Sign in with
Sign up | Sign in
Your question

Deleteing C$ sharing

Tags:
Last response: in Windows 2000/NT
Share
February 3, 2005 9:35:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi:

I have a need to montor the hard drives in my network, however, I have a
user who has not only mangae to figure out how to delete a "Administrative
Share" for the session, but it seems they have manage to delete it, except of
a "Log In Situation" even during a re-boot of the system. How is this
possible and is there anyway to circumnavigate this users attempts to lock
thier PC out of the loop, with out them knowing they are back in the loop.
--
Thank you for you help

Mark M

More about : deleteing sharing

Anonymous
February 4, 2005 12:21:04 AM

Archived from groups: microsoft.public.win2000.security (More info?)

What exactly are you trying to do? It sure sounds like they are local
administrators if they can do what you describe which may be part of your
problem. You can delete the default administrator shares by disabling file
and print sharing, using poledit, or modifying the registry as shown in the
link below. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;318755

"MSM" <MSM@discussions.microsoft.com> wrote in message
news:C082D991-B1DD-4925-B347-5E2DBBEEA757@microsoft.com...
> Hi:
>
> I have a need to montor the hard drives in my network, however, I have a
> user who has not only mangae to figure out how to delete a "Administrative
> Share" for the session, but it seems they have manage to delete it, except
> of
> a "Log In Situation" even during a re-boot of the system. How is this
> possible and is there anyway to circumnavigate this users attempts to lock
> thier PC out of the loop, with out them knowing they are back in the loop.
> --
> Thank you for you help
>
> Mark M
February 4, 2005 12:21:05 AM

Archived from groups: microsoft.public.win2000.security (More info?)

hi:

I am tasked to monitor the network and the computers on the network. I am
not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am trying
to use the brute force method of using the Admin Shares, and a index reader
program. You are right these users have admin rights, I am wondering if this
particular user has set up the secruity/sharing feature in such a manner that
only thier user account can access thier computer. I can not even log in
using the admin account. Thus I need to know how they may have done this,
and if the way you discribe can be done in such a way that this person can
not know it has been re-estiblished?

Mark M.

PS: this user is very adept at using the task manager

"Steven L Umbach" wrote:

> What exactly are you trying to do? It sure sounds like they are local
> administrators if they can do what you describe which may be part of your
> problem. You can delete the default administrator shares by disabling file
> and print sharing, using poledit, or modifying the registry as shown in the
> link below. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;318755
>
> "MSM" <MSM@discussions.microsoft.com> wrote in message
> news:C082D991-B1DD-4925-B347-5E2DBBEEA757@microsoft.com...
> > Hi:
> >
> > I have a need to montor the hard drives in my network, however, I have a
> > user who has not only mangae to figure out how to delete a "Administrative
> > Share" for the session, but it seems they have manage to delete it, except
> > of
> > a "Log In Situation" even during a re-boot of the system. How is this
> > possible and is there anyway to circumnavigate this users attempts to lock
> > thier PC out of the loop, with out them knowing they are back in the loop.
> > --
> > Thank you for you help
> >
> > Mark M
>
>
>
Related resources
Anonymous
February 4, 2005 2:55:31 AM

Archived from groups: microsoft.public.win2000.security (More info?)

If the user is local administrator then the inmates are running the asylum
and that user could be doing anything on that computer including removing
the computer from the domain, changing ntfs and share permissions, or more
likely has removed your account or domain admins group from local
administrators group. You should consider looking at ways to not allow users
to be local administrators. Instead of trying to play games with this user
take his computer and reimage it or repair it and have him and other users
sign a computer user statement that prohibits junior hacking which includes
anything that will deny domain admins access to the computer. Also be sure
that auditing of logon events, policy change, and account management is
enabled on those computers. You should also be able to connect to any domain
users computer as a domain admin and use Computer Management to access those
computers to view the shares on that computer. A Group Policy startup script
can be used to add domain admins or any user/group to the local
administrators group on a domain computer as in [ net localgroup
administrators /add "mydomain\domain admins" ]--- Steve


"MSM" <MSM@discussions.microsoft.com> wrote in message
news:BC185BDF-48AC-4B2C-87F9-C3FE64B7B4A3@microsoft.com...
> hi:
>
> I am tasked to monitor the network and the computers on the network. I am
> not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am
> trying
> to use the brute force method of using the Admin Shares, and a index
> reader
> program. You are right these users have admin rights, I am wondering if
> this
> particular user has set up the secruity/sharing feature in such a manner
> that
> only thier user account can access thier computer. I can not even log in
> using the admin account. Thus I need to know how they may have done this,
> and if the way you discribe can be done in such a way that this person can
> not know it has been re-estiblished?
>
> Mark M.
>
> PS: this user is very adept at using the task manager
>
> "Steven L Umbach" wrote:
>
>> What exactly are you trying to do? It sure sounds like they are local
>> administrators if they can do what you describe which may be part of your
>> problem. You can delete the default administrator shares by disabling
>> file
>> and print sharing, using poledit, or modifying the registry as shown in
>> the
>> link below. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;318755
>>
>> "MSM" <MSM@discussions.microsoft.com> wrote in message
>> news:C082D991-B1DD-4925-B347-5E2DBBEEA757@microsoft.com...
>> > Hi:
>> >
>> > I have a need to montor the hard drives in my network, however, I have
>> > a
>> > user who has not only mangae to figure out how to delete a
>> > "Administrative
>> > Share" for the session, but it seems they have manage to delete it,
>> > except
>> > of
>> > a "Log In Situation" even during a re-boot of the system. How is this
>> > possible and is there anyway to circumnavigate this users attempts to
>> > lock
>> > thier PC out of the loop, with out them knowing they are back in the
>> > loop.
>> > --
>> > Thank you for you help
>> >
>> > Mark M
>>
>>
>>
February 4, 2005 3:35:09 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi:

Thanks for the info, unfortinately, I am betweena rock and a hard place.
These users are a very private bunch and to have them agree to an sign
anything that they will percieve as restricting them or giving someone access
to hard drives will cause a major uproar and the onwners who want everything
micromanaged. Your eailer post about resetting the the autoshare is good. I
just managed to look at the comuter. All the setting for the C$ shares are
there, however my admmin account has been deleted. I have just tried logging
into the hard drive with the Administrator account and it works. Thank you
for you help, by the way do you use a chat service, maybe next time I have a
issue I can contact you direct.

"Steven L Umbach" wrote:

> If the user is local administrator then the inmates are running the asylum
> and that user could be doing anything on that computer including removing
> the computer from the domain, changing ntfs and share permissions, or more
> likely has removed your account or domain admins group from local
> administrators group. You should consider looking at ways to not allow users
> to be local administrators. Instead of trying to play games with this user
> take his computer and reimage it or repair it and have him and other users
> sign a computer user statement that prohibits junior hacking which includes
> anything that will deny domain admins access to the computer. Also be sure
> that auditing of logon events, policy change, and account management is
> enabled on those computers. You should also be able to connect to any domain
> users computer as a domain admin and use Computer Management to access those
> computers to view the shares on that computer. A Group Policy startup script
> can be used to add domain admins or any user/group to the local
> administrators group on a domain computer as in [ net localgroup
> administrators /add "mydomain\domain admins" ]--- Steve
>
>
> "MSM" <MSM@discussions.microsoft.com> wrote in message
> news:BC185BDF-48AC-4B2C-87F9-C3FE64B7B4A3@microsoft.com...
> > hi:
> >
> > I am tasked to monitor the network and the computers on the network. I am
> > not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am
> > trying
> > to use the brute force method of using the Admin Shares, and a index
> > reader
> > program. You are right these users have admin rights, I am wondering if
> > this
> > particular user has set up the secruity/sharing feature in such a manner
> > that
> > only thier user account can access thier computer. I can not even log in
> > using the admin account. Thus I need to know how they may have done this,
> > and if the way you discribe can be done in such a way that this person can
> > not know it has been re-estiblished?
> >
> > Mark M.
> >
> > PS: this user is very adept at using the task manager
> >
> > "Steven L Umbach" wrote:
> >
> >> What exactly are you trying to do? It sure sounds like they are local
> >> administrators if they can do what you describe which may be part of your
> >> problem. You can delete the default administrator shares by disabling
> >> file
> >> and print sharing, using poledit, or modifying the registry as shown in
> >> the
> >> link below. --- Steve
> >>
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;318755
> >>
> >> "MSM" <MSM@discussions.microsoft.com> wrote in message
> >> news:C082D991-B1DD-4925-B347-5E2DBBEEA757@microsoft.com...
> >> > Hi:
> >> >
> >> > I have a need to montor the hard drives in my network, however, I have
> >> > a
> >> > user who has not only mangae to figure out how to delete a
> >> > "Administrative
> >> > Share" for the session, but it seems they have manage to delete it,
> >> > except
> >> > of
> >> > a "Log In Situation" even during a re-boot of the system. How is this
> >> > possible and is there anyway to circumnavigate this users attempts to
> >> > lock
> >> > thier PC out of the loop, with out them knowing they are back in the
> >> > loop.
> >> > --
> >> > Thank you for you help
> >> >
> >> > Mark M
> >>
> >>
> >>
>
>
>
Anonymous
February 4, 2005 8:39:25 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I understand that politics play a major role in corporate [or small
business] culture. I don't use chat but I try to check this newsgroup [and
others] almost daily. There also are other very helpful regulars on this
newsgroup. Glad you got it sorted out. --- Steve


"MSM" <MSM@discussions.microsoft.com> wrote in message
news:72852C6D-9E4D-46E5-BEC2-6CE42C299376@microsoft.com...
> Hi:
>
> Thanks for the info, unfortinately, I am betweena rock and a hard place.
> These users are a very private bunch and to have them agree to an sign
> anything that they will percieve as restricting them or giving someone
> access
> to hard drives will cause a major uproar and the onwners who want
> everything
> micromanaged. Your eailer post about resetting the the autoshare is good.
> I
> just managed to look at the comuter. All the setting for the C$ shares
> are
> there, however my admmin account has been deleted. I have just tried
> logging
> into the hard drive with the Administrator account and it works. Thank
> you
> for you help, by the way do you use a chat service, maybe next time I have
> a
> issue I can contact you direct.
>
> "Steven L Umbach" wrote:
>
>> If the user is local administrator then the inmates are running the
>> asylum
>> and that user could be doing anything on that computer including removing
>> the computer from the domain, changing ntfs and share permissions, or
>> more
>> likely has removed your account or domain admins group from local
>> administrators group. You should consider looking at ways to not allow
>> users
>> to be local administrators. Instead of trying to play games with this
>> user
>> take his computer and reimage it or repair it and have him and other
>> users
>> sign a computer user statement that prohibits junior hacking which
>> includes
>> anything that will deny domain admins access to the computer. Also be
>> sure
>> that auditing of logon events, policy change, and account management is
>> enabled on those computers. You should also be able to connect to any
>> domain
>> users computer as a domain admin and use Computer Management to access
>> those
>> computers to view the shares on that computer. A Group Policy startup
>> script
>> can be used to add domain admins or any user/group to the local
>> administrators group on a domain computer as in [ net localgroup
>> administrators /add "mydomain\domain admins" ]--- Steve
>>
>>
>> "MSM" <MSM@discussions.microsoft.com> wrote in message
>> news:BC185BDF-48AC-4B2C-87F9-C3FE64B7B4A3@microsoft.com...
>> > hi:
>> >
>> > I am tasked to monitor the network and the computers on the network. I
>> > am
>> > not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am
>> > trying
>> > to use the brute force method of using the Admin Shares, and a index
>> > reader
>> > program. You are right these users have admin rights, I am wondering
>> > if
>> > this
>> > particular user has set up the secruity/sharing feature in such a
>> > manner
>> > that
>> > only thier user account can access thier computer. I can not even log
>> > in
>> > using the admin account. Thus I need to know how they may have done
>> > this,
>> > and if the way you discribe can be done in such a way that this person
>> > can
>> > not know it has been re-estiblished?
>> >
>> > Mark M.
>> >
>> > PS: this user is very adept at using the task manager
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> What exactly are you trying to do? It sure sounds like they are local
>> >> administrators if they can do what you describe which may be part of
>> >> your
>> >> problem. You can delete the default administrator shares by disabling
>> >> file
>> >> and print sharing, using poledit, or modifying the registry as shown
>> >> in
>> >> the
>> >> link below. --- Steve
>> >>
>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;318755
>> >>
>> >> "MSM" <MSM@discussions.microsoft.com> wrote in message
>> >> news:C082D991-B1DD-4925-B347-5E2DBBEEA757@microsoft.com...
>> >> > Hi:
>> >> >
>> >> > I have a need to montor the hard drives in my network, however, I
>> >> > have
>> >> > a
>> >> > user who has not only mangae to figure out how to delete a
>> >> > "Administrative
>> >> > Share" for the session, but it seems they have manage to delete it,
>> >> > except
>> >> > of
>> >> > a "Log In Situation" even during a re-boot of the system. How is
>> >> > this
>> >> > possible and is there anyway to circumnavigate this users attempts
>> >> > to
>> >> > lock
>> >> > thier PC out of the loop, with out them knowing they are back in the
>> >> > loop.
>> >> > --
>> >> > Thank you for you help
>> >> >
>> >> > Mark M
>> >>
>> >>
>> >>
>>
>>
>>
!