Accessing c$ remotely?

[scootgirl.com]

Hi,

I've just installed WindowsXP Professional with SP2 (had win2k sp4) on the
two computers in my home network.

I'd like to be able to access the administrative shares like c$ remotely
with my other computer like how I was able to with win2k.

I have both computers set so users have passwords, are members of
administrators on both computers, and file and print sharing is working with
otherwise created shares. The home network is behind a NAT router and are
not working on an NT domain.

I've tried disabling the firewall on both computers with no change. When I'm
on one computer I can access its own administrative share such as c$ but not
from anywhere else.

Also, I can't use those handy tools from www.sysinternals.com like pstools
remotely across the network like I used to be able to.

So I'm thinking this must be a policy setting. Where can I look to allow
this access?

Karen
http://scootgirl.com/

 

[scootgirl.com]

RESOLUTION:

In Control Panel, double-click Administrative Tools.

Click Local Security Policy.

Locate the policy in the "Security Settings\Local Policies\Security
Options\Network Access: Sharing and security model for local accounts"
folder.

Right-click the policy, and then click Properties.

In the box, click Classic - local users authenticate as themselves.

Click OK.

 

[André Cruz]

Hello,

In Control Panel-Windows Firewall-Then select the exception for File and
Print Sharing and it should solve your problem you might need to check also
in Windows Firewall Advanced under ICMP-Settings check Allow incoming echo
request, you can try in start-run-cmd ping your other machine and if it
doesn't reply you may need to check it.

Hope this helps

 

[cquirke (MVP Win9x)]

On Mon, 13 Sep 2004 15:32:04 -0700, "scootgirl.com"

I've just installed WindowsXP Professional with SP2 (had win2k sp4) on the
two computers in my home network.

I'd like to be able to access the administrative shares like c$ remotely
with my other computer like how I was able to with win2k.

Frankly, I'd kill off those shares in all cases, because they are
fundamentally contrary to the "safe hex" principle of NEVER providing
write-access to any part of the system startup axis.

Else it's an open door for malware on one PC to drill into and run
from every other PC on the network.

Even if I needed to administer multiple PCs on the network, I would
not do it this way. Instead, I'd "privitize" access to startup
locations etc. by using my own code on the workstations to integrate
what I push through a small and not auto-running share on that PC.

There's be checks made at this point, to verify it really was me
trying to push the stuff. Sure, it's "security by obscurity", but as
long as I don't blab the details on the 'net or build this into a
mass-rolled-out product, it's enough to block malware bots.

I have both computers set so users have passwords, are members of
administrators on both computers, and file and print sharing is working with
otherwise created shares. The home network is behind a NAT router and are
not working on an NT domain.

While NAT should stop your shares being exploited directly from the
Internet, security in depth requires you to think beyond that, to;
what happens when one of the PCs gets infected?

I've tried disabling the firewall on both computers with no change. When I'm
on one computer I can access its own administrative share such as c$ but not
from anywhere else.

Small mercies; let's hope the band-aid holds. Yes, I'm editorializing
and not giving you what you want, because I think what you are asking
for won't be what you want in the bigger sense.

XP may have better band-aids on admin shares than Win2000 had, and SP2
may strengthen these further, but IMO it's better to kill them
completely, and write-share as narrowly as possible.

There are many (most?) traditional malware (viruses, worms) that are
aware of and use LAN shares, and they don't all require these to be
called "C" or be mapped to a drive letter. At best, malware runs in
your user context, so if you can use the share, so can the malware.
At worst, malware can exscalate its way beyond any "I'm safe because I
didn't log on as admin" constraints to full system access.

With that in mind, if it exists, it can be a menace, band-aids or no.

--------------- ----- ---- --- -- - - -

Never turn your back on an installer program