Re: Accessing C$
From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 03/22/04
- Next message: Chuck: "Re: Connect XP Home and NT workstation"
- Previous message: Ken Wickes [MSFT]: "Re: Cannot create a new connection"
- In reply to: cquirke (MVP Win9x): "Re: Accessing C$"
- Next in thread: cquirke (MVP Win9x): "Re: Accessing C$"
- Reply: cquirke (MVP Win9x): "Re: Accessing C$"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 22 Mar 2004 15:44:31 -0800
You're talking about XP? Shares don't have passwords. Any account with a
blank password is denied remote access. I doubt this change will be
backported to Win2k or NT unless they have a "security release" like XP is
getting with SP2, but I'm not directly involved with that team, so I can't
say for certain.
-- Drew Cooper [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "cquirke (MVP Win9x)" <cquirkenews@nospam.mvps.org> wrote in message news:0n5r50t8ogceqm2khovggist55s7sm6ufb@4ax.com... > On Tue, 16 Mar 2004 22:14:59 -0500, "Colin Nash [MVP]" > > About hidden c$ admin share... > > >Also, if the password for "Administrator" is blank it will, by default, > >block access regardless of anything else. XP has a setting that does not > >allow accounts with blank passwords to gain access over the network. This > >is new and was not in NT or 2000. > > That's great news for XP users! I guess it's Darwin take the hindmost > for Win2000 or NT tho, unless there's a patch that retrofits this? > > Almost all my clients are standalones or small peer-to-peer where all > who have physical access are trusted equallity. They want: > - no remote access rights whatsoever > - unfettered local access by all users > - one user profile per PC > > They also expect data to be recoverable from sick or bonked HDs, and > that pre-payload active malware can be cleaned up without barfing the > system. Those standard Win9x expectations can be delivered on FATxx. > > So my approach has been: > - 1 user account per PC, with full rights > - FATxx file systems throughout > - simple file sharing > - no admin password (at Safe Mode or RC level) > - account pwd that's auto-logged on (TweakUI) as needed for Tasks > - highly selective shares that exclude C:\ and OS subdir > - further patches, risk management, goalies of last resort (av) > - firewall if possible (tricky when forced to F&PS on TCP/IP) > > In this situation: Would c$ have blank password and be blocked, or > (because the sole user account is Admin rights) use the account's pwd? > As it is, I've taken to applying a .REG to kill these admin shares, as > they look like 100% risk, 0% benefit to me in the contexts I describe. > > When, and only when, I have some users needing to do things other > users shouldn't be allowed to do, do I switch to the "turn it on but > hide it under a password" approach. Also, only then do I find clients > actually start listening when I describe user/pwd-based security; for > the first time, it sounds like something they actually *want* :-) > > > > >-------------------- ----- ---- --- -- - - - - > Running Windows-based av to kill active malware is like striking > a match to see if what you are standing in is water or petrol. > >-------------------- ----- ---- --- -- - - - -
- Next message: Chuck: "Re: Connect XP Home and NT workstation"
- Previous message: Ken Wickes [MSFT]: "Re: Cannot create a new connection"
- In reply to: cquirke (MVP Win9x): "Re: Accessing C$"
- Next in thread: cquirke (MVP Win9x): "Re: Accessing C$"
- Reply: cquirke (MVP Win9x): "Re: Accessing C$"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
