Quesions about "whacking" into a workstation and other network related security questions...

Hey guys...

I have a few easy ones for the experts around here.  I work as a technician and in some of my work I "whack - \\"
into pc's to do things without disturbing the custome, such as saving info from the desktop or restoring items to favorites, etc.

Recently we have had some people getting into other peoples data by using this method.  I belive that this is a service that runs or a permission somewhere, but I am not sure where.  ANd if you disable it, can someone remotely restart it or make it so they can get back in?

Also, we have home directories for our own files, can these be gotten into remotely?  I think that I may have had some things messed with that I would like to know more about so that I can stop it.

If you know of good materials concerning this on the web, I will be more than happy to read about it myself if you could point me in the right direction.

Thanks,

rgn
LVL 12
rgn2121Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
CoccoBillConnect With a Mentor Commented:
Connecting to a file share requires the Access This Computer From The Network user right, permissions to the share and NTFS permissions to the folder. The service allowing file shares is Server service. The default shares aka administrative shares by default require administrative rights on the target computer, home shares generally can be accessed by the user only. These, however, are just default settings and assumptions, it's impossible to answer your questions without knowing how your environment is configured. What privileges do normal users have? What permissions do users' home folders have?

If everything is configured correctly, regular users should not be able to connect to administrative shares, and even admins should not be able to connect to other users' home folders.
0
 
CoccoBillCommented:
0
 
rgn2121Author Commented:
I appreciate the links...and I guess I should have been more specific.

I am running windows 2000.  Also, the links above didn't answer any of my questions.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
CoccoBillCommented:
The links apply equally to Win2000/2003/XP and in most senses also to NT4 and 9x. By whacking I assume you mean connecting to a network share as described in the articles?

If some people are "whacking" into places they're not supposed to, the problem is in permissions, but you'll need to elaborate more to find out the exact problem. Are you familiar with share permissions, user rights and NTFS permissions?
0
 
rgn2121Author Commented:
Yes I am talking about connecting to shares and yes I am familiar with rights and NTFS permissions.

As was stated in the question, I generally use this feature to be able to replace items back in customers profiles after I have worked on their pc's.  I will "whack" into \\pc name\D$  and drop the stuff off in their profile under Documents and settings\username.

I know that I can get into any pc on the network in this manner and get into any of the default shared drives, c$, d$, Admin$, etc.

What I want to know is where I go to prevent this from being posssible?  Also, is it possible for someone to use this method to get into my home directory?  i.e. h:\

0
 
hstilesConnect With a Mentor Commented:
Whacking?!?!  Well there's a new phrase.

You can disable the autocreation of the workstation default shares (i.e. c$, d$, IPC$) via group policy or direct registry editing.  This automatically makes a machine more secure.  However, there are additional complications caused if you do this.  A lot of software that you deploy centrally uses the IPC$, so you'd find that you couldn't, for example, push Symantec out to PCs.  As a feature it is something normally reserved for machines in high security environments, such as a DMZ.

access to the admin shares is limited to admin users.  So, a better method for generally protecting machines is to be very strict about who you give admin rights to.  Avoid using elevated privileges wherever possible.
0
All Courses

From novice to tech pro — start learning today.