[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 751
  • Last Modified:

How do you remove a default c drive share?

Hi,

I have read that it is good security practice to remove the default c$ share on servers.

I tried adding my own one, and then removing the default c$ but as soon as I closed out of the screens I got an "The share will be restored on re-boot" message...

1) Are there implications with removing the c$ share?

2) If it is safe to remove it or re-name it, how is it done so that it doesn't restore at re-boot?

Many thanks.
0
mharcais
Asked:
mharcais
1 Solution
 
diasfCommented:
Hi mharcais,

You can't rename or remove. It's a security point and needed (?) to be accessed by site administrators. It will always stay there, unless you do any hard modifition (I don't know which... Maybe in registry or so...)
Anyway, as soon as you take it out, it comes back again. The only thing you can do is create passwords for your own access and for pc administrator (I mean PC administrator, not network or site administrator).

diasf
0
 
masnrockCommented:
You can remove default shares (and here is how to do it in 2003), but yeah there are repercussions to it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;816524

It will prevent some network programs from operating properly, especially some of the remote programs running from another machine... but really, it depends on exactly what you're aiming for in addition to that additional security.
0
 
rage419Commented:
Yea, unless you need a particularly hardened server, it is better to use permissions to protect the share (the system forces them in place).

BTW, if you need to do this, some extra events will be seen... and you might not do this on your DC in any case
http://support.microsoft.com/kb/842715/en-us
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
RPPreacherCommented:
To disable permanently so they will not be recreated on the next reboot, use the following Windows NT / Windows 2000 / Windows XP registry hack:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareServer for servers
Name: AutoShareWks for workstations
Type: REG_DWORD
Value: 0

For background: Q156365. For details on disabling in Windows XP, see Q314984. In Windows 2000 and Windows XP, you disable the shares via

    * Start
    * Settings
    * Control Panel
    * Systems Tools panel
    * Shared Folders
    * Double-click the Shared Folders branch to expand it
    * Click Shares
    * In the Shared Folder column, right-click the share you want to disable
    * Click Stop sharing
    * Cick OK.

NOTE: If you disable an administrative share that you have created, it will not be automatically enabled after you restart your computer, and you will need to recreate the share.
0
 
masnrockCommented:
Here's a site you can take a look at if you're into OS hardening like the last few of us have been mentioning: http://www.cisecurity.org

It's mainly a matter of figuring out exactly what suits your needs and requirements.... no need to go too far into overkill though.
0
 
Dushan De SilvaCommented:
Start --> Run --> cmd

then type following command.

net share c$ delete


BR Dushan
0
 
masnrockCommented:
Dushan - That only removes the share for the duration of the session. Once you reboot, that share would come back again, hence why the registry has to be edited.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now