PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Windows XP > Windows XP Security > C$

Reply
Thread Tools Rate Thread

C$

 
 
Seth Gecko
Guest
Posts: n/a
 
      6th Jan 2004
Hi

Could someone please tell me if this is normal.
On Win2k Network with XP machines, if you are an administrator on the server
you can \\computername\c$ and see anyone's complete
hard drive irrespective whether they have shared it or not ?

Surely this is a big problem. I can imagine the CEO having his hard drive
invaded by a network administrator
whenever he felt like it.

please advise of anything can be done

thanks
 
Reply With Quote
 
 
 
 
Shenan Stanley
Guest
Posts: n/a
 
      6th Jan 2004
Seth Gecko wrote:
> Could someone please tell me if this is normal.
> On Win2k Network with XP machines, if you are an administrator on the
> server you can \\computername\c$ and see anyone's complete
> hard drive irrespective whether they have shared it or not ?
>
> Surely this is a big problem. I can imagine the CEO having his hard
> drive invaded by a network administrator
> whenever he felt like it.
>
> please advise of anything can be done

That is default.
If it is a domain environment, all domain admins can fully access all
machines by default.

You can turn off the shares and do various other things to prevent this, but
if you do not disable all access, the domain admin will still be able to
over-ride and restore access.

(Thus why you have domain admins you trust - they have access to all the
files/email you have on the servers too.)

--
<- Shenan ->
--
 
Reply With Quote
 
Roger Abell [MVP]
Guest
Posts: n/a
 
      6th Jan 2004
That is how NT has been for many, many years.
These are called the default administrative shares,
and are only accessible by admin accounts.

These can be shut off
Run Regedit

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Change (or create if missing) the DWORD value "AutoShareWks", and set it to
0 (zero)

"Seth Gecko" <(E-Mail Removed)> wrote in message
news:gpqdnUlf6tac_GeiRVn-(E-Mail Removed)...
> Hi
>
> Could someone please tell me if this is normal.
> On Win2k Network with XP machines, if you are an administrator on the
server
> you can \\computername\c$ and see anyone's complete
> hard drive irrespective whether they have shared it or not ?
>
> Surely this is a big problem. I can imagine the CEO having his hard drive
> invaded by a network administrator
> whenever he felt like it.
>
> please advise of anything can be done
>
> thanks
>
>
 
Reply With Quote
 
Rehan
Guest
Posts: n/a
 
      6th Jan 2004
If it is NTFS volume then selectively make sensitive folders private using
a local account. Since it is on network it must be XP Pro so you can encrypt
these folders as well.

Note that the determined admin can still access it although would require
jumping some hoops. If you cannot trust the admin then fire him. Get
somebody who is trust worthy.


"Seth Gecko" <(E-Mail Removed)> wrote in message
news:gpqdnUlf6tac_GeiRVn-(E-Mail Removed)...
> Hi
>
> Could someone please tell me if this is normal.
> On Win2k Network with XP machines, if you are an administrator on the
server
> you can \\computername\c$ and see anyone's complete
> hard drive irrespective whether they have shared it or not ?
>
> Surely this is a big problem. I can imagine the CEO having his hard drive
> invaded by a network administrator
> whenever he felt like it.
>
> please advise of anything can be done
>
> thanks
>
>
 
Reply With Quote
 
Star Fleet Admiral Q
Guest
Posts: n/a
 
      7th Jan 2004
Encrypting won't do much either, as a Domain Admin can designate his/her
logon as the recovery agent, thus gaining access to the files.

"Rehan" <rehan@[nospam]ntlworld.com> wrote in message
news:%(E-Mail Removed)...
> If it is NTFS volume then selectively make sensitive folders private
using
> a local account. Since it is on network it must be XP Pro so you can
encrypt
> these folders as well.
>
> Note that the determined admin can still access it although would require
> jumping some hoops. If you cannot trust the admin then fire him. Get
> somebody who is trust worthy.
>
>
> "Seth Gecko" <(E-Mail Removed)> wrote in message
> news:gpqdnUlf6tac_GeiRVn-(E-Mail Removed)...
> > Hi
> >
> > Could someone please tell me if this is normal.
> > On Win2k Network with XP machines, if you are an administrator on the
> server
> > you can \\computername\c$ and see anyone's complete
> > hard drive irrespective whether they have shared it or not ?
> >
> > Surely this is a big problem. I can imagine the CEO having his hard
drive
> > invaded by a network administrator
> > whenever he felt like it.
> >
> > please advise of anything can be done
> >
> > thanks
> >
> >
>
>
 
Reply With Quote
 
 
 
Reply

« Permission on file or folders without using domain controller | popups on my windows desktop »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 07:32 PM.
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top