Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 2008 servers admin shares accessible by users

Posted on 2012-03-29
10
Medium Priority
?
892 Views
Last Modified: 2012-04-10
Hello All,

I need to retain the administrator shares limited to the administrators and not to remove them.

I need the reason for users able to access the admin shares rather remove them.

This is windows 2008 server with SP2 standard . Forest Level is windows 2003.

\\servername\c$ on a 2008 server, windows explorer brings up the c drive for domain users. How can i restrict this .

http://support.microsoft.com/kb/954422

This above links completely removes the access for users and administrators
0
Comment
Question by:jmanishbabu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 8

Expert Comment

by:PaulD77
ID: 37781549
If I'm understanding this..you're sharing the C drive on your Server??  Why?
0
 
LVL 10

Author Comment

by:jmanishbabu
ID: 37781564
For administrator to access the drives remotely !!! not  for the users and to access

some folders needs to be accessed by Admins  under this member server
0
 
LVL 8

Expert Comment

by:PaulD77
ID: 37781574
If you right click the C drive you're sharing, security...you should be able to select the security groups that can access the drive.  Make sure only Administrators group hass full access and remove users.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 10

Author Comment

by:jmanishbabu
ID: 37781672
No i dont think on C: drive will be shared for C$ access . C$ is the hidden share .
0
 
LVL 8

Assisted Solution

by:PaulD77
PaulD77 earned 200 total points
ID: 37781763
I understand, you need to configure it in share and store management console..

choose Start > Administrative Tools > Share and Storage Management
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 200 total points
ID: 37781891
Just remove the hidden shares from share and storage management and further you can use share limit.
0
 
LVL 17

Accepted Solution

by:
Premkumar Yogeswaran earned 1600 total points
ID: 37782884
Hi Manish,

The administrative share's default share permission is controlled by the registry value

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity\SrvsvcShareAdminConnect.

To configure the Windows Server 2008 to behave the same as Windows Server 2003, we can export the registry value above from Window Server 2003, and import it to Windows Server 2008.

Note: We need to restart the server for the change to take effect.

Refer Link:
http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/52422d16-81f3-4486-a8a7-f48bb9ecc442

This will work man... :)

Cheers,
Prem
0
 
LVL 10

Author Comment

by:jmanishbabu
ID: 37796090
Can you confirm me the Reg values of windows 2003 ?


"SrvsvcShareAdminConnect"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\
  00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,27,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
  00,00,00,05,12,00,00,00
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 37804625
hi,

Sorry for the late reply.. yes you are right..

2003:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\DefaultSecurity]

"SrvsvcShareAdminConnect"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\
  00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,27,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
  00,00,00,05,12,00,00,00

Note: You should restart to see the change effect.

Good Luck...!!!

Regards,
Prem
0
 
LVL 10

Author Closing Comment

by:jmanishbabu
ID: 37827156
Thanks it worked.:) Cheers
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question