Solved

How to stop network users access my c: drive

Posted on 2014-07-28
14
1,866 Views
Last Modified: 2014-08-28
I noticed when I turned off my windows firewall, other users can use \\IP address\c$ to access my drives.

Which service is in control of this and can i stop the service to forbid it?

thanks.
0
Comment
Question by:Jason Yu
  • 5
  • 2
  • 2
  • +4
14 Comments
 
LVL 5

Assisted Solution

by:NARANTHIRAN
NARANTHIRAN earned 50 total points
ID: 40226004
Hi,
  Follow the steps in the below link to remove the default sharing option.

http://support.microsoft.com/kb/816524
0
 
LVL 24

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 50 total points
ID: 40226145
First of all only administrators can access c$ shares.  Ensure users are not member of Administrators group on your computer (or for that matter, member of domain admins).
0
 

Author Comment

by:Jason Yu
ID: 40233140
I have windows 7, does the above article work for me?
0
 

Author Comment

by:Jason Yu
ID: 40277958
any help for this question?
0
 
LVL 16

Assisted Solution

by:cantoris
cantoris earned 50 total points
ID: 40281390
I've not tried that setting but I would have thought it would work.
You could also use local group policy and under User Rights Assignments, add the undesirable users to "Deny access to this computer from the network".
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 40281413
Is this Computer yours to administer? Does it belong to your employer? Perhaps contact your IT department and ask if they can make the permissions stricter or if they can enable the firewall.
-rich
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 13

Assisted Solution

by:kenfcamp
kenfcamp earned 50 total points
ID: 40281544
Are they accessing your full C:\ Drive or just your shares on the C:\ Drive?

Are any of these shares work related (Folder for Network Scanner, etc)?

Do you have Administrative access (Admin Login) on this PC, or do you have an IT department that manages PC network configurations?

Ken
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 200 total points
ID: 40281579
1.  The administrative shares should NOT be removed.  It could cause problems with managing your computer and doing CRITICAL things like updating your antivirus software and installing important software.
2.  Both YOURSELF and OTHER USERS should not have access to them.  Only Administrators should have access (hence the name - ADMINISTRATIVE SHARES!).  You should not be running as an administrator.  Other users should ABSOLUTELY NOT have access to the shares.
3.  If you are not the network administrator, you need to talk to your network administrator.  He should know better than to grant (what appears to be) Domain Users admin rights to all PCs.  That's a HORRIBLE security issue.  Even if you need admin rights, YOU should have a separate local admin account used with UAC to give access to whatever admin function you need and even if you're company is too lazy to implement proper security that way, ONLY your account should be listed in the regular user of a computer should be in the administrators group.

If you elaborate more on your role, I may be able to help further, but I don't like nor do I think it's appropriate to explain how to do something that's a bad idea to a person who may not be the administrator (or even to the administrator).
0
 

Author Comment

by:Jason Yu
ID: 40282231
I am the network and system administrator. I noticed I am able to access other user's C: or D: partition and notices other administrator domain account can access my hard disk.

I think there is a service which is in charge of network file sharing, I tried it before but forgot. whenever you stop that service, even user with domain admin's privilege can't access your paritions. Am I right?
0
 

Author Comment

by:Jason Yu
ID: 40282235
I am the network admin and manager of IT, I want to make sure no other users including staff in IT department can't access my hard drive. How to achieve it?

thanks.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 200 total points
ID: 40282358
The server service controls your computer's ability to accept incoming data on file shares.  Windows also has a built-in firewall that block access to file sharing.

There are also methods of removing the administrative shares only and leaving sharing running.

BUT, anyone experienced in Windows management can tell you, that ADMINISTRATIVE shares are used by various programs to ensure things like Antivirus and other applications are up to do date - You should NOT be disabling them or preventing access to them.

What you should be doing in my opinion is:
1. replacing staff you do not trust.  (Why would you give untrustworthy people admin access to ANYTHING on your network?)
2. Enabling auditing on file access on your computer and use scripts and/or third party utilities to alert you to employees that do access files on your system inappropriately.  Just make sure there isn't a logical explanation for why the employee is accessing the machine (perhaps they are doing a software inventory or updating your antivirus).
3. NO EMPLOYEE - allow me to repeat with emphasis - ABSOLUTELY NO EMPLOYEE should be using a domain admin account - OR EVEN A LOCAL ADMIN ACCOUNT as their regular user account.  Run as an unprivileged user and when a UAC prompt runs, use a specifically created account with appropriate rights to "ok" the administrative request.

You may have reasons to except #3 - but even if you do, you MUST take a close look at what is requiring the exception and look at how to you allow that poorly designed software to operate while granting the end user the minimum of privileges.  This needs to be done on a software case by case basis.

Bottom line - can you do it what you ask?  Yes - I've outlined how above - there are tons of instructions for doing any of the above online - SHOULD YOU?  A smart IT person wouldn't, in my opinion.  (If you have critical data you don't want people accessing, store it offline or encrypt it).
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 40282367
Simple, turn on the firewall. Remove domain admins from the list of remote users so they can't RDP into the machine. You do not have to, or want to remove the share, you simply need to block access to it. You do that with permissions and or the firewall. An IT admin should know this at a minimum, already. The service is the "server" service, do not disable that, even though it technically can do what you are asking. Almost everything on your computer relies on that service.
-rich
0
 

Author Comment

by:Jason Yu
ID: 40291049
Thank you, guys, I appreciate your help. I will follow the suggestions above and make sure my system is secure.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now