Yes, profiles are stored in documents and settings dir now on 2000. If
you're concerned about locking down the server, I would definitely put on
all sec patches and sp2 for win2k!!!
Toby
Oh, and that share looks like an administrative share, which you can remove
through the local policy editor, the entry should be something like
autoshareserver. I'll bet you also will see c$ shares, until you apply this
local sec policy change.
-----Original Message-----
From: Stephen Villano [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 7:10 PM
To: SECURITY-BASICS (E-mail)
Subject: RE: Mysterious folder in Win2000 A.S.
Looks like a roving profile is set. That directory structure is one I
usually see in the user's profile directory. Perhaps (I'm not fully up to
speed with win2k yet) the profile data is being stored in the documents and
settings dir now.
HTH
-----Original Message-----
From: Birl [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 10:11 AM
To: [EMAIL PROTECTED]
Subject: Mysterious folder in Win2000 A.S.
Running Windows 2000 Advanced Server (no Service Packs).
Found a mysterious folder under C:\Documents and Settings\
called <computername>$
ie: BlackBox-01$ since the name of the computer is BlackBox-01.
What catches my attention:
1) Not all of the servers that are running Win2000 A.S. have this folder.
2) The folder contains following tree structure
BlackBox-01$\ (This name depends on the computer name)
Application Data\
Microsoft\
Internet Explorer\
System Certificates\
My\
Certificates\
CRLs\
CTLs\
Local Settings\ (hidden)
Application Data\ (hidden)
History\ (hidden)
Temp\
Temporary Internet Files\ (hidden)
NTUser.dat (hidden file) (in use)
NTUser.dat.log (hidden file)
NTUser.ini (hidden file)
The only places where I found NTUser.dat* (on other systems) was:
C:\Documents and Settings\Administrator\
C:\Documents and Settings\Default User\
C:\WinNT\Repair\
It's creation date is 08/22/2001. It's modified date is the same.
Does anyone know how this folder may have been created?
Before placing this server on the network, I tighten down the services
and TCP/UDP ports. So I am at a loss as to how this folder may have been
created.
There are no additional users and/or groups created. And I am the only
person with the Administrator password.
Thanks ahead of time.
Scott Birl [EMAIL PROTECTED]
UNIX Consultant/Systems Administrator Computer Services Temple
University
1805 North Broad Street Philadelphia Pennsylvania 19122 United States
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*=
===*
