• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 264
  • Last Modified:

Remotely restricting access to c$ or removing c$

Is there a way remotely, preferably through group policies, to restrict access to the C$ on a computer.  If not, is there a way to remove this all together remotely?  Thanks.
0
mmedici1
Asked:
mmedici1
  • 2
2 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Access is, by default, restricted to administrators of the machine.

More information, as well as instructions from Microsoft on removing them altogether can be found here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314984&sd=tech
0
 
mmedici1Author Commented:
Two problems with this:
1. The most important is how do I do this remotely
2. When I reboot the share comes back.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Read through the whole article I posted.  Specifically, check "Method 2: Deleting default administrative shares for current and later sessions"  - note the last 3 words "and later sessions".

If you want to do this remotely, you should be able to use a GPO login script and the REG command to incorporate a registry file into the system's registry.

Alternatively, you could use PSEXEC from the free PSTOOLS, available at www.sysinternals.com.  PSEXEC can remotely execute commands on other systems (you'll want to run PSEXEC /? to get a full understanding of how to use it).  In addition, refer to REG /? for more information on using that to modify the registry.
0
 
ChatableCommented:
Allright, here's a detailed explaination on how to remove the default shares (C$, ADMIN$, etc) from a computer REMOTELY.
Before we begin I must point out that these shares are by default restricted to administrators only, and even if you remove them, someone with administrative privilleges can re-create them.
1) Log-on to the target computer using an administrator account. Do this by issuing the command on YOUR computer:
net use /user:[username] \\[target computer]
Where [username] is a user which has administrative privileges on [target computer], which is the remote computer's name.
2) Open the Registry Editor (start->run->regedit.exe)
3) Click "Registry" menu, and select "Connect network Registry"
4) Enter the name of the remote computer, and press enter.
5) A new "folder" will be created for the remote machine's registry.
6) From that folder nagivate to the following key (make sure you're doing this on the remote computer's registry, rather than your own): HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
7) Create a DWORD value named "AutoShareWks" (no quotes) if the target computer is running a workstation-OS (Windows NT Workstation, Windows 2000 Professional or Windows XP) or named "AutoShareServer" (no quotes) if the target computer is running a server-OS (Windows NT Server, Windows 2000 Server or Windows Server 2003).
8) Set the new value's data to 0.
9) Close the registry-editor.
10) Right click "My Computer" on your desktop and select "Manage"
11) Right click "Computer Management (Local)" and select "Connect to another computer"
12) Enter the remote computer's name in the "Name" textbox.
13) If asked, enter the username/password for the administrative account on the remote computer.
14) Navigate to System Tools -> Shared Folders -> Shares
15) For each default share (EXCEPT IPC$), right click it, and select "Stop Sharing" comfirm the dialog that appears
16) Close the Computer Management window
17) You're done!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now