Quesions about "whacking" into a workstation and other network related security questions...

Posted on 2006-05-02
Last Modified: 2010-04-11
Hey guys...

I have a few easy ones for the experts around here.  I work as a technician and in some of my work I "whack - \\"
into pc's to do things without disturbing the custome, such as saving info from the desktop or restoring items to favorites, etc.

Recently we have had some people getting into other peoples data by using this method.  I belive that this is a service that runs or a permission somewhere, but I am not sure where.  ANd if you disable it, can someone remotely restart it or make it so they can get back in?

Also, we have home directories for our own files, can these be gotten into remotely?  I think that I may have had some things messed with that I would like to know more about so that I can stop it.

If you know of good materials concerning this on the web, I will be more than happy to read about it myself if you could point me in the right direction.


Question by:rgn2121
    LVL 19

    Expert Comment

    LVL 12

    Author Comment

    I appreciate the links...and I guess I should have been more specific.

    I am running windows 2000.  Also, the links above didn't answer any of my questions.
    LVL 19

    Expert Comment

    The links apply equally to Win2000/2003/XP and in most senses also to NT4 and 9x. By whacking I assume you mean connecting to a network share as described in the articles?

    If some people are "whacking" into places they're not supposed to, the problem is in permissions, but you'll need to elaborate more to find out the exact problem. Are you familiar with share permissions, user rights and NTFS permissions?
    LVL 12

    Author Comment

    Yes I am talking about connecting to shares and yes I am familiar with rights and NTFS permissions.

    As was stated in the question, I generally use this feature to be able to replace items back in customers profiles after I have worked on their pc's.  I will "whack" into \\pc name\D$  and drop the stuff off in their profile under Documents and settings\username.

    I know that I can get into any pc on the network in this manner and get into any of the default shared drives, c$, d$, Admin$, etc.

    What I want to know is where I go to prevent this from being posssible?  Also, is it possible for someone to use this method to get into my home directory?  i.e. h:\

    LVL 19

    Accepted Solution

    Connecting to a file share requires the Access This Computer From The Network user right, permissions to the share and NTFS permissions to the folder. The service allowing file shares is Server service. The default shares aka administrative shares by default require administrative rights on the target computer, home shares generally can be accessed by the user only. These, however, are just default settings and assumptions, it's impossible to answer your questions without knowing how your environment is configured. What privileges do normal users have? What permissions do users' home folders have?

    If everything is configured correctly, regular users should not be able to connect to administrative shares, and even admins should not be able to connect to other users' home folders.
    LVL 13

    Assisted Solution

    Whacking?!?!  Well there's a new phrase.

    You can disable the autocreation of the workstation default shares (i.e. c$, d$, IPC$) via group policy or direct registry editing.  This automatically makes a machine more secure.  However, there are additional complications caused if you do this.  A lot of software that you deploy centrally uses the IPC$, so you'd find that you couldn't, for example, push Symantec out to PCs.  As a feature it is something normally reserved for machines in high security environments, such as a DMZ.

    access to the admin shares is limited to admin users.  So, a better method for generally protecting machines is to be very strict about who you give admin rights to.  Avoid using elevated privileges wherever possible.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now