Robert, That is accurate, however these shares can be turned off by Policy\Reg Hack.
See: http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14437 In answer to the original question: I can't site an issue with a particular application per se, however Robert is right. If you want to keep people from accessing these shares control who belongs to the local administrator's group on the machines. If you don't have a handle on that - eliminating these shares won't solve your problem. The wrong people will still have elevated privilege. In a general sense, you are disabling a useful administrative feature. You will not be able to access these shares to push or audit anything on the hard drives. Oh wait - I think I can site a specific application. I believe the HFNETCHK will be unable to audit file versions remotely. So if your aim is to increase security, you had better have an alternate method of checking the patch level of machines. (there are lots of alternate methods, but there are elements of HFNETCHK that I really like.) I would say this is a hack which belongs on Machines in a DMZ, or otherwise generally exposed machines, but it isn't something I do on machines inside my network. As afr as exposed machines - you would have to expose ports 137-139 for this to be useful, and the attacker would still need to gain admin on the box before exploiting it. These ports ought not be open, and any decent ISP should block them. Of course if your users connect to their own ISPs, this is an issue, but only one amongst many. In fact if that is the case you need to go look at Tiny Firewall before you can start to feel a little secure with this practice. ----Original Message Follows---- From: "Robert VadeBonCoeur" <[EMAIL PROTECTED]> Reply-To: "NT 2000 Discussions" <[EMAIL PROTECTED]> To: "NT 2000 Discussions" <[EMAIL PROTECTED]> Subject: Re: Ramifications of removing Administrative shares in W2k. Date: Wed, 17 Oct 2001 21:29:14 -0500 You can remove these shares, however they are re-created when you restart the server. The server service (I believe that is it) re-creates these shares upon restarting. Go ahead and try stopping the share. You'll receive a message telling you this. Having the right security setup will protect you to where you should be. Robert VadeBonCoeur LAN / WAN Administrator [EMAIL PROTECTED] > Current config: > > Windows 2000 Server SP2 > IIS 5 > BackupExec 8.5 > Exchange 2000 Server SP1 > Mcafee GroupShiels 5.0 > > We are currently reviewing the possibility of removing the > Administrative shares in all of our windows 2000 server (c$,Admin$, > etc..) Does anybody knows if this can have any secondary effects in any > of our applications. > > Thank you, > > > Juan Rosas > [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
