You should not bother controlling access via share removals or modification of share permissions.
You are likely to find that if you remove $ shares, you can no longer backup you boxes remotely. Other utilities that allow for the remote creation of Emergency Repair Disks (Aleita ERDisk is one) will probably fail as well. You should use NTFS permissions to control access. Caution: never deny everyone access. "Everyone" includes administrators. Denying access raises a logistical nightmare. If you Deny several groups, what happens when another group is created after that? Unless you remember to go back and deny them as well, they will end up with access. Instead, explicitly permit what groups get access. Also some features of group policy allow you to add security. Bob -----Original Message----- From: Juan Rosas [mailto:[EMAIL PROTECTED]] Sent: Friday, October 12, 2001 1:37 PM To: NT 2000 Discussions Subject: RE: Ramifications of removing Administrative shares in W2k. The reason is that we are trying to find the best way to secure our servers and I found a couple articles that recommended removing these shares. now the ones they propose to remove are c$ and any other drive, they also mentioned that IPC$ and Admin$ should not be affected. -----Original Message----- From: Wes Owen [mailto:[EMAIL PROTECTED]] Sent: Friday, October 12, 2001 1:17 PM To: NT 2000 Discussions Subject: RE: Ramifications of removing Administrative shares in W2k. SMS looks for these. BE defaults to these. Why remove them? -----Original Message----- From: Juan Rosas [mailto:[EMAIL PROTECTED]] Sent: Friday, October 12, 2001 12:00 PM To: NT 2000 Discussions Subject: Ramifications of removing Administrative shares in W2k. Current config: Windows 2000 Server SP2 IIS 5 BackupExec 8.5 Exchange 2000 Server SP1 Mcafee GroupShiels 5.0 We are currently reviewing the possibility of removing the Administrative shares in all of our windows 2000 server (c$,Admin$, etc..) Does anybody knows if this can have any secondary effects in any of our applications. Thank you, Juan Rosas [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are NOT the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ... ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
