Windows insists on sharing my entire hard disk, despite the fact that I've only elected to share specific folders. What are administrative shares, and why can't I turn them off?
Hmm… it's almost as though Microsoft cares more about corporate strategy than the personal security of their customers. Funny, that.
If you're using Windows XP Professional (or Media Center Edition), your entire hard disk is indeed being shared on your network whether you like it or not.
If you open Windows Explorer, right-click drive C :, and select Sharing and Security, you'll see that the drive is already shared as C$ . This is called an administrative share , and although the $ suffix makes it hidden in My Network Places , users on your network can still browse the
share thereby gaining access to all the files on your drive by typing the following path into Windows Explorer's address bar:
\\mycomp\c$
where mycomp is the name of your PC. Combine this with the fact that user accounts don't have passwords by default, and you'll see how insecure Windows XP can be.
Administrative shares allow network administrators to install software, run Disk Defragmenter, or perform other maintenance on your PC remotely. But unless you're in a corporate environment, you have nothing to gain by leaving this back door open… and everything to lose.
To patch this hole, open the Registry Editor (go to Start --> Run and type regedit ), and navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanserver\parameters . In the right pane, double-click the AutoShareServer value, type 0 in the "Value data" field, and click OK. Then double-click the AutoShareWks value, type 0 in the "Value data" field, and click OK. Close the Registry Editor when you're done.
Next, go to Start --> Run, type compmgmt.msc , and click OK to open the Computer Management tool. In the System Tools branch on the left, click the [+] icon next to Shared Folders to expand it, and then highlight the Shares folder. To manually remove the administrative shares, right-click each one (e.g., C$, D$, E$ ) and select Stop Sharing. Go ahead and remove any hidden share (anything with a dollar sign in the name), with the following three exceptions:
IPC$ , which stands for Inter-Process Communication, is used for remote administration of your computer, something very few people need outside of a corporate environment. Although it has been proven that the IPC$ share can be exploited, the only way to disable it permanently is to turn off file sharing altogether. You can stop sharing IPC$ temporarily, but Windows will recreate the share the next time you restart.
print$ is used to exchange printer driver files when you share a printer. You should leave this share intact.
wwwroot$ will be present if Microsoft's Internet Information Server (IIS) software is installed. Leave this share intact if you want to use your computer as a web server or a web software development platform.
When you're done, restart your computer, and then reopen the Computer Management tool to check your work.
0 comments:
Post a Comment