| Author |
Message |
ckwong19802003@yahoo.com
Guest
|
 Posted:
Wed Nov 02, 2005 9:51 am Post subject:
hide administrative drive |
|
|
Hi,
Will like to ask a question is that a good way to hide all administrative
folder such as c$ on the server that work as a domain controller, print ,
file and symantec server?
--
Wong Chon Kit
Microsoft Certified System Engineer
Technical System Specialist |
|
| Back to top |
|
 |
Miha Pihler [MVP]
Guest
|
| Posted:
Wed Nov 02, 2005 9:51 am Post subject:
Re: hide administrative drive |
|
|
Hi,
Here is a good article and guide on how to secure Windows 2003 servers.
Windows Server 2003 Security Guide
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
Again, I would like to stress that administrative shares can only be access
by domain administrators (if attacker can get domain administrator
privilege - you already lost your network). To secure those shares, make
sure that domain administrators have a strong - hard to guess passwords.
There are additional layers of security that you ca implement
Microsoft network client: Digitally sign communications (always)
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1a2546ce-b45a-4a2d-a0c9-082e444f1fe8.mspx
Account Passwords and Policies
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
--
Mike
Microsoft MVP - Windows Security
<ckwong19802003@yahoo.com> wrote in message
news:004E79AB-A9FA-4845-AF1F-C4FAC9BC7B33@microsoft.com...
| Quote: | hi,
so that is not a good idea to secure the box,are they any checklist to
secure up the box?we have the firewall that only can provide external
hacker
from breaking in,how about the internal windows security
--
Wong Chon Kit
Microsoft Certified System Engineer
Technical System Specialist
"Miha Pihler [MVP]" wrote:
Hi,
To add to my previous post, here is an article that describes the
problems
that can occur if you disable administrative shares
Overview of problems that may occur when administrative shares are
missing
http://support.microsoft.com/kb/842715/?sd=RMVP&fr=1
--
Mike
Microsoft MVP - Windows Security
"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:OdE1r133FHA.1148@tk2msftngp13.phx.gbl...
Hi,
You can edit the registry and that would force the computer to disable
default administrative shares and not recreate them after reboot.
Still before you disable them take your time testing if there are any
applications and services that will break if you disable administrative
shares -- specially on domain controller. In general these would
usually
be applications that you can e.g. use for remote administration of
server
or installation of software by using push methods (e.g. antivirus and
remote management software). Usually it will be better to use e.g.
personally firewall to control access to the computer (and shares.) (on
Windows 2003 SP1 you can use Security Configuration Wizard to lock down
your domain controller). This way you can specify servers and clients
that
can access shares (e.g. SMS servers, client PCs, other servers...)
while
others can't.
Also note that even when these shares exist only domain administrators
can
access them.
--
Mike
Microsoft MVP - Windows Security
ckwong19802003@yahoo.com> wrote in message
news:815BA479-A4ED-4058-88FF-5CF1DCBFB7FD@microsoft.com...
Hi,
Will like to ask a question is that a good way to hide all
administrative
folder such as c$ on the server that work as a domain controller,
print ,
file and symantec server?
--
Wong Chon Kit
Microsoft Certified System Engineer
Technical System Specialist
|
|
|
| Back to top |
|
|
ckwong19802003@yahoo.com
Guest
|
| Posted:
Wed Nov 02, 2005 9:51 am Post subject:
Re: hide administrative drive |
|
|
hi,
so that is not a good idea to secure the box,are they any checklist to
secure up the box?we have the firewall that only can provide external hacker
from breaking in,how about the internal windows security
--
Wong Chon Kit
Microsoft Certified System Engineer
Technical System Specialist
"Miha Pihler [MVP]" wrote:
| Quote: | Hi,
To add to my previous post, here is an article that describes the problems
that can occur if you disable administrative shares
Overview of problems that may occur when administrative shares are missing
http://support.microsoft.com/kb/842715/?sd=RMVP&fr=1
--
Mike
Microsoft MVP - Windows Security
"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:OdE1r133FHA.1148@tk2msftngp13.phx.gbl...
Hi,
You can edit the registry and that would force the computer to disable
default administrative shares and not recreate them after reboot.
Still before you disable them take your time testing if there are any
applications and services that will break if you disable administrative
shares -- specially on domain controller. In general these would usually
be applications that you can e.g. use for remote administration of server
or installation of software by using push methods (e.g. antivirus and
remote management software). Usually it will be better to use e.g.
personally firewall to control access to the computer (and shares.) (on
Windows 2003 SP1 you can use Security Configuration Wizard to lock down
your domain controller). This way you can specify servers and clients that
can access shares (e.g. SMS servers, client PCs, other servers...) while
others can't.
Also note that even when these shares exist only domain administrators can
access them.
--
Mike
Microsoft MVP - Windows Security
ckwong19802003@yahoo.com> wrote in message
news:815BA479-A4ED-4058-88FF-5CF1DCBFB7FD@microsoft.com...
Hi,
Will like to ask a question is that a good way to hide all administrative
folder such as c$ on the server that work as a domain controller, print ,
file and symantec server?
--
Wong Chon Kit
Microsoft Certified System Engineer
Technical System Specialist
|
|
|
| Back to top |
|
|
Miha Pihler [MVP]
Guest
|
| Posted:
Wed Nov 02, 2005 9:51 am Post subject:
Re: hide administrative drive |
|
|
Hi,
You can edit the registry and that would force the computer to disable
default administrative shares and not recreate them after reboot.
Still before you disable them take your time testing if there are any
applications and services that will break if you disable administrative
shares -- specially on domain controller. In general these would usually be
applications that you can e.g. use for remote administration of server or
installation of software by using push methods (e.g. antivirus and remote
management software). Usually it will be better to use e.g. personally
firewall to control access to the computer (and shares.) (on Windows 2003
SP1 you can use Security Configuration Wizard to lock down your domain
controller). This way you can specify servers and clients that can access
shares (e.g. SMS servers, client PCs, other servers...) while others can't.
Also note that even when these shares exist only domain administrators can
access them.
--
Mike
Microsoft MVP - Windows Security
<ckwong19802003@yahoo.com> wrote in message
news:815BA479-A4ED-4058-88FF-5CF1DCBFB7FD@microsoft.com...
| Quote: | Hi,
Will like to ask a question is that a good way to hide all administrative
folder such as c$ on the server that work as a domain controller, print ,
file and symantec server?
--
Wong Chon Kit
Microsoft Certified System Engineer
Technical System Specialist |
|
|
| Back to top |
|
|
Miha Pihler [MVP]
Guest
|
| Posted:
Wed Nov 02, 2005 9:51 am Post subject:
Re: hide administrative drive |
|
|
Hi,
To add to my previous post, here is an article that describes the problems
that can occur if you disable administrative shares
Overview of problems that may occur when administrative shares are missing
http://support.microsoft.com/kb/842715/?sd=RMVP&fr=1
--
Mike
Microsoft MVP - Windows Security
"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:OdE1r133FHA.1148@tk2msftngp13.phx.gbl...
| Quote: | Hi,
You can edit the registry and that would force the computer to disable
default administrative shares and not recreate them after reboot.
Still before you disable them take your time testing if there are any
applications and services that will break if you disable administrative
shares -- specially on domain controller. In general these would usually
be applications that you can e.g. use for remote administration of server
or installation of software by using push methods (e.g. antivirus and
remote management software). Usually it will be better to use e.g.
personally firewall to control access to the computer (and shares.) (on
Windows 2003 SP1 you can use Security Configuration Wizard to lock down
your domain controller). This way you can specify servers and clients that
can access shares (e.g. SMS servers, client PCs, other servers...) while
others can't.
Also note that even when these shares exist only domain administrators can
access them.
--
Mike
Microsoft MVP - Windows Security
ckwong19802003@yahoo.com> wrote in message
news:815BA479-A4ED-4058-88FF-5CF1DCBFB7FD@microsoft.com...
Hi,
Will like to ask a question is that a good way to hide all administrative
folder such as c$ on the server that work as a domain controller, print ,
file and symantec server?
--
Wong Chon Kit
Microsoft Certified System Engineer
Technical System Specialist
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in