Solved

Windows 2008 servers admin shares accessible by users

Posted on 2012-03-29
10
835 Views
Last Modified: 2012-04-10
Hello All,

I need to retain the administrator shares limited to the administrators and not to remove them.

I need the reason for users able to access the admin shares rather remove them.

This is windows 2008 server with SP2 standard . Forest Level is windows 2003.

\\servername\c$ on a 2008 server, windows explorer brings up the c drive for domain users. How can i restrict this .

http://support.microsoft.com/kb/954422

This above links completely removes the access for users and administrators
0
Comment
Question by:jmanishbabu
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 8

Expert Comment

by:PaulD77
Comment Utility
If I'm understanding this..you're sharing the C drive on your Server??  Why?
0
 
LVL 10

Author Comment

by:jmanishbabu
Comment Utility
For administrator to access the drives remotely !!! not  for the users and to access

some folders needs to be accessed by Admins  under this member server
0
 
LVL 8

Expert Comment

by:PaulD77
Comment Utility
If you right click the C drive you're sharing, security...you should be able to select the security groups that can access the drive.  Make sure only Administrators group hass full access and remove users.
0
 
LVL 10

Author Comment

by:jmanishbabu
Comment Utility
No i dont think on C: drive will be shared for C$ access . C$ is the hidden share .
0
 
LVL 8

Assisted Solution

by:PaulD77
PaulD77 earned 50 total points
Comment Utility
I understand, you need to configure it in share and store management console..

choose Start > Administrative Tools > Share and Storage Management
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 50 total points
Comment Utility
Just remove the hidden shares from share and storage management and further you can use share limit.
0
 
LVL 17

Accepted Solution

by:
Premkumar Yogeswaran earned 400 total points
Comment Utility
Hi Manish,

The administrative share's default share permission is controlled by the registry value

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity\SrvsvcShareAdminConnect.

To configure the Windows Server 2008 to behave the same as Windows Server 2003, we can export the registry value above from Window Server 2003, and import it to Windows Server 2008.

Note: We need to restart the server for the change to take effect.

Refer Link:
http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/52422d16-81f3-4486-a8a7-f48bb9ecc442

This will work man... :)

Cheers,
Prem
0
 
LVL 10

Author Comment

by:jmanishbabu
Comment Utility
Can you confirm me the Reg values of windows 2003 ?


"SrvsvcShareAdminConnect"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\
  00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,27,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
  00,00,00,05,12,00,00,00
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
Comment Utility
hi,

Sorry for the late reply.. yes you are right..

2003:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\DefaultSecurity]

"SrvsvcShareAdminConnect"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\
  00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,27,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
  00,00,00,05,12,00,00,00

Note: You should restart to see the change effect.

Good Luck...!!!

Regards,
Prem
0
 
LVL 10

Author Closing Comment

by:jmanishbabu
Comment Utility
Thanks it worked.:) Cheers
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now