CD drives as open shares

Posted on 2011-09-20
Medium Priority
Last Modified: 2012-05-12
I ran a tool called "shareenum" which basically lists all shares in the domain. On a load of workstations it lists the D drive which on closer inspection seems to be the CD/DVD drive as readable by the everyone group. I also noticed a lot of shares called stuff like "OLD PC" on users machines that again open to everyone? Why would this be? Is this a security problem or have I misread the data? Is this a common issue? Most the machines are still running XP
Question by:pma111
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

Lester_Clayton earned 1000 total points
ID: 36566323
If you find shares on the network, it's because people have shared them.  The only kinds of shares which are automatically created are Administrative shares - like c$.

The share permission "Everyone" does not mean everybody has access to it.  The share permission allows people to connect to or open the share - but they still need directory permissions to list the contents of it.  They'll get the most restricted rights from the two combined.

This is a common issue if your users are all administrators of their local machines.  It means they can share stuff willy nilly :)

Author Comment

ID: 36566353
I cant see why a CD/DVD drive would need to be a "share" anyway?  Can anyone think of a reason why? Another thing that confuses me is such users dont have admin rights on there machines, some have power user but I didnt think they could amend ACL's for that.

Assisted Solution

subhashchy earned 1000 total points
ID: 36566459
The reason for sharing CD drives is to, Put a Media in one of the PC and all network users (your users are most often Friends who likes to share stuff between each other) and then access it. that;s what we do in our organization :P.
Should not be a problem, as the users which are not part of the domain,will not be able to access it anyway.
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.


Author Comment

ID: 36566534
What if they put sensitive data in there disk drive and then 5000 people could potentially open it, of which probably 5 would know the user and have a genuine business need for accessing it.

Expert Comment

ID: 36567264
These are all very valid points yes, but it doesn't change the fact that users who have administrative rights on their machines can do things like this.

You should consider finding a more secure business model - for example, users should be regular users and not administrators - which means they can't start sharing drives or folders at will.

Author Comment

ID: 36567273
They are not administrators though - there is probably a handful of 5000 who have local admin rights the rest dont have this permission. Some may have power user rights - is that enough?
LVL 59

Expert Comment

ID: 36991641
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Author Comment

ID: 36991642
will split points

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question