Hi All

I know that if one is on a network then it is possible for the
"Administrator" to \\computername\C$ and see your whole drive
due to the built in share on windows XP.

I would like to know if there is any way that one can detect whether this
has been done if one suspects it.
Is there any spyware or related software that I can install to track if this
is being done ?
Is there any way in the server environemnt where it is logged ?
Is there anything at all i can do on my PC to see if it was accessed in this
way.

Any help would be appreciated !


Thanks !

No, an administrator will have to first define the C drive to be shared,
either through logon script, with an answer file during install, or if the
admin used an image.

If an admin did do this, most likely you will not have any rights to install
any apps or even be able to access a server in a client/server environment.

Even if you are not an admin, you will know that this share exists. And this
is not a "built in share" on windows XP. Sharing the C drive must be
defined, it is not automatic.

--
Micah E.
A+ Cert.


"SethGecko" <(E-Mail Removed)> wrote in message
news:vLWdnWUdEKP9nFzfRVn-(E-Mail Removed)...
> Hi All
>
> I know that if one is on a network then it is possible for the
> "Administrator" to \\computername\C$ and see your whole drive
> due to the built in share on windows XP.
>
> I would like to know if there is any way that one can detect whether this
> has been done if one suspects it.
> Is there any spyware or related software that I can install to track if
> this
> is being done ?
> Is there any way in the server environemnt where it is logged ?
> Is there anything at all i can do on my PC to see if it was accessed in
> this
> way.
>
> Any help would be appreciated !
>
>
> Thanks !
>
>

From: "SethGecko" <(E-Mail Removed)>

| Hi All
|
| I know that if one is on a network then it is possible for the
| "Administrator" to \\computername\C$ and see your whole drive
| due to the built in share on windows XP.
|
| I would like to know if there is any way that one can detect whether this
| has been done if one suspects it.
| Is there any spyware or related software that I can install to track if this
| is being done ?
| Is there any way in the server environemnt where it is logged ?
| Is there anything at all i can do on my PC to see if it was accessed in this
| way.
|
| Any help would be appreciated !
|
| Thanks !
|
C$ is an automataically created share. It can't be removed but it can be disabled.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
Double click on AutoShareServer and set it to 0 to disable it for a server.
Double click on AutoShareWks and set it to 0 to disable it for a
workstation.
If the entries are not present, Add Value of type REG_DWORD. The Range is 0
(disable) or 1 (enable - the default).

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Also, doesn't removing File and Print Sharing Service from the Network
properties disable this? I could be wrong, please correct me if I am. Check
with your network admin before doing this, since this service can be used for
other things as well.

Jason Ryon

"David H. Lipman" wrote:

> From: "SethGecko" <(E-Mail Removed)>
>
> | Hi All
> |
> | I know that if one is on a network then it is possible for the
> | "Administrator" to \\computername\C$ and see your whole drive
> | due to the built in share on windows XP.
> |
> | I would like to know if there is any way that one can detect whether this
> | has been done if one suspects it.
> | Is there any spyware or related software that I can install to track if this
> | is being done ?
> | Is there any way in the server environemnt where it is logged ?
> | Is there anything at all i can do on my PC to see if it was accessed in this
> | way.
> |
> | Any help would be appreciated !
> |
> | Thanks !
> |
> C$ is an automataically created share. It can't be removed but it can be disabled.
>
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
> Double click on AutoShareServer and set it to 0 to disable it for a server.
> Double click on AutoShareWks and set it to 0 to disable it for a
> workstation.
> If the entries are not present, Add Value of type REG_DWORD. The Range is 0
> (disable) or 1 (enable - the default).
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

This is rather a corporate etiquette than technical question. Administrative
shares are there on purpose and believe me, a network admin got a good
reason if she has to connect to hidden shares. Management can press an admin
to restrict this ability but you should have to convince them.
Use a corporate workstation for your job duties only and sleep well.

SethGecko, <(E-Mail Removed)>, the gonadal, do-nothing heroin addict,
and employee responsible for building high stone walls from small pebbles
using dog **** for mortar, huffed:

> Hi All
>
> I know that if one is on a network then it is possible for the
> "Administrator" to \\computername\C$ and see your whole drive
> due to the built in share on windows XP.
>
> I would like to know if there is any way that one can detect whether
> this has been done if one suspects it.
> Is there any spyware or related software that I can install to track
> if this is being done ?
> Is there any way in the server environemnt where it is logged ?
> Is there anything at all i can do on my PC to see if it was accessed
> in this way.
>
> Any help would be appreciated !
>
>
> Thanks !

Why not just disable all the default shares?
If only you had posted to alt.os.windows-xp rather than your shosen groups
which, quite frankly, are full of stupid cunts who have less than a clue
between them.

If you want to know how to sort this out then post where I mentioned.

--
For my own part, I have never had a thought which I could not set down
in words with even more distinctness than that with which I conceived
it. There is, however, a class of fancies of exquisite delicacy which
are not thoughts, and to which as yet I have found it absolutely
impossible to adapt to language. These fancies arise in the soul, alas
how rarely. Only at epochs of most intense tranquillity, when the
bodily and mental health are in perfection. And at those weird points
of time, where the confines of the waking world blend with the world of
dreams. And so I captured this fancy, where all that we see, or seem,
is but a dream within a dream.

Micah E., <(E-Mail Removed)>, the cankerous, skanky friar, and navy
press gang member, nitpicked:

> No, an administrator will have to first define the C drive to be
> shared, either through logon script, with an answer file during
> install, or if the admin used an image.
>

CRAP

> If an admin did do this, most likely you will not have any rights to
> install any apps or even be able to access a server in a
> client/server environment.
> Even if you are not an admin, you will know that this share exists.
> And this is not a "built in share" on windows XP. Sharing the C drive
> must be defined, it is not automatic.

BWAHAHAHAHAHAHAHAHAHA you ****ing idiot.

--
For my own part, I have never had a thought which I could not set down
in words with even more distinctness than that with which I conceived
it. There is, however, a class of fancies of exquisite delicacy which
are not thoughts, and to which as yet I have found it absolutely
impossible to adapt to language. These fancies arise in the soul, alas
how rarely. Only at epochs of most intense tranquillity, when the
bodily and mental health are in perfection. And at those weird points
of time, where the confines of the waking world blend with the world of
dreams. And so I captured this fancy, where all that we see, or seem,
is but a dream within a dream.

If you want to see if anyone is on the share go to administrative tools/
computer management. Then select shared folders, then click shares. You can
view if there are any current connections to that share, or any share on your
computer.

Look at your local security settings for policies you would like to enforce.
If you are in an enviroment where you would/ should change these
configuration settings.


"SethGecko" wrote:

> Hi All
>
> I know that if one is on a network then it is possible for the
> "Administrator" to \\computername\C$ and see your whole drive
> due to the built in share on windows XP.
>
> I would like to know if there is any way that one can detect whether this
> has been done if one suspects it.
> Is there any spyware or related software that I can install to track if this
> is being done ?
> Is there any way in the server environemnt where it is logged ?
> Is there anything at all i can do on my PC to see if it was accessed in this
> way.
>
> Any help would be appreciated !
>
>
> Thanks !
>
>
>

That reminds me, you can check if anybody is currently using your share with
the admin tools>computer management, but that only works if they are on it
right now. You can check the event viewer (run "eventvwr" from the run
command line) In the security log, it lists who has logged in or
authenticated with the computer...even if it's only to the shared drive.
You can sort by user name and check to see if any people have logged on that
shouldn't. There are possibly a lot of names like system, anonymous logon
and your username, but other than that, I would be suspicious.

Hope this helps,
Jason Ryon

"802dotjohn" wrote:

> If you want to see if anyone is on the share go to administrative tools/
> computer management. Then select shared folders, then click shares. You can
> view if there are any current connections to that share, or any share on your
> computer.
>
> Look at your local security settings for policies you would like to enforce.
> If you are in an enviroment where you would/ should change these
> configuration settings.
>
>
> "SethGecko" wrote:
>
> > Hi All
> >
> > I know that if one is on a network then it is possible for the
> > "Administrator" to \\computername\C$ and see your whole drive
> > due to the built in share on windows XP.
> >
> > I would like to know if there is any way that one can detect whether this
> > has been done if one suspects it.
> > Is there any spyware or related software that I can install to track if this
> > is being done ?
> > Is there any way in the server environemnt where it is logged ?
> > Is there anything at all i can do on my PC to see if it was accessed in this
> > way.
> >
> > Any help would be appreciated !
> >
> >
> > Thanks !
> >
> >
> >

SethGecko wrote:

> Hi All
>
> I know that if one is on a network then it is possible for the
> "Administrator" to \\computername\C$ and see your whole drive
> due to the built in share on windows XP.
>
> I would like to know if there is any way that one can detect whether this
> has been done if one suspects it.
> Is there any spyware or related software that I can install to track if this
> is being done ?
> Is there any way in the server environemnt where it is logged ?
> Is there anything at all i can do on my PC to see if it was accessed in this
> way.
>
> Any help would be appreciated !
>
>
> Thanks !

Auditing is disabled by default on XP.

You can enable auditing for logon events in Local Security Settings,
then the security event log will record all logons to your system
whether they occur locally or via the network.

Triffid