RE: [NTSysADM] Re: Windows 7 firewall

[Melvin Backus]

Usually they're admins within their workgroup since they frequently wind up 
working on multiple machines based on what project they're on.  Outside they're 
workgroup  they're just plain users.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ken Schaefer
Sent: Monday, July 07, 2014 8:51 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Re: Windows 7 firewall

Someone being an admin on their own machine doesn't give them access to anyone 
else's ADMIN$ share. Or are you saying everyone's an admin on *every* machine?

What's the scenario you're trying to detect here? Someone accessing their own 
machine? Or someone accessing someone else's machine?

Cheers
Ken

--
http://au.linkedin.com/in/kschaefer



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Monday, 7 July 2014 9:32 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Re: Windows 7 firewall

True, accept that due to management ...  hmm, what's the word...  anyway, all 
users have local admin rights. :(  If I were actually alone in this situation 
I'd be much less dismayed since I would be able to point to anywhere else and 
say, "Nobody else allows this", but hey, it pays the bills.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Thursday, July 03, 2014 9:42 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Re: Windows 7 firewall

In general, since only high-privilege users can access admin shares, if you 
can't trust your high-privilege users - then fire them. :)

[By default, admin shares can only be accessed by Backup Operators, Server 
Operators, and local Administrators.]

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Angus Scott-Fleming
Sent: Thursday, July 3, 2014 8:34 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Re: Windows 7 firewall

On 2 Jul 2014 at 19:53, David McSpadden wrote:

>     Is there a way to set Windows Firewall up to popup when someone is 
> accessing your admin
>     shares?

This article is a bit dated, but there's probably an app for that.

4 ways to monitor who is accessing your shared folders/files
http://dottech.org/11324/4-ways-to-monitor-who-is-accessing-your-shared-foldersfiles/

This one claims to work on Win7:

ShareWatch
http://stevemiller.net/sharewatch/

This article is more current:

7 Ways to Monitor Shared Folders For Who Modified or Deleted Files * Raymond.CC
https://www.raymond.cc/blog/track-who-modified-or-deleted-files-in-your-shared-folder/

and several of the apps there claim to work on Win7.