In-Reply-To: <[EMAIL PROTECTED]> Forgive my ignorance, but why is it so important to remove the default shares? Would this not hinder your manage abilities for all your desktops? For instance, the Domain Administers would no longer be able to simply type \\computername\c$ to access the drive. If the accounts are renamed, and password are strong, how is this still a security issue? Would it still be recommended for LANs/WANs to disable these shares, or just simply if it's a world routable IP?
What are the disadvantages of disabeling these shares, and NULL logins? I'm about to impliment 100 WindowsXP workstations, and any security tweaks are very much appreciated. Please note however they are in different locations across a WAN, and will eventually have Active Directory with W2003, and SMS. So I don't want to run into problems because I disable these shares that might be needed in the future. >><SNIP> >>I believe there might be a way in the registry to remove the >>administrative shares altogether, but whether there is or isn't you need >>to make sure you have strong passwords for the administrator account and >>you should assign a strong password to the Guest account even if you >>keep the account disabled. ></SNIP> > >I strongly suggest renaming the local Administrator and Guest account >to something that is not easily guessed at. In addition, you should >probably create "dummy" accounts named "Administrator" and "Guest" >that have no rights/no group memberships and are disabled. Monitor >the dummy accounts closely for log in attempts. > >If you machines are going to be exposed to the Internet, you will >have to hack the registry to remove the all the default shares. >Technet has several fine articles on this. >-- >Thanks, > >Ms. Jimi Thompson, CISSP, Rev. > >"Those who are too smart to engage in politics are punished by being >governed by those who are dumber." --Plato --------------------------------------------------------------------------- ----------------------------------------------------------------------------
