Re: Pro's and Con's of Administrative Shares
From: Chuck (none_at_example.net)
Date: 06/22/04
- Next message: nivek69: "RE: Networking 2 computers with XP Home"
- Previous message: jazz: "Re: IP Address"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Pro's and Con's of Administrative Shares"
- Messages sorted by: [ date ] [ thread ]
Date: 21 Jun 2004 21:45:06 -0500
On Mon, 21 Jun 2004 18:48:53 -0700, <anonymous@discussions.microsoft.com> wrote:
>
>>Are you talking about "hidden" shares ("C$" etc)?
>
>Yes, exactly.
>
>
>>Those are the default administrative shares, that don't
>get displayed up by the browser service. They are still
>accessible to those with administrative >authority,
>including you.
>
>I realize that, you have to put the \\computername\c$ to
>get to the drive. Unfortunately, these person's are
>somewhat computer savey and have gone in and disabled
>those shares. They were set up as administrators on their
>pc's long before I was there. And unfortunately, to
>attempt to change that could cause some heads to roll. I'm
>not ready nor am I prepared for that one yet. GRIN!
>
>>
Gack. Legacy staff.
>>Why do you have all these computer users with
>administrative authority on their computers?
>
>See above
>
>>
>>Don't worry about these users right now - you should be
>able to access the hidden shares. But, if you leave them
>as admin users, and they disable your administrative
>access in the ACL, then you'll have problems.
>
>Unfortunately, I am worried about these users as two of
>them are in the actual IT Dept under me. I want to put a
>policy in place so that all computers company wide are
>active with the administrative shares but need some amo
>first before going ahead. Like to cover my tracks and give
>them a reason why it's required. And by the way, they do
>use Norton Corporate. Right now they claim to update their
>own dat files from Norton, but I don't want them to do
>that. So thats some amo.
A very brief extract from our CSP, distilled, and heavily depersonalised:
1) Regular scheduled execution of automated network security software is
essential, to guarantee the future integrity of the corporate LAN.
2) The default administrative share is essential, to provide reliable access to
all workstations, to automated network security software.
3) Customised, or manual, security precautions by knowledgeable staff is not a
reliable, or acceptable, substitute for automated security software.
4) No employee may not interfere with administrative access, or with any
component of network security software, on their workstations.
>
>>
>>And, if your AV protection depends upon network admin
>shares, and you let the users remove those shares, you
>could have even worse problems. AV protection,
>>including automated scanning, is an essential network
>protection. Let one of those computers get infected, and
>spread its infection thru the LAN. THEN you'll have
>problems.
>
>
>Thanks
Good luck.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: nivek69: "RE: Networking 2 computers with XP Home"
- Previous message: jazz: "Re: IP Address"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Pro's and Con's of Administrative Shares"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
