Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

CD drives as open shares

Posted on 2011-09-20
Last Modified: 2012-05-12
I ran a tool called "shareenum" which basically lists all shares in the domain. On a load of workstations it lists the D drive which on closer inspection seems to be the CD/DVD drive as readable by the everyone group. I also noticed a lot of shares called stuff like "OLD PC" on users machines that again open to everyone? Why would this be? Is this a security problem or have I misread the data? Is this a common issue? Most the machines are still running XP
Question by:pma111

Accepted Solution

Lester_Clayton earned 250 total points
ID: 36566323
If you find shares on the network, it's because people have shared them.  The only kinds of shares which are automatically created are Administrative shares - like c$.

The share permission "Everyone" does not mean everybody has access to it.  The share permission allows people to connect to or open the share - but they still need directory permissions to list the contents of it.  They'll get the most restricted rights from the two combined.

This is a common issue if your users are all administrators of their local machines.  It means they can share stuff willy nilly :)

Author Comment

ID: 36566353
I cant see why a CD/DVD drive would need to be a "share" anyway?  Can anyone think of a reason why? Another thing that confuses me is such users dont have admin rights on there machines, some have power user but I didnt think they could amend ACL's for that.

Assisted Solution

subhashchy earned 250 total points
ID: 36566459
The reason for sharing CD drives is to, Put a Media in one of the PC and all network users (your users are most often Friends who likes to share stuff between each other) and then access it. that;s what we do in our organization :P.
Should not be a problem, as the users which are not part of the domain,will not be able to access it anyway.
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.


Author Comment

ID: 36566534
What if they put sensitive data in there disk drive and then 5000 people could potentially open it, of which probably 5 would know the user and have a genuine business need for accessing it.

Expert Comment

ID: 36567264
These are all very valid points yes, but it doesn't change the fact that users who have administrative rights on their machines can do things like this.

You should consider finding a more secure business model - for example, users should be regular users and not administrators - which means they can't start sharing drives or folders at will.

Author Comment

ID: 36567273
They are not administrators though - there is probably a handful of 5000 who have local admin rights the rest dont have this permission. Some may have power user rights - is that enough?
LVL 59

Expert Comment

ID: 36991641
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Author Comment

ID: 36991642
will split points

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question