Solved

Remotely restricting access to c$ or removing c$

Posted on 2004-10-13
4
250 Views
Last Modified: 2013-12-04
Is there a way remotely, preferably through group policies, to restrict access to the C$ on a computer.  If not, is there a way to remove this all together remotely?  Thanks.
0
Comment
Question by:mmedici1
  • 2
4 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12303230
Access is, by default, restricted to administrators of the machine.

More information, as well as instructions from Microsoft on removing them altogether can be found here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314984&sd=tech
0
 

Author Comment

by:mmedici1
ID: 12308063
Two problems with this:
1. The most important is how do I do this remotely
2. When I reboot the share comes back.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 12308851
Read through the whole article I posted.  Specifically, check "Method 2: Deleting default administrative shares for current and later sessions"  - note the last 3 words "and later sessions".

If you want to do this remotely, you should be able to use a GPO login script and the REG command to incorporate a registry file into the system's registry.

Alternatively, you could use PSEXEC from the free PSTOOLS, available at www.sysinternals.com.  PSEXEC can remotely execute commands on other systems (you'll want to run PSEXEC /? to get a full understanding of how to use it).  In addition, refer to REG /? for more information on using that to modify the registry.
0
 
LVL 7

Accepted Solution

by:
Chatable earned 250 total points
ID: 12320377
Allright, here's a detailed explaination on how to remove the default shares (C$, ADMIN$, etc) from a computer REMOTELY.
Before we begin I must point out that these shares are by default restricted to administrators only, and even if you remove them, someone with administrative privilleges can re-create them.
1) Log-on to the target computer using an administrator account. Do this by issuing the command on YOUR computer:
net use /user:[username] \\[target computer]
Where [username] is a user which has administrative privileges on [target computer], which is the remote computer's name.
2) Open the Registry Editor (start->run->regedit.exe)
3) Click "Registry" menu, and select "Connect network Registry"
4) Enter the name of the remote computer, and press enter.
5) A new "folder" will be created for the remote machine's registry.
6) From that folder nagivate to the following key (make sure you're doing this on the remote computer's registry, rather than your own): HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
7) Create a DWORD value named "AutoShareWks" (no quotes) if the target computer is running a workstation-OS (Windows NT Workstation, Windows 2000 Professional or Windows XP) or named "AutoShareServer" (no quotes) if the target computer is running a server-OS (Windows NT Server, Windows 2000 Server or Windows Server 2003).
8) Set the new value's data to 0.
9) Close the registry-editor.
10) Right click "My Computer" on your desktop and select "Manage"
11) Right click "Computer Management (Local)" and select "Connect to another computer"
12) Enter the remote computer's name in the "Name" textbox.
13) If asked, enter the username/password for the administrative account on the remote computer.
14) Navigate to System Tools -> Shared Folders -> Shares
15) For each default share (EXCEPT IPC$), right click it, and select "Stop Sharing" comfirm the dialog that appears
16) Close the Computer Management window
17) You're done!
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Security, hackers 10 119
Probleme new certificat SHA256 6 57
Is this error real? 2 49
Penetration Testing home based work 3 54
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now