Why is there a C$ share???

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I was just wondering why Microsoft has allowed a share from the c: drive,
where are the OS information is at. What I mean is any user on our network
can type \\computername\c$ and access everything on that persons computer.
Just curious.

Also, is this the same for servers? Does a C$ share exist automatically?
Why would you want your users (if they knew this) to access anyone elses
computer like that?

Any feedback is appreciated. Thanks.
6 answers Last reply
More about share
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    It is called an administrative share.

    And yes, it is the same for both workstations and servers.

    Users should not have access to this share, administrators do.

    --
    Dave


    "Matt" <Matt@discussions.microsoft.com> wrote in message
    news:F94C4AD4-07CA-4991-8232-16C48BBA8CC7@microsoft.com...
    | I was just wondering why Microsoft has allowed a share from the c: drive,
    | where are the OS information is at. What I mean is any user on our network
    | can type \\computername\c$ and access everything on that persons computer.
    | Just curious.
    |
    | Also, is this the same for servers? Does a C$ share exist automatically?
    | Why would you want your users (if they knew this) to access anyone elses
    | computer like that?
    |
    | Any feedback is appreciated. Thanks.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Here we setup Domain Users to be a part of a local admins group on their
    PC's, so they can install software without any problems, and so users are
    able to logon to different machines. That must be why they can access others
    admin share.

    Is there a better way to set this up, not to add them to the local admins
    group, and still let them do almost anything locally on the machine?

    "David H. Lipman" wrote:

    > It is called an administrative share.
    >
    > And yes, it is the same for both workstations and servers.
    >
    > Users should not have access to this share, administrators do.
    >
    > --
    > Dave
    >
    >
    >
    >
    > "Matt" <Matt@discussions.microsoft.com> wrote in message
    > news:F94C4AD4-07CA-4991-8232-16C48BBA8CC7@microsoft.com...
    > | I was just wondering why Microsoft has allowed a share from the c: drive,
    > | where are the OS information is at. What I mean is any user on our network
    > | can type \\computername\c$ and access everything on that persons computer.
    > | Just curious.
    > |
    > | Also, is this the same for servers? Does a C$ share exist automatically?
    > | Why would you want your users (if they knew this) to access anyone elses
    > | computer like that?
    > |
    > | Any feedback is appreciated. Thanks.
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Don't load File & Print Shares on user workstations !

    There is also a Registry setting that will allow you to disable administrative shares but my
    memory fails me and I don't know it off hand - sorry.

    --
    Dave


    "Matt" <Matt@discussions.microsoft.com> wrote in message
    news:23286236-C538-437F-9307-D52AF7A0D6D2@microsoft.com...
    | Here we setup Domain Users to be a part of a local admins group on their
    | PC's, so they can install software without any problems, and so users are
    | able to logon to different machines. That must be why they can access others
    | admin share.
    |
    | Is there a better way to set this up, not to add them to the local admins
    | group, and still let them do almost anything locally on the machine?
    |
    | "David H. Lipman" wrote:
    |
    | > It is called an administrative share.
    | >
    | > And yes, it is the same for both workstations and servers.
    | >
    | > Users should not have access to this share, administrators do.
    | >
    | > --
    | > Dave
    | >
    | >
    | >
    | >
    | > "Matt" <Matt@discussions.microsoft.com> wrote in message
    | > news:F94C4AD4-07CA-4991-8232-16C48BBA8CC7@microsoft.com...
    | > | I was just wondering why Microsoft has allowed a share from the c: drive,
    | > | where are the OS information is at. What I mean is any user on our network
    | > | can type \\computername\c$ and access everything on that persons computer.
    | > | Just curious.
    | > |
    | > | Also, is this the same for servers? Does a C$ share exist automatically?
    | > | Why would you want your users (if they knew this) to access anyone elses
    | > | computer like that?
    | > |
    | > | Any feedback is appreciated. Thanks.
    | >
    | >
    | >
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    David,

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
    Double click on AutoShareServer and set it to 0 to disable it for a server.
    Double click on AutoShareWks and set it to 0 to disable it for a
    workstation.
    If the entries are not present, Add Value of type REG_DWORD. The Range is 0
    (disable) or 1 (enable - the default).

    Certain miscreant domain management software (like SMS) uses these shares.

    Regards,

    George.
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thanx George.

    Saved for future reference ! :-)

    --
    Dave


    "George M. Garner Jr." <gmgarner@newsgroup.nospam> wrote in message
    news:uOMYGrSFFHA.2676@TK2MSFTNGP12.phx.gbl...
    | David,
    |
    | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
    | Double click on AutoShareServer and set it to 0 to disable it for a server.
    | Double click on AutoShareWks and set it to 0 to disable it for a
    | workstation.
    | If the entries are not present, Add Value of type REG_DWORD. The Range is 0
    | (disable) or 1 (enable - the default).
    |
    | Certain miscreant domain management software (like SMS) uses these shares.
    |
    | Regards,
    |
    | George.
    |
    |
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Matt" <Matt@discussions.microsoft.com> wrote in message
    news:23286236-C538-437F-9307-D52AF7A0D6D2@microsoft.com...
    > Here we setup Domain Users to be a part of a local admins group on their
    > PC's, so they can install software without any problems, and so users are
    > able to logon to different machines. That must be why they can access
    > others
    > admin share.
    >
    > Is there a better way to set this up, not to add them to the local admins
    > group, and still let them do almost anything locally on the machine?
    >


    Try adding INTERACTIVE to the administrators group.

    This will mean anyone whoever is logged in locally will have administrator
    access, without including network users.
Ask a new question

Read More

Security Computers Microsoft Windows XP