How do you remove a default c drive share?

Hi,

I have read that it is good security practice to remove the default c$ share on servers.

I tried adding my own one, and then removing the default c$ but as soon as I closed out of the screens I got an "The share will be restored on re-boot" message...

1) Are there implications with removing the c$ share?

2) If it is safe to remove it or re-name it, how is it done so that it doesn't restore at re-boot?

Many thanks.
mharcaisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

diasfCommented:
Hi mharcais,

You can't rename or remove. It's a security point and needed (?) to be accessed by site administrators. It will always stay there, unless you do any hard modifition (I don't know which... Maybe in registry or so...)
Anyway, as soon as you take it out, it comes back again. The only thing you can do is create passwords for your own access and for pc administrator (I mean PC administrator, not network or site administrator).

diasf
0
masnrockCommented:
You can remove default shares (and here is how to do it in 2003), but yeah there are repercussions to it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;816524

It will prevent some network programs from operating properly, especially some of the remote programs running from another machine... but really, it depends on exactly what you're aiming for in addition to that additional security.
0
rage419Commented:
Yea, unless you need a particularly hardened server, it is better to use permissions to protect the share (the system forces them in place).

BTW, if you need to do this, some extra events will be seen... and you might not do this on your DC in any case
http://support.microsoft.com/kb/842715/en-us
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

RPPreacherCommented:
To disable permanently so they will not be recreated on the next reboot, use the following Windows NT / Windows 2000 / Windows XP registry hack:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareServer for servers
Name: AutoShareWks for workstations
Type: REG_DWORD
Value: 0

For background: Q156365. For details on disabling in Windows XP, see Q314984. In Windows 2000 and Windows XP, you disable the shares via

    * Start
    * Settings
    * Control Panel
    * Systems Tools panel
    * Shared Folders
    * Double-click the Shared Folders branch to expand it
    * Click Shares
    * In the Shared Folder column, right-click the share you want to disable
    * Click Stop sharing
    * Cick OK.

NOTE: If you disable an administrative share that you have created, it will not be automatically enabled after you restart your computer, and you will need to recreate the share.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
masnrockCommented:
Here's a site you can take a look at if you're into OS hardening like the last few of us have been mentioning: http://www.cisecurity.org

It's mainly a matter of figuring out exactly what suits your needs and requirements.... no need to go too far into overkill though.
0
Dushan De SilvaTechnology ArchitectCommented:
Start --> Run --> cmd

then type following command.

net share c$ delete


BR Dushan
0
masnrockCommented:
Dushan - That only removes the share for the duration of the session. Once you reboot, that share would come back again, hence why the registry has to be edited.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.