Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2527
  • Last Modified:

Is there a way to disable 2000/XP client administrative shares using a Group Policy?

Is there a way to disable 2000/XP client administrative shares using a Group Policy?
0
ShakeKing
Asked:
ShakeKing
  • 2
1 Solution
 
TJworldCommented:
On the Domain Controller open and edit with notepad

%SystemRoot%\inf\sceregvl.inf

Add the following value to this section

[Register Registry Values]
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoShareServer,4,%AutoShareServer%,0

and

[Strings]
AutoShareServer = Prevent Administrative Shares from being created

After you have modified the Sceregvl.inf file to include your custom registry settings, the changes need to be registered by running the following command:

C:\>regsvr32 scecli.dll

to register the new policy.

Now open the Group Policy Editor for the policy you want to add the setting to.

Start Menu>Settings>Control Panel>Administrative Tools>Active Directory Users and Computers MMC,

Right-click the domain and choose Properties,

Choose the Group Policy tab,

Select the policy you want to work with,

Press the Edit button,

Group Policy Editor opens.

Expand the tree

Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options

In the policy list in the right pane look for "Prevent Administrative Shares from being created"

(this is the setting we created in sceregvl.inf)

Double-click to bring up its properties,

Tick "Define this policy setting"

Select "Enabled"

Press OK

Close Group Policy Editor.

To force the policy out immediately from the Domain Controller

C:\>secedit /refreshpolicy machine_policy /enforce

On an XP workstation

C:\>gpudate

Check your client's registry at

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\autoshareserver

0
 
TJworldCommented:
binary, the articles linked to in that solution don't use the Group Policy they use local editing of the security policy in the local registry.

Group Policy on the other hand allows you to force the setting out to every single workstation in your domain whether you have 5 or 50,000.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now