Solved

xp sharing c$

Posted on 2004-04-27
14
275 Views
Last Modified: 2010-04-17
I notice that windows xp has drive c shared as c$

but how do you get into it. as well as the other drives and folders it is sharing.
how do you turn them off as well
0
Comment
Question by:bman9111
14 Comments
 

Expert Comment

by:ejkjr
Comment Utility
The C$ share is just a hidden share (permissions adjustable)

From the command prompt map using
net use x: \\pcname\c$

To remove
net use x: /delete

-ejk
0
 
LVL 1

Expert Comment

by:Richardsonke
Comment Utility
C$ is default share.  It cannot be disabled, but a network user would have to know a login (I belive it must be an administrator) to get access to the share.  If you go to start -> control panel -> Administrative Tools -> Computer Management, then expand "shared folder" and click "shares", you will see all your shares, default or otherwise.  If you try to stop sharing C$, it will give you a warning and optionally stop it.  It will automatically be reshared when you restart your computer, however.  Hope this helps, just ask if you don't understand anything or need anything else.
0
 
LVL 1

Expert Comment

by:JediPimp
Comment Utility
You can disable it for good by using a registry setting

-click start, run, type in regedit and hit enter
-navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
-create, or set if they already exist, the two keys AutoShareServer and AutoShareWks to 0 (they should be REG_DWORD type)
-the next time you reboot, you will no longer have this share enabled

Caution: Microsoft Systems Management Server (SMS) and Microsoft Operations Manager (MOM) use this share, but if this is a home computer you will not have these running, and it is ok to disable them, if this is a work computer, check if these services are in use first. (generally there is no good reason to have C$ shared)

for a picture of this and more information, view this page http://www.winguides.com/registry/display.php/4/ or http://www.anandtech.com/guides/viewfaq.html?i=139

Hope this helps,
JediPimp
0
 

Expert Comment

by:peanut1010
Comment Utility
I have several hidden files like c$, but the users that have xp can see all of the shared folders because xp pulls them all in.
I am using mmc and have a group policy, is there a place that I can check that will block xp from pulling in all shared folders on the network???

bman9111, I hope you do not oppose of me on asking this...
0
 
LVL 8

Author Comment

by:bman9111
Comment Utility
no problem as long as the experts don't mind.......
0
 
LVL 1

Expert Comment

by:JediPimp
Comment Utility
hmm,
I would take a look at http://www.practicallynetworked.com/sharing/xp/filesharing.htm
the first paragraph says the following:

Windows XP lets you share a computer's disks and folders with other computers on the network, using a method called Simple File Sharing. And it really is simple. If a disk or folder is shared, everyone on the network can access it. There are no user permissions and no passwords. Because sharing in this way is so wide open, Windows XP tries to protect you from some potential security risks.

So, it sounds like simple file sharing is the thing 'pulling in' the shared folders

I would disable this by doing the following:
 Click Start > My Computer > Tools > Folder Options
 Select the View tab
 Go to Advanced Settings,  
 clear the Use Simple File Sharing box
 click Apply

Now, simple file sharing can not be disabled on windows home edition, so to kinda fix the problem add a $ sign in front of the share, this makes it invisible, however, if a person knows the name of the shared file it can still be accessed.

if you are looking for a quicker solution for multiple machines you can make a reg file from the following text:

=========================
;Do not use Simple File Sharing
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"forceguest"=dword:00000000
=========================

just copy everything between the = signs and save it in notepad as a "somename.reg" include the quotes and just run that on each machine.

Hope this helps some,
JediPimp
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Expert Comment

by:JediPimp
Comment Utility
I was mistaken above, add the $ sign to the end of a share name to make it a hidden one, instead of in the front,
btw, hidden shares can be accessed without drive mapping, you just have to type in the name of it.

If your computer was named bob, this would access his hidden c$ share:
\\bob\c$

JediPimp
0
 
LVL 1

Expert Comment

by:entr0py___
Comment Utility
not entirely.

you'd connect something along these lines:

    TCHAR szRemoteResource[_MAX_PATH];
    DWORD dwRetVal = NO_ERROR;

    // Remote resource, \\remote\ipc$, remote\admin$, ...
    ::sprintf(szRemoteResource, _T("\\\\%s\\%s"), strRemoteMachineIP.GetBuffer(0), strResource.GetBuffer(0));
    //ie... \\bob\C$

    // Then you have to specify a username and password
   // Under WIn2k this defaults to "Administrator" and will accept a NULL password!!!!! w00ps M$...

    // Disconnect or connect to the resource, based on bEstablish
    //
    if (bEstablish)
    {
        NETRESOURCE nr;
        nr.dwType = RESOURCETYPE_ANY;
        nr.lpLocalName = NULL;
        nr.lpRemoteName = (LPTSTR)&szRemoteResource;
        nr.lpProvider = NULL;
     
        //Establish connection (using username/pwd)
        dwRetVal = ::WNetAddConnection2(
                        &nr,
                        strPwd.GetBuffer(0),
                        strLogon.GetBuffer(0),
                        FALSE
                        );
 }

//Now you can copy files over using standard copy commands :D

::sprintf(
       szServiceExePath,
       _T("\\\\%s\\ADMIN$\\System32\\%s"),
       strRemoteMachineIP.GetBuffer(0),
      "file.dat"
       );

HANDLE hFileServiceExecutable = ::CreateFile(
                                        szServiceExePath,
                                        GENERIC_WRITE,
                                        0,
                                        NULL,
                                        CREATE_ALWAYS,
                                        FILE_ATTRIBUTE_NORMAL,
                                        NULL
                                        );

w000t


anyways, have fun...

If the service does not exist by the way and you already have the remote machines username and password create the share remotely using
WMI, this will allow you to execute services and do all sorts of funky stuff with the connection.

Hope that helps.

       
0
 
LVL 8

Author Comment

by:bman9111
Comment Utility
the problem I am having is the c$ is in showing shared under the computer management

But I have no idea how to make it not shared or better yet be able to get in. I have a user account called Admin with a password, I tried to map to the drive and even took the option to enter a username and password so I used the same as Admin. but nothing. that and the user account which is classified under power user I have no other idea what the password could be. or better yet how to even make a folder with a password. I am assuming the password is coming from the admin account login password...





0
 
LVL 1

Expert Comment

by:JediPimp
Comment Utility
Hello again

did you try to do the things in my posts?
you should be able to disable the administrative share with it, or you should be able to access it using the format i showed. no need for fancy scripts.

JediPimp
0
 
LVL 8

Author Comment

by:bman9111
Comment Utility
JediPimp,

that site you listed, states tht you can hide a folder with a $ at the end of the share name. Well I did that but xp pulls in all the folders no matter what. meaning I have 5 computers with win 98 and 3 with xp.

with the option located in folder options - view tab - Automactically Search for network folders and printers

it pulls in everything. I no that if you uncheck this that the folders will not come in, but if a user figures out that by checking this box all folders will come in we are done. I really need to see how to prevent or remove this option from this box. Do you know of anything. I have created a group policy and do not see anything in relations to that. Please help



0
 
LVL 1

Accepted Solution

by:
JediPimp earned 30 total points
Comment Utility
Hello,

I do not currently have a network to test whether this will work, but in gpedit.msc there might be a setting that can help.

Under the Local Computer Policy > User Configuration > Shared Folders > Allow Shared folder to be published - Set to Disabled
The description says it will the publishing of shared folders in the Active Directory.  This may prevent the other windows machines from seeing the shared folders.

Additionally, under the local security settings > Local Policies > Security Options > Network access: Let Everyone permissions apply to anonymous users - Set to Disabled

This should force users to use a username and password of the computer they are trying to access the share of.

Under that same location make sure that Network access: Shares that can be accessed anonymously is set to blank, if not clear them all out.

None of these will get rid of the shares, if the user knows the share name, but it they are trying to access a computer's share they will need a user name and password from that computer, so if all the computers have different passwords for the users, they shouldn't be able to get to them, at most they could see them.

If this doesn't work, just tell me and i will search for different options,

JediPimp
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Problem to adjust sheet 1 81
zeroFront challenge 7 70
find a node in VST 2 46
python question 5 57
A short article about a problem I had getting the GPS LocationListener working.
This is an explanation of a simple data model to help parse a JSON feed
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now