Accessing Shares of Users that shouldnt be possible! :(

[Cstorms]

Hello, I have a question. When we input \\(usercomputername)\c$ on some
of our users we can access that share without being prompted with a
logon or anything, on majority however it fails completely, now me and
another local admin have both the same setup on our machines however I
can access his c$ but he not mine, it just fails out. Why in the world
would someone who is a basic user be able to access someones c$ with no
problem at all. The local machines have the user account deleted and
the admin account setup with a password. The local admin also is added
to one of our groups and through that group they just get basic mapped
drives and thats about it. Is it something locally? We dont want to add
something to the registry to simply disable the share we would really
just like to know the root cause of the problem. Thank you for your
help in advance

 

[David H. Lipman]

From: "Cstorms" <[email protected]>

| Hello, I have a question. When we input \\(usercomputername)\c$ on some
| of our users we can access that share without being prompted with a
| logon or anything, on majority however it fails completely, now me and
| another local admin have both the same setup on our machines however I
| can access his c$ but he not mine, it just fails out. Why in the world
| would someone who is a basic user be able to access someones c$ with no
| problem at all. The local machines have the user account deleted and
| the admin account setup with a password. The local admin also is added
| to one of our groups and through that group they just get basic mapped
| drives and thats about it. Is it something locally? We dont want to add
| something to the registry to simply disable the share we would really
| just like to know the root cause of the problem. Thank you for your
| help in advance

If you have administrative rights on that computer, you can access the administrative
shares.

 

[Guest]

Yes. Basically this wil arise if the username and passwords on the two
computers are the same, AND both users are Administrators. It's something
I've been pointing-out for a long time.

Worse is that it applies to domains too, such that if a Domain Admin
logs-onto a virus-infected computer to repair it, the virus is given
unrestricted access to every HD in the building. Including the servers'
system-partitions.

I'm guessing that MS would regard this as a 'feature' and not a bug, but
nevertheless it would be much better if the cavernous security-hole it
creates were plugged.

Here's one workaround:
http://www.winguides.com/registry/display.php/4/

Note that some MS tools, particularly SMS, rely on C$.

(I just mistyped that to say "Rely on C4" which may be Freudian <g>)

 

[Cstorms]

Ok I have admin rights over the domain and should be able to view
everyones local share if it was to be setup properly yes, what I am
saying is that other users can view certain shares of other users and
they are not in anyway an admin over any elses profile. What is so
weird about it is that it is so selective, only a few peoples share are
accessable. We dont really have a big set of group policies setup
either so there wasnt much to troubleshoot with those. Thanks for the
tips anyway. Appreciate it

 

[Guest]

A Domain Admin who logs onto a virus-suspect PC without first unplugging the
Ethernet cable deserves a fresh career opportunity.

 

[Guest]

--
Newell White


Any Domain Admin who powers-up a virus-suspect computer with the LAN cable
plugged in deserves an exciting new career opportunity.

Regards,
Newell