|
 |  |  |  |  |  |  |
Welcome to Vista Forums we are your forum to discuss Windows Vista x64 and x86 systems. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
 |
| |||||||
 |
| | Thread Tools | Display Modes |
03-09-2007
| #1 (permalink) |
| Guest | How to Remove Shares C$ ADMIN$ ect. Hi: How can I remove shares (C$, ADMIN$) ? I remove them manually, but when I reboot they come back. I do not want them to come back, unless i specifically want to share them. I am running Windows Vista Ultimate Retail. Thanks. |
My System Specs |
|
03-09-2007
| #2 (permalink) |
| Guest | RE: How to Remove Shares C$ ADMIN$ ect. > How can I remove shares (C$, ADMIN$) ? > I remove them manually, but when I reboot they come back. > I do not want them to come back, unless i specifically want to share them. Why do you want to remove them? Unless you are in a domain they are unusable. If you want to, remove it run this from an elevated command prompt reg add HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters /v AutoShareWks /t REG_DWORD /d 0 |
| My System Specs |
|
03-09-2007
| #3 (permalink) |
| Guest | RE: How to Remove Shares C$ ADMIN$ ect. "Jesper" wrote: > Why do you want to remove them? Unless you are in a domain they are unusable. "Dominick" writes: ------ Give me one good explanation as to why I shouldnt remove them?? If a PC with default shares are active, and you put this PC on the internet without a firewall, dont you think this would be a major security breach for the PC???? Ofcourse it would. "Jesper" wrote: > If you want to, remove it run this from an elevated command prompt > reg add HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters /v > AutoShareWks /t REG_DWORD /d 0 "Dominick" writes: Oh I see the registry entries are still the same as 2000Server...thats ok, id rather go into regedit instead of using the command line to execute registry modifications. Thanks. |
| My System Specs |
|
03-09-2007
| #4 (permalink) |
| Guest | RE: How to Remove Shares C$ ADMIN$ ect. Hello Dominick, If you work with the ADMINISTRATOR without a password, than it can be unsecure. Best regards Myweb Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. > "Jesper" wrote: > >> Why do you want to remove them? Unless you are in a domain they are >> unusable. >> > "Dominick" writes: > ------ Give me one good explanation as to why I shouldnt remove them?? > If a PC with default shares are active, and you put this PC on the > internet > without a firewall, dont you think this would be a major security > breach for > the PC???? > Ofcourse it would. > > "Jesper" wrote: > >> If you want to, remove it run this from an elevated command prompt >> reg add >> HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters /v >> AutoShareWks /t REG_DWORD /d 0 > "Dominick" writes: > Oh I see the registry entries are still the same as 2000Server...thats > ok, > id rather go into regedit instead of using the command line to execute > registry modifications. Thanks. |
| My System Specs |
|
03-09-2007
| #5 (permalink) |
| Guest | Re: How to Remove Shares C$ ADMIN$ ect. "Dominick" <Dominick@discussions.microsoft.com> wrote in message news:372381F1-98FC-4457-A3CE-3A52815D8A1B@microsoft.com... > > > "Jesper" wrote: > >> Why do you want to remove them? Unless you are in a domain they are >> unusable. > > "Dominick" writes: > ------ Give me one good explanation as to why I shouldnt remove them?? > If a PC with default shares are active, and you put this PC on the > internet > without a firewall, dont you think this would be a major security breach > for > the PC???? > > Ofcourse it would. Surely, but not because of the shares. As Jesper notes, they're not really usuable in the scenario you mention above. We can either deal in facts and talk about the way things work or we can run around like bad B-Movie characters screaming "OMG Teh SHARES... WHY WON'T THE TOWNSFOLK LISTEN TO ME!!!!!"? |
| My System Specs |
|
03-09-2007
| #6 (permalink) |
| Guest | RE: How to Remove Shares C$ ADMIN$ ect. > If you work with the ADMINISTRATOR without a password, than it can be unsecure. Logon from the network with a blank password has been disabled since Windows XP, so no. On the contrary, you would probably be MORE secure with a blank password than with one of the very weak ones ("password" "1234" "letmein" "1111") that too many people use. > > ------ Give me one good explanation as to why I shouldnt remove them?? Give me one good reason to remove them. What SPECIFIC threat are you trying to mitigate by removing them? > > If a PC with default shares are active, and you put this PC on the > > internet > > without a firewall, dont you think this would be a major security > > breach for > > the PC???? > > Ofcourse it would. No it would not. First, the shares are only accessible by a properly authenticated administrator. If I have administrative access to your machine, but you have turned these shares off, it is a matter of 10 lines of code to turn them back on again, or turn on something else that I would rather use. Removing these shares in no way restricts a remote, malicious, administrator from accessing your system. Second, why are you talking about a non-firewalled system at all? Vista has a built-in firewall, that is on by default, that blocks access to these shares, by default. In addition, there are multiple other layers of protection against compromise via the administrative shares. Sure, if you turn off the firewall, enable the ability to log on without a password, remove the password from the built-in administrator account, enable that account, turn off user account control, AND (not or) hook the system up to the Internet, then yes, you have put yourself at risk. Are you planning on doing that? If so, can I have your IP address? Third, on a non-domain joined Windows Vista system you get a restricted token when logging on remotely with an administrative account defined in the local SAM. That means that you will fail the access check for the administrative shares because your token has the Administrators SID set for deny only. In other words, on a non-domain joined Windows Vista system, these shares are inaccessible from the network already, for a number of reasons. On a domain-joined Vista system they are accessible from the network when the machine is in the domain or private firewall profiles, but only for someone using a domain account that is in the local admins group. Finally, you have yet to describe a risk with leaving these shares on. So has everyone else, who have never built an operating system and yet, for twelve years have been telling people to modify core functionality in the operating system. Nobody has yet been able to present a solid case where this presents a real threat that outweighs the potential risk of modifying how the OS works. You do not know what software needs these shares. There is an unknown risk inherent in disabling them. That unknown risk is to be pitted against the undefined security risk involved in leaving them on. In the absence of any information pointing one way or the other in this debate, why should we do anything at all? Why should we modify how our operating system works if there is no reason to do so? |
| My System Specs |
|
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Can you enable the Admin Shares Drive$ in a workgroup | WillyNPG | Vista account administration | 1 | 03-13-2008 07:33 AM |
| Admin access to Vista Registry Remote & locally in Admin Approval | Gayle | Vista security | 0 | 10-24-2007 09:26 AM |
| Remove Admin from Welcome Screen & NOT UAC | Norbster | Vista account administration | 5 | 05-29-2007 12:44 PM |
| Admin shares | Andreas | Vista account administration | 0 | 04-18-2007 12:28 PM |
| Accessing Admin Shares | Sean | Vista networking & sharing | 2 | 02-07-2007 02:26 PM |
Linear Mode
