Sign in with
Sign up | Sign in
Your question

Why is there a C$ share???

Last response: in Windows XP
Share
February 17, 2005 8:11:06 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I was just wondering why Microsoft has allowed a share from the c: drive,
where are the OS information is at. What I mean is any user on our network
can type \\computername\c$ and access everything on that persons computer.
Just curious.

Also, is this the same for servers? Does a C$ share exist automatically?
Why would you want your users (if they knew this) to access anyone elses
computer like that?

Any feedback is appreciated. Thanks.

More about : share

Anonymous
a b 8 Security
February 17, 2005 11:37:41 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

It is called an administrative share.

And yes, it is the same for both workstations and servers.

Users should not have access to this share, administrators do.

--
Dave




"Matt" <Matt@discussions.microsoft.com> wrote in message
news:F94C4AD4-07CA-4991-8232-16C48BBA8CC7@microsoft.com...
| I was just wondering why Microsoft has allowed a share from the c: drive,
| where are the OS information is at. What I mean is any user on our network
| can type \\computername\c$ and access everything on that persons computer.
| Just curious.
|
| Also, is this the same for servers? Does a C$ share exist automatically?
| Why would you want your users (if they knew this) to access anyone elses
| computer like that?
|
| Any feedback is appreciated. Thanks.
February 17, 2005 11:37:42 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Here we setup Domain Users to be a part of a local admins group on their
PC's, so they can install software without any problems, and so users are
able to logon to different machines. That must be why they can access others
admin share.

Is there a better way to set this up, not to add them to the local admins
group, and still let them do almost anything locally on the machine?

"David H. Lipman" wrote:

> It is called an administrative share.
>
> And yes, it is the same for both workstations and servers.
>
> Users should not have access to this share, administrators do.
>
> --
> Dave
>
>
>
>
> "Matt" <Matt@discussions.microsoft.com> wrote in message
> news:F94C4AD4-07CA-4991-8232-16C48BBA8CC7@microsoft.com...
> | I was just wondering why Microsoft has allowed a share from the c: drive,
> | where are the OS information is at. What I mean is any user on our network
> | can type \\computername\c$ and access everything on that persons computer.
> | Just curious.
> |
> | Also, is this the same for servers? Does a C$ share exist automatically?
> | Why would you want your users (if they knew this) to access anyone elses
> | computer like that?
> |
> | Any feedback is appreciated. Thanks.
>
>
>
Related resources
Anonymous
a b 8 Security
February 17, 2005 12:11:41 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Don't load File & Print Shares on user workstations !

There is also a Registry setting that will allow you to disable administrative shares but my
memory fails me and I don't know it off hand - sorry.

--
Dave




"Matt" <Matt@discussions.microsoft.com> wrote in message
news:23286236-C538-437F-9307-D52AF7A0D6D2@microsoft.com...
| Here we setup Domain Users to be a part of a local admins group on their
| PC's, so they can install software without any problems, and so users are
| able to logon to different machines. That must be why they can access others
| admin share.
|
| Is there a better way to set this up, not to add them to the local admins
| group, and still let them do almost anything locally on the machine?
|
| "David H. Lipman" wrote:
|
| > It is called an administrative share.
| >
| > And yes, it is the same for both workstations and servers.
| >
| > Users should not have access to this share, administrators do.
| >
| > --
| > Dave
| >
| >
| >
| >
| > "Matt" <Matt@discussions.microsoft.com> wrote in message
| > news:F94C4AD4-07CA-4991-8232-16C48BBA8CC7@microsoft.com...
| > | I was just wondering why Microsoft has allowed a share from the c: drive,
| > | where are the OS information is at. What I mean is any user on our network
| > | can type \\computername\c$ and access everything on that persons computer.
| > | Just curious.
| > |
| > | Also, is this the same for servers? Does a C$ share exist automatically?
| > | Why would you want your users (if they knew this) to access anyone elses
| > | computer like that?
| > |
| > | Any feedback is appreciated. Thanks.
| >
| >
| >
Anonymous
a b 8 Security
February 17, 2005 5:56:24 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

David,

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
Double click on AutoShareServer and set it to 0 to disable it for a server.
Double click on AutoShareWks and set it to 0 to disable it for a
workstation.
If the entries are not present, Add Value of type REG_DWORD. The Range is 0
(disable) or 1 (enable - the default).

Certain miscreant domain management software (like SMS) uses these shares.

Regards,

George.
Anonymous
a b 8 Security
February 17, 2005 6:05:41 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanx George.

Saved for future reference ! :-)

--
Dave




"George M. Garner Jr." <gmgarner@newsgroup.nospam> wrote in message
news:uOMYGrSFFHA.2676@TK2MSFTNGP12.phx.gbl...
| David,
|
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
| Double click on AutoShareServer and set it to 0 to disable it for a server.
| Double click on AutoShareWks and set it to 0 to disable it for a
| workstation.
| If the entries are not present, Add Value of type REG_DWORD. The Range is 0
| (disable) or 1 (enable - the default).
|
| Certain miscreant domain management software (like SMS) uses these shares.
|
| Regards,
|
| George.
|
|
Anonymous
a b 8 Security
February 19, 2005 4:25:36 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Matt" <Matt@discussions.microsoft.com> wrote in message
news:23286236-C538-437F-9307-D52AF7A0D6D2@microsoft.com...
> Here we setup Domain Users to be a part of a local admins group on their
> PC's, so they can install software without any problems, and so users are
> able to logon to different machines. That must be why they can access
> others
> admin share.
>
> Is there a better way to set this up, not to add them to the local admins
> group, and still let them do almost anything locally on the machine?
>


Try adding INTERACTIVE to the administrators group.

This will mean anyone whoever is logged in locally will have administrator
access, without including network users.
!