Forum Replies Created

Viewing 1 reply thread
  • Author
    Posts
    • #14716
      es mert
      Participant
      Member Points: 0
      Rank:

      i think microsoft gives as a good dilemma. ok i will test deleting admin share and see the effects. regards

      http://blogs.technet.com/b/askds/archive/2012/01/06/friday-mail-sack-best-post-this-year-edition.aspx#share

      Question
      Is there an “official” stance on removing built-in admin shares (C$, ADMIN$, etc.) in Windows? I’m not sure this would make things more secure or not. Larry Osterman wrote a nice article on its origins but doesn’t give any advice.
      Answer
      The official stance is from the KB that states how to do it:
      Generally, Microsoft recommends that you do not modify these special shared resources.
      Even better, here are many things that will break if you do this:
      Overview of problems that may occur when administrative shares are missing
      http://support.microsoft.com/default.aspx?scid=kb;EN-US;842715
      That’s not a complete list; it wasn’t updated for Vista/2008 and later. It’s so bad though that there’s no point, frankly. Removing these shares does not increase security, as only administrators can use those shares and you cannot prevent administrators from putting them back or creating equivalent custom shares.
      This is one of those “don’t do it just because you can” customizations.

    • #14711
      es mert
      Participant
      Member Points: 0
      Rank:

      ok, deleting admin shares creates problem. our desktop/laptop users have standart user rights on their computers. and they cannot change their ip settings or install/uninstall program etc. it is easy to control client computers and keep them safe and clean that way. our helpdesk team help them for that kind of tasks and that’s why they have local admin rights on client computers. it is ok except one situation, our manager doesn’t want our helpdesk team to access client computers local drives from admin shares. so what can I do? give users admin/power user/customized rights or change helpdesk local admin rights to  what?

      thanks

Viewing 1 reply thread
© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account