[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

how to allow a user without administration privileges to read the share C$

dear,

i have windows 2000 server,
i need to allow a user to access the administrative share folder C$, D$, ... on this win2000 server

amy one can tell me the way to do that


thanx
0
eugie17
Asked:
eugie17
  • 6
  • 6
  • 2
  • +1
2 Solutions
 
KCTSCommented:
If you must then why not just share the drive again with a different name and allow the user the necessary share and NTFS permissions (note you can share drive/folder multiple times with different names and different sets of share permissions)
0
 
cshepfamCommented:
have the user access it like this:



Start > Run


type in:   \\Servername or IP Address\C$
0
 
eugie17Author Commented:
well

there is a program called GFI Network Server Monitor, that can monitor my network servers. it need a user name and pass install on remote server to access the information like disk size, running batches,... when i set the user with administration privileges the program doing fine but if i set it as power user or normal user the disk related checks not work.


so i need the user any thing else than administrator, and i need exactly C$
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
CoccoBillCommented:
The C$, ADMIN$, IPC$ etc shares are called administrative shares, and are only accessible by accounts with administrator privileges. To my knowledge you can't alter the permissions for admin shares. Why don't you just use an (even a temporary) admin account for the scan?
0
 
CoccoBillCommented:
To mitigate the risks involved, make sure the account has local admin privileges on the target server but only minimal privileges anywhere else. You could for example remove it from the Domain Users group and add it to the Domain Guests group, unless guest accounts have explicitly been denied access on the server.
0
 
eugie17Author Commented:
dear the checking program should keep monitor on the servers, so it should be permanent user account.

on other hand i cant set a share folder coz it will be useless to my monitor program
0
 
CoccoBillCommented:
To reiterate:

1. Create a domain user account, let's say "gfiscanner" and assign it a strong password (upper and lower case, numbers, special characters, min. 15 characters)
2. Add the user to Domain Guests and remove it from Domain Users
3. Add the user to the local Administrators group on the target servers.

This makes sure the account has admin access to the target computers but minimal access anywhere else.
0
 
eugie17Author Commented:

but i didn't have a domain, and i am not allowed to create a domain or add this server to a domain.
0
 
CoccoBillCommented:
Ok well that changes things. You need to create identical user acconts on each monitored server with the same password, and add the users to the local Administrators group on each server.
0
 
eugie17Author Commented:

in this case it will has administrative privileges!
0
 
CoccoBillCommented:
You cannot access the administrative shares without administrative privileges.
0
 
eugie17Author Commented:

Sorry, but you describe the water after long conversation as a water.!!!!
I know from beginning it is administrative share and accessible by administrators, what i look for is a new idea, way, or things may be i didn't know.

any way, thanks for helping. and i wait another solution.
0
 
CoccoBillCommented:
1) the software needs access to admin shares
2) that access requires admin privileges

I really don't see any other way around it besides either granting admin privileges to the account or changing either the software or the OS you're using.
0
 
KCTSCommented:
You cannot do what is undoable
To access the c$ drive you need administrative privilages.
If you are not able or prepared to just share the drive again with a different name, as I described in my first post, then you simply cannot do this.
0
 
eugie17Author Commented:
thanks for your support,
but i hope to find another idea.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 6
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now