Is there a way to disable 2000/XP client administrative shares using a Group Policy?

Is there a way to disable 2000/XP client administrative shares using a Group Policy?
ShakeKingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TJworldCommented:
On the Domain Controller open and edit with notepad

%SystemRoot%\inf\sceregvl.inf

Add the following value to this section

[Register Registry Values]
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoShareServer,4,%AutoShareServer%,0

and

[Strings]
AutoShareServer = Prevent Administrative Shares from being created

After you have modified the Sceregvl.inf file to include your custom registry settings, the changes need to be registered by running the following command:

C:\>regsvr32 scecli.dll

to register the new policy.

Now open the Group Policy Editor for the policy you want to add the setting to.

Start Menu>Settings>Control Panel>Administrative Tools>Active Directory Users and Computers MMC,

Right-click the domain and choose Properties,

Choose the Group Policy tab,

Select the policy you want to work with,

Press the Edit button,

Group Policy Editor opens.

Expand the tree

Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options

In the policy list in the right pane look for "Prevent Administrative Shares from being created"

(this is the setting we created in sceregvl.inf)

Double-click to bring up its properties,

Tick "Define this policy setting"

Select "Enabled"

Press OK

Close Group Policy Editor.

To force the policy out immediately from the Domain Controller

C:\>secedit /refreshpolicy machine_policy /enforce

On an XP workstation

C:\>gpudate

Check your client's registry at

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\autoshareserver

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TJworldCommented:
binary, the articles linked to in that solution don't use the Group Policy they use local editing of the security policy in the local registry.

Group Policy on the other hand allows you to force the setting out to every single workstation in your domain whether you have 5 or 50,000.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.