• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3767
  • Last Modified:

How to stop network users access my c: drive

I noticed when I turned off my windows firewall, other users can use \\IP address\c$ to access my drives.

Which service is in control of this and can i stop the service to forbid it?

thanks.
0
Jason Yu
Asked:
Jason Yu
  • 5
  • 2
  • 2
  • +4
8 Solutions
 
NARANTHIRANCommented:
Hi,
  Follow the steps in the below link to remove the default sharing option.

http://support.microsoft.com/kb/816524
0
 
Mohammed KhawajaManager - Infrastructure: Information TechnologyCommented:
First of all only administrators can access c$ shares.  Ensure users are not member of Administrators group on your computer (or for that matter, member of domain admins).
0
 
Jason YuAuthor Commented:
I have windows 7, does the above article work for me?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jason YuAuthor Commented:
any help for this question?
0
 
cantorisCommented:
I've not tried that setting but I would have thought it would work.
You could also use local group policy and under User Rights Assignments, add the undesirable users to "Deny access to this computer from the network".
0
 
Rich RumbleSecurity SamuraiCommented:
Is this Computer yours to administer? Does it belong to your employer? Perhaps contact your IT department and ask if they can make the permissions stricter or if they can enable the firewall.
-rich
0
 
kenfcampCommented:
Are they accessing your full C:\ Drive or just your shares on the C:\ Drive?

Are any of these shares work related (Folder for Network Scanner, etc)?

Do you have Administrative access (Admin Login) on this PC, or do you have an IT department that manages PC network configurations?

Ken
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
1.  The administrative shares should NOT be removed.  It could cause problems with managing your computer and doing CRITICAL things like updating your antivirus software and installing important software.
2.  Both YOURSELF and OTHER USERS should not have access to them.  Only Administrators should have access (hence the name - ADMINISTRATIVE SHARES!).  You should not be running as an administrator.  Other users should ABSOLUTELY NOT have access to the shares.
3.  If you are not the network administrator, you need to talk to your network administrator.  He should know better than to grant (what appears to be) Domain Users admin rights to all PCs.  That's a HORRIBLE security issue.  Even if you need admin rights, YOU should have a separate local admin account used with UAC to give access to whatever admin function you need and even if you're company is too lazy to implement proper security that way, ONLY your account should be listed in the regular user of a computer should be in the administrators group.

If you elaborate more on your role, I may be able to help further, but I don't like nor do I think it's appropriate to explain how to do something that's a bad idea to a person who may not be the administrator (or even to the administrator).
0
 
Jason YuAuthor Commented:
I am the network and system administrator. I noticed I am able to access other user's C: or D: partition and notices other administrator domain account can access my hard disk.

I think there is a service which is in charge of network file sharing, I tried it before but forgot. whenever you stop that service, even user with domain admin's privilege can't access your paritions. Am I right?
0
 
Jason YuAuthor Commented:
I am the network admin and manager of IT, I want to make sure no other users including staff in IT department can't access my hard drive. How to achieve it?

thanks.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
The server service controls your computer's ability to accept incoming data on file shares.  Windows also has a built-in firewall that block access to file sharing.

There are also methods of removing the administrative shares only and leaving sharing running.

BUT, anyone experienced in Windows management can tell you, that ADMINISTRATIVE shares are used by various programs to ensure things like Antivirus and other applications are up to do date - You should NOT be disabling them or preventing access to them.

What you should be doing in my opinion is:
1. replacing staff you do not trust.  (Why would you give untrustworthy people admin access to ANYTHING on your network?)
2. Enabling auditing on file access on your computer and use scripts and/or third party utilities to alert you to employees that do access files on your system inappropriately.  Just make sure there isn't a logical explanation for why the employee is accessing the machine (perhaps they are doing a software inventory or updating your antivirus).
3. NO EMPLOYEE - allow me to repeat with emphasis - ABSOLUTELY NO EMPLOYEE should be using a domain admin account - OR EVEN A LOCAL ADMIN ACCOUNT as their regular user account.  Run as an unprivileged user and when a UAC prompt runs, use a specifically created account with appropriate rights to "ok" the administrative request.

You may have reasons to except #3 - but even if you do, you MUST take a close look at what is requiring the exception and look at how to you allow that poorly designed software to operate while granting the end user the minimum of privileges.  This needs to be done on a software case by case basis.

Bottom line - can you do it what you ask?  Yes - I've outlined how above - there are tons of instructions for doing any of the above online - SHOULD YOU?  A smart IT person wouldn't, in my opinion.  (If you have critical data you don't want people accessing, store it offline or encrypt it).
0
 
Rich RumbleSecurity SamuraiCommented:
Simple, turn on the firewall. Remove domain admins from the list of remote users so they can't RDP into the machine. You do not have to, or want to remove the share, you simply need to block access to it. You do that with permissions and or the firewall. An IT admin should know this at a minimum, already. The service is the "server" service, do not disable that, even though it technically can do what you are asking. Almost everything on your computer relies on that service.
-rich
0
 
Jason YuAuthor Commented:
Thank you, guys, I appreciate your help. I will follow the suggestions above and make sure my system is secure.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 5
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now