?
Solved

Defualt Admin Shares...

Posted on 2004-10-19
6
Medium Priority
?
355 Views
Last Modified: 2013-12-04
I know you can change the reg. values for defualt admin shares to disable C$ D$ ADMIN$ IPC$ ETC.  I also know that it will effect things such as SMS.  I figure that it will also kill patchmangement systems such as Shavliks, HFNETCHKPRO.  However it seems as if every security guide recommends this and all external auditors recommend this as well.  I need to know what others think.  Disable, or leave enabled, and why?  The answer here will come in the form of the why.  Thank you.
0
Comment
Question by:chrisandersoon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Assisted Solution

by:nihlcat
nihlcat earned 680 total points
ID: 12348167
There's a slew reasons NOT to do this.  Here's a few of them from Microsoft for the Admin$ share:
http://support.microsoft.com/?kbid=842715

I had to lock down some of our DCs and ended up making our SYSVOL folder a hidden share...then Active Directory collapsed like a house of cards.
0
 
LVL 3

Assisted Solution

by:Gargantubrain
Gargantubrain earned 660 total points
ID: 12348770
The administrative shares are by default restricted to Administrator-only access. That is the first place you should be looking if you are trying to tighten security. Given the impact of spyware in recent months, it is increasingly dangerous to allow users (not even the administrators!) to be in any administrative groups. Your admins should use an administrative account only when doing administrative tasks, and use a normal user-level account for other activities.

I think you would be much more satisfied with the results of a well-designed security policy and structure than what you can accomplish by just disabling a few admin shares. If you read the Microsoft KB article that nihlcat mentioned, and understand all of the ramifications of disabling each share, and you incorporate some of those changes as part of your total security policy, then great. Not everyone uses SMS, SQL, etc, so some of the bad effects of disabling some of the shares may not even apply to your situation.
0
 
LVL 4

Author Comment

by:chrisandersoon
ID: 12352754
Thanks for the responses.  Like I said I will give the points after I get a couple of replies.  

I think both of your answers are correct so you will be getting points.

But to keep this question open and see what others think will be a big help.  

The problem I am facing is that we have things implemented such as SQL, and Shavlik etc.  I also see that tightening up security elsewhere is probably just as important if not more important.  

I have a good grasp on the default admin share things, and personally I don't see the benefit from disabling it.  Especially since I use them.  However, we had the external auditors come in and recommend removing it. And therefore I am left in a situation that I have to defend my answers.  And this is where the pro's and con's come in.   I am just trying to outway the pro's and con's.  

I don't know if ya'll have time, but would appreciate it if you could list what you feel are the pro's and con's.  

Thanks.
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 13

Accepted Solution

by:
masterbaker earned 660 total points
ID: 12353003
It depends on what problem you are trying to address.  If your Administrator accounts have "tough" passwords and you have strict policies against running password cracking tools (maybe even using monitoring software to catch people doing this) then leaving the default admin shares is fine and you have no reason to endure the pain of removing them.

You can very easily go off the deep end with regards to security.  An auditor should point out areas of concern or specific problems, but they should not be dictating how to address them.  That's your job.  If you can come up with other ways to address their concerns then that should do just fine.  If that means selecting tough passwords and rotating them on a regular basis, fine.  Whatever meets both of your needs!

I do believe auditors have their place.  I just think don't believe it is their place to tell you what to do.  They sound more like consultants than auditors.

Jeff
0
 
LVL 6

Expert Comment

by:nihlcat
ID: 12353290
WELL SPOKEN Jeff.  I have traveled down that road alreay this year.  I work for a company that employs external security auditors and as I have alluded, their recommendations destroyed our AD.  Luckily enough backups were in place.  What came out about a month later is that they applied their security settings to a test environment that was much less sophisticated than our production environment.  

Translation:  They had no idea what their recommendations would do to us.

That's really the trick, these hardening recommendations are just not site-centric to everyone.  That's not really possible given all the different types of network configurations.
0
 
LVL 13

Expert Comment

by:masterbaker
ID: 12361101
Thanks nihlcat.  I used to work at a fairly good sized business (~1000 employees) and had to participate in yearly external audits a few times.  The worst audits were when the techies would come out and make all sorts of suggestions to our managers and cause us trouble.  I do believe there was value in having a fresh set of eyes view our environment, but I don't believe they know the environment well enough at that point to make key decisisons.  

Just as you said, no one solution will work for every company.

Jeff
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month10 days, 17 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question