Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remove or not to remove default shares, that is the question

Status
Not open for further replies.
jmconsulting

jmconsulting

MIS
May 11, 2005
103
0
0
US
Greetings all.....

Maybe I was misled back in the early days of the NT server, but I was under the impression that you should always remove all default shares (C$, D$, etc) prior to allowing anyone to connect to the domain (or shortly there afterwords). I just heard of a situation (not sure off all the details) but where some app was attempting to be installed and they were uable to do so because the defaults have been removed.

Although I have not run into any occurance of the happening myself, I was just curious of anyones input on the subject of "to remove or not" the default shares.

PS....I am building a new server as we speak and just curious on anyone's expertise.
 
Sort by date Sort by votes
Would this happen to have anything to do with a post on here, in the SMS Forum?

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Upvote 0 Downvote
I would imagine some remotely deployed apps wouldn't work.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)
 
Upvote 0 Downvote
ncotton...no not directly. I did not read that post but I will look it up and follow it thru.

Just curious on what exposure (pros and con) there might be if one was to leave the default shares on the system as opposed to removing them completely.

58sniper...that is what I have heard thru the grapevine as well. Just curious on everyones experience on the matter.

thanks.....Jim
 
Upvote 0 Downvote
If you look at some of the Auditing tools out there like GFI LanGuard, this comes up as a low risk vulnerability. To compromise a system on one of these shares, the attacker would have to have acquired local admin privilege on the system. Once that's happened, I don't think the share really matters any more, does it?

Honestly, I can't say that I'd recommend removing it at this point.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Upvote 0 Downvote
I would not recommend the removal of the default shares. I can't tell you how often as an admin I have had to use them.

To gain access to these shares would require physical access to the network or VPN access AND would require the user to have admin rights. If they have met those criteria, you tell me what they CAN'T do on your network.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
109
microsGuy16
microsGuy16
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
119
Aquiles Vidal
Aquiles Vidal
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
138
gbaughma
gbaughma
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
92
DTGMI
DTGMI
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
82
technome
technome

Part and Inventory Search

Sponsor

Back
Top