Solved

Remotely restricting access to c$ or removing c$

Posted on 2004-10-13
4
255 Views
Last Modified: 2013-12-04
Is there a way remotely, preferably through group policies, to restrict access to the C$ on a computer.  If not, is there a way to remove this all together remotely?  Thanks.
0
Comment
Question by:mmedici1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 12303230
Access is, by default, restricted to administrators of the machine.

More information, as well as instructions from Microsoft on removing them altogether can be found here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314984&sd=tech
0
 

Author Comment

by:mmedici1
ID: 12308063
Two problems with this:
1. The most important is how do I do this remotely
2. When I reboot the share comes back.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 12308851
Read through the whole article I posted.  Specifically, check "Method 2: Deleting default administrative shares for current and later sessions"  - note the last 3 words "and later sessions".

If you want to do this remotely, you should be able to use a GPO login script and the REG command to incorporate a registry file into the system's registry.

Alternatively, you could use PSEXEC from the free PSTOOLS, available at www.sysinternals.com.  PSEXEC can remotely execute commands on other systems (you'll want to run PSEXEC /? to get a full understanding of how to use it).  In addition, refer to REG /? for more information on using that to modify the registry.
0
 
LVL 7

Accepted Solution

by:
Chatable earned 250 total points
ID: 12320377
Allright, here's a detailed explaination on how to remove the default shares (C$, ADMIN$, etc) from a computer REMOTELY.
Before we begin I must point out that these shares are by default restricted to administrators only, and even if you remove them, someone with administrative privilleges can re-create them.
1) Log-on to the target computer using an administrator account. Do this by issuing the command on YOUR computer:
net use /user:[username] \\[target computer]
Where [username] is a user which has administrative privileges on [target computer], which is the remote computer's name.
2) Open the Registry Editor (start->run->regedit.exe)
3) Click "Registry" menu, and select "Connect network Registry"
4) Enter the name of the remote computer, and press enter.
5) A new "folder" will be created for the remote machine's registry.
6) From that folder nagivate to the following key (make sure you're doing this on the remote computer's registry, rather than your own): HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
7) Create a DWORD value named "AutoShareWks" (no quotes) if the target computer is running a workstation-OS (Windows NT Workstation, Windows 2000 Professional or Windows XP) or named "AutoShareServer" (no quotes) if the target computer is running a server-OS (Windows NT Server, Windows 2000 Server or Windows Server 2003).
8) Set the new value's data to 0.
9) Close the registry-editor.
10) Right click "My Computer" on your desktop and select "Manage"
11) Right click "Computer Management (Local)" and select "Connect to another computer"
12) Enter the remote computer's name in the "Name" textbox.
13) If asked, enter the username/password for the administrative account on the remote computer.
14) Navigate to System Tools -> Shared Folders -> Shares
15) For each default share (EXCEPT IPC$), right click it, and select "Stop Sharing" comfirm the dialog that appears
16) Close the Computer Management window
17) You're done!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Permission issue? 10 84
deny local logon 12 130
Design of sending events/logs to SIEM/Arcsight 2 472
Looking for a way to block an executable on one Terminal Server for all users 6 41
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question