Leon, What you can do is Secure the built-in accounts (which constitute much greater than average targets of attack) by going to the Control Panel, Administrative Tools, Computer Management, System Tools, Local Users and Groups, then Users:
- Rename the default Administrator account to a nonconspicuous name, change the account description to "User account," and enter a very long (up to 104 characters) and as difficult-to-guess a password as possible. Record the password on the piece of paper that you place in an extremely secure location, e.g., in your wallet or purse. Do not share this password with anyone else and do not leave the slip of paper on which the password is written where anyone else might see it. Use the built-in Administrator account, which in Windows XP (as in Windows 2000) does not lock after excessive bad logon attempts, only for emergency access. - Create one additional account that is a member of the Administrators group for yourself and another for each person who needs to administer your system. Create an unprivileged account for each Administrator, also. Use the unprivileged account when you are engaged in normal activities such as web surfing, obtaining ftp access, and downloading mail. Use the privileged account only when you are performing system administration tasks. - Create a new, unprivileged account named "Administrator," a decoy account designed to deflect attacks designed to give unauthorized access to the Administrator account. Ensure that this account is in only the Guest group. Enter the description of "Built-in account for administering the system" (even though this is not true). Inspect your Event Logs often to determine whether people are trying to logon to this account. Michael |-----Original Message----- |From: Leon Pholi [mailto:[EMAIL PROTECTED]] |Sent: Sunday, December 08, 2002 6:28 PM |To: [EMAIL PROTECTED] |Subject: XP admin shares | |Hi everyone, | |Just a quick one, does anyone know how to stop the default administrative |file shares in Win XP (professional edition)? One would think this would be |a standard part of locking down a box, but can't find much on it for XP. | |You can do it through Computer Management but they'll be re-enabled at |reboot, and the Win2k key of |HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShar eWks |doesn't seem to exist. Any ideas? | |Thanks, |Leon Disclaimer - 12/09/2002, 13:38:08 This message contains confidential information and is intended only for [EMAIL PROTECTED] If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secured or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
