needed to get some software off my main PC (running XP SP3) so I broswed to
\\MyPcName\E$ and all was good.
Later, out of interest, I tried this from a non-admin pupil account and it worked and even allowed me to create/delete files !!!
Obviously this is a bit of a security hole but I'm not sure of best technique to plug it.
I read that you can disable sharing administrative shares but it will be re-anabled on reboot by windows.
Also read I could have a startup/login/scheduled batch file to do e.g. NET SHARE E$ /delete
Or is there a group policy fix ? (We are running server 2008 R2 Standard)
Or maybe better to change security permissions locally for E: etc ?
But what about all the other laptops / PCs used in office and by teachers as they will have the same issue.
Don't want to have to manually set permissions on all computers individually ?!!
Not sure why these admin shares exist anyway, should I blame Microsoft or the people who originally set up
our network ?
Thanks for any advice
IDG Tech News
14th March 2012, 12:20 PM #2
The root E: drive should not have permissions for anyone other than admins.
14th March 2012, 12:46 PM #3
E has permission entries for "Administrators", "Authenticated users", "users" and "SYSTEM"
Of course I could tweak these for my PC but how do I fix similar issues system wide in one fell swoop ?
20th March 2012, 10:37 AM #4
no one got any ideas ?
20th March 2012, 10:58 AM #5
Not sure if this is correct - yay for being an apprentice - but wouldn't a combo of permissions on the share and permissions on the actual folder limit this?
Making it so the folder has 'list folder contents' unchecked and the share has no read permission for the student group/s?
20th March 2012, 11:22 AM #6
Your network is incorrectly configured. The default administrative shares do not allow normal users to browse them.
At a guess, I suspect someone has added a domain group to a local computer group or domain users to a domain group that allows them local administrative access.
So check the membership of your domain and local groups.
20th March 2012, 08:06 PM #7
The "Authenticated Users" group needs removing. You need to asses what impact this would have on any other files, folder and shares stored on the E: partition before you do though!
21st March 2012, 09:59 AM #8
Ok thanks for the info I'll investigate manually for my PC.
But what about all the other staff PCs on site, is there any way to automate the investigation and a subsequent fix (like removing authenticated users) ?
Also I've got a USB drive plugged in and it is being shared as I$, but I can't set any security permisiions on it.
Maybe as it's formatted as FAT32?
So anyone can browse it, Ouch !!!
By lsheldon in forum Educational Software
Last Post: 26th June 2009, 12:36 PM
By Crispin in forum Office Software
Last Post: 11th June 2009, 09:41 AM
By steve_nfi in forum Windows
Last Post: 1st July 2008, 03:09 PM
By projector1 in forum Hardware
Last Post: 12th April 2008, 11:18 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)