Accessing c$ remotely?

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hi,

I've just installed WindowsXP Professional with SP2 (had win2k sp4) on the
two computers in my home network.

I'd like to be able to access the administrative shares like c$ remotely
with my other computer like how I was able to with win2k.

I have both computers set so users have passwords, are members of
administrators on both computers, and file and print sharing is working with
otherwise created shares. The home network is behind a NAT router and are
not working on an NT domain.

I've tried disabling the firewall on both computers with no change. When I'm
on one computer I can access its own administrative share such as c$ but not
from anywhere else.

Also, I can't use those handy tools from www.sysinternals.com like pstools
remotely across the network like I used to be able to.

So I'm thinking this must be a policy setting. Where can I look to allow
this access?

Karen
http://scootgirl.com/
3 answers Last reply
More about accessing remotely
  1. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    RESOLUTION:

    In Control Panel, double-click Administrative Tools.

    Click Local Security Policy.

    Locate the policy in the "Security Settings\Local Policies\Security
    Options\Network Access: Sharing and security model for local accounts"
    folder.

    Right-click the policy, and then click Properties.

    In the box, click Classic - local users authenticate as themselves.

    Click OK.
  2. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    Hello,

    In Control Panel-Windows Firewall-Then select the exception for File and
    Print Sharing and it should solve your problem you might need to check also
    in Windows Firewall Advanced under ICMP-Settings check Allow incoming echo
    request, you can try in start-run-cmd ping your other machine and if it
    doesn't reply you may need to check it.

    Hope this helps
    "scootgirl.com" <duzfaq64@dslextreme.com> wrote in message
    news:Siv1d.6919$NC6.5120@newsread1.mlpsca01.us.to.verio.net...
    > Hi,
    >
    > I've just installed WindowsXP Professional with SP2 (had win2k sp4) on the
    > two computers in my home network.
    >
    > I'd like to be able to access the administrative shares like c$ remotely
    > with my other computer like how I was able to with win2k.
    >
    > I have both computers set so users have passwords, are members of
    > administrators on both computers, and file and print sharing is working
    > with otherwise created shares. The home network is behind a NAT router and
    > are not working on an NT domain.
    >
    > I've tried disabling the firewall on both computers with no change. When
    > I'm on one computer I can access its own administrative share such as c$
    > but not from anywhere else.
    >
    > Also, I can't use those handy tools from www.sysinternals.com like pstools
    > remotely across the network like I used to be able to.
    >
    > So I'm thinking this must be a policy setting. Where can I look to allow
    > this access?
    >
    > Karen
    > http://scootgirl.com/
    >
  3. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    On Mon, 13 Sep 2004 15:32:04 -0700, "scootgirl.com"

    >I've just installed WindowsXP Professional with SP2 (had win2k sp4) on the
    >two computers in my home network.

    >I'd like to be able to access the administrative shares like c$ remotely
    >with my other computer like how I was able to with win2k.

    Frankly, I'd kill off those shares in all cases, because they are
    fundamentally contrary to the "safe hex" principle of NEVER providing
    write-access to any part of the system startup axis.

    Else it's an open door for malware on one PC to drill into and run
    from every other PC on the network.

    Even if I needed to administer multiple PCs on the network, I would
    not do it this way. Instead, I'd "privitize" access to startup
    locations etc. by using my own code on the workstations to integrate
    what I push through a small and not auto-running share on that PC.

    There's be checks made at this point, to verify it really was me
    trying to push the stuff. Sure, it's "security by obscurity", but as
    long as I don't blab the details on the 'net or build this into a
    mass-rolled-out product, it's enough to block malware bots.

    >I have both computers set so users have passwords, are members of
    >administrators on both computers, and file and print sharing is working with
    >otherwise created shares. The home network is behind a NAT router and are
    >not working on an NT domain.

    While NAT should stop your shares being exploited directly from the
    Internet, security in depth requires you to think beyond that, to;
    what happens when one of the PCs gets infected?

    >I've tried disabling the firewall on both computers with no change. When I'm
    >on one computer I can access its own administrative share such as c$ but not
    >from anywhere else.

    Small mercies; let's hope the band-aid holds. Yes, I'm editorializing
    and not giving you what you want, because I think what you are asking
    for won't be what you want in the bigger sense.

    XP may have better band-aids on admin shares than Win2000 had, and SP2
    may strengthen these further, but IMO it's better to kill them
    completely, and write-share as narrowly as possible.

    There are many (most?) traditional malware (viruses, worms) that are
    aware of and use LAN shares, and they don't all require these to be
    called "C" or be mapped to a drive letter. At best, malware runs in
    your user context, so if you can use the share, so can the malware.
    At worst, malware can exscalate its way beyond any "I'm safe because I
    didn't log on as admin" constraints to full system access.

    With that in mind, if it exists, it can be a menace, band-aids or no.


    >--------------- ----- ---- --- -- - - -
    Never turn your back on an installer program
    >--------------- ----- ---- --- -- - - -
Ask a new question

Read More

Configuration Computers Windows XP