Steven L Umbach said:Sorry here is the link. Note that alone will not do much to improve
security. To prevent unwanted administrator access to a computer you need to
use strong passwords for administrator accounts [or no password if doing
such does not pose a threat for local logon]. Other things you can do is to
use the Windows Firewall to either block all access or allow specific access
[via exceptions/scope] for file and print sharing, disable file and print
sharing if not needed, or modify the user rights for access this computer
from the network and deny access this computer from the network [on XP Pro
via secpol.msc]. --- Steve
http://www.petri.co.il/disable_administrative_shares.htm
For NT 4.0 Workstation/W2K Pro/XP Pro, the change is:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0
adc said:Can someone help me recall which security patch from Microsoft is
responsible
for removing the default administrative share in windows xp? what is the
kb
number?
adc said:Hi Steven,
Thanks for your reply. I believe there is a patch for this.
Reason is after I changed the registry to '1' + reboot to enable the share
,
the value will revert to '0' upon the next reboot.
I need to enable the share to perform remote mbsa scanning.
Steven L Umbach said:Sorry here is the link. Note that alone will not do much to improve
security. To prevent unwanted administrator access to a computer you need
to
use strong passwords for administrator accounts [or no password if doing
such does not pose a threat for local logon]. Other things you can do is
to
use the Windows Firewall to either block all access or allow specific
access
[via exceptions/scope] for file and print sharing, disable file and print
sharing if not needed, or modify the user rights for access this computer
from the network and deny access this computer from the network [on XP
Pro
via secpol.msc]. --- Steve
http://www.petri.co.il/disable_administrative_shares.htm
For NT 4.0 Workstation/W2K Pro/XP Pro, the change is:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0
adc said:Can someone help me recall which security patch from Microsoft is
responsible
for removing the default administrative share in windows xp? what is
the
kb
number?
Steven L Umbach said:I have not heard of such a patch myself and could not find any on a brief
Google and Microsoft site search though that does not mean there is not one.
The other thing I would check is to make sure there is no Group Policy
startup script, Scheduled Task, or custom administrative template settings
being applied to the computer or computers and I believe the old poledit
could also do the same if that has been used. You could run rsop.msc to
check to see what GP settings are being applied to the computer and check
the Scheduled talks. I would also try booting into Safe Mode after doing the
registry change to see if that works and if it does you have some
startup/logon service/process/application that is doing such. --- Steve
adc said:Hi Steven,
Thanks for your reply. I believe there is a patch for this.
Reason is after I changed the registry to '1' + reboot to enable the share
,
the value will revert to '0' upon the next reboot.
I need to enable the share to perform remote mbsa scanning.
Steven L Umbach said:Sorry here is the link. Note that alone will not do much to improve
security. To prevent unwanted administrator access to a computer you need
to
use strong passwords for administrator accounts [or no password if doing
such does not pose a threat for local logon]. Other things you can do is
to
use the Windows Firewall to either block all access or allow specific
access
[via exceptions/scope] for file and print sharing, disable file and print
sharing if not needed, or modify the user rights for access this computer
from the network and deny access this computer from the network [on XP
Pro
via secpol.msc]. --- Steve
http://www.petri.co.il/disable_administrative_shares.htm
For NT 4.0 Workstation/W2K Pro/XP Pro, the change is:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0
Can someone help me recall which security patch from Microsoft is
responsible
for removing the default administrative share in windows xp? what is
the
kb
number?
adc said:Hi Steven,
Are you aware if administrative share is required for remote mbsa
scanning?
I encountered some error when scanning some xp pcs, but I am able to scan
my w2k3 servers - all scanning done from my xp pc.
Steven L Umbach said:I have not heard of such a patch myself and could not find any on a brief
Google and Microsoft site search though that does not mean there is not
one.
The other thing I would check is to make sure there is no Group Policy
startup script, Scheduled Task, or custom administrative template
settings
being applied to the computer or computers and I believe the old poledit
could also do the same if that has been used. You could run rsop.msc to
check to see what GP settings are being applied to the computer and check
the Scheduled talks. I would also try booting into Safe Mode after doing
the
registry change to see if that works and if it does you have some
startup/logon service/process/application that is doing such. --- Steve
adc said:Hi Steven,
Thanks for your reply. I believe there is a patch for this.
Reason is after I changed the registry to '1' + reboot to enable the
share
,
the value will revert to '0' upon the next reboot.
I need to enable the share to perform remote mbsa scanning.
:
Sorry here is the link. Note that alone will not do much to improve
security. To prevent unwanted administrator access to a computer you
need
to
use strong passwords for administrator accounts [or no password if
doing
such does not pose a threat for local logon]. Other things you can do
is
to
use the Windows Firewall to either block all access or allow specific
access
[via exceptions/scope] for file and print sharing, disable file and
sharing if not needed, or modify the user rights for access this
computer
from the network and deny access this computer from the network [on XP
Pro
via secpol.msc]. --- Steve
http://www.petri.co.il/disable_administrative_shares.htm
For NT 4.0 Workstation/W2K Pro/XP Pro, the change is:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0
Can someone help me recall which security patch from Microsoft is
responsible
for removing the default administrative share in windows xp? what is
the
kb
number?
Steven L Umbach said:Yes I am aware of that. My reply was meant to help you try and find out why
the administrative shares disappears after a reboot. Like I said I am not
aware of a patch that could do that nor could find any information on such a
patch and was suggesting that you check for Group Policy startup script,
Scheduled Task, or custom administrative template settings being applied to
the computer or computers and I believe the old poledit could also do the
same if that has been used. It is possible that the XP Pro computers have
different Group Policy applied to them and also if the Windows Firewall is
enabled without the file and print sharing and remote computer management
exceptions [which can be verified with netsh firewall show state command]
that can cause MBSA scanning to fail. You may also want to post in the
Microsoft.public.windowsupdates newsgroup to see if anyone there has heard
of a Windows Update that disables default administrator shares on XP
computers. --- Steve
adc said:Hi Steven,
Are you aware if administrative share is required for remote mbsa
scanning?
I encountered some error when scanning some xp pcs, but I am able to scan
my w2k3 servers - all scanning done from my xp pc.
Steven L Umbach said:I have not heard of such a patch myself and could not find any on a brief
Google and Microsoft site search though that does not mean there is not
one.
The other thing I would check is to make sure there is no Group Policy
startup script, Scheduled Task, or custom administrative template
settings
being applied to the computer or computers and I believe the old poledit
could also do the same if that has been used. You could run rsop.msc to
check to see what GP settings are being applied to the computer and check
the Scheduled talks. I would also try booting into Safe Mode after doing
the
registry change to see if that works and if it does you have some
startup/logon service/process/application that is doing such. --- Steve
Hi Steven,
Thanks for your reply. I believe there is a patch for this.
Reason is after I changed the registry to '1' + reboot to enable the
share
,
the value will revert to '0' upon the next reboot.
I need to enable the share to perform remote mbsa scanning.
:
Sorry here is the link. Note that alone will not do much to improve
security. To prevent unwanted administrator access to a computer you
need
to
use strong passwords for administrator accounts [or no password if
doing
such does not pose a threat for local logon]. Other things you can do
is
to
use the Windows Firewall to either block all access or allow specific
access
[via exceptions/scope] for file and print sharing, disable file and
sharing if not needed, or modify the user rights for access this
computer
from the network and deny access this computer from the network [on XP
Pro
via secpol.msc]. --- Steve
http://www.petri.co.il/disable_administrative_shares.htm
For NT 4.0 Workstation/W2K Pro/XP Pro, the change is:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0
Can someone help me recall which security patch from Microsoft is
responsible
for removing the default administrative share in windows xp? what is
the
kb
number?
adc said:Hi Steve,
"Are you aware if administrative share is required for remote mbsa
scanning?"
actually this question is meant to ask if I am right to say that admin
share
is required for remote mbsa scanning.
You are right, the registry value is reset to "1" by one of the user login
scripts.
I did a test by resetting the value to "0", rebooted and login locally.
I still got the same error running remote mbsa scan on the xp pc - "cannot
deploy security metadata". there shouldn't be any firewall as pc is
running
xpsp1.
I posted this question in MBSA forum but no answer till today. are you
able
to help?
Steven L Umbach said:Yes I am aware of that. My reply was meant to help you try and find out
why
the administrative shares disappears after a reboot. Like I said I am not
aware of a patch that could do that nor could find any information on
such a
patch and was suggesting that you check for Group Policy startup script,
Scheduled Task, or custom administrative template settings being applied
to
the computer or computers and I believe the old poledit could also do the
same if that has been used. It is possible that the XP Pro computers have
different Group Policy applied to them and also if the Windows Firewall
is
enabled without the file and print sharing and remote computer management
exceptions [which can be verified with netsh firewall show state command]
that can cause MBSA scanning to fail. You may also want to post in the
Microsoft.public.windowsupdates newsgroup to see if anyone there has
heard
of a Windows Update that disables default administrator shares on XP
computers. --- Steve
adc said:Hi Steven,
Are you aware if administrative share is required for remote mbsa
scanning?
I encountered some error when scanning some xp pcs, but I am able to
scan
my w2k3 servers - all scanning done from my xp pc.
:
I have not heard of such a patch myself and could not find any on a
brief
Google and Microsoft site search though that does not mean there is
not
one.
The other thing I would check is to make sure there is no Group Policy
startup script, Scheduled Task, or custom administrative template
settings
being applied to the computer or computers and I believe the old
poledit
could also do the same if that has been used. You could run rsop.msc
to
check to see what GP settings are being applied to the computer and
check
the Scheduled talks. I would also try booting into Safe Mode after
doing
the
registry change to see if that works and if it does you have some
startup/logon service/process/application that is doing such. ---
Steve
Hi Steven,
Thanks for your reply. I believe there is a patch for this.
Reason is after I changed the registry to '1' + reboot to enable the
share
,
the value will revert to '0' upon the next reboot.
I need to enable the share to perform remote mbsa scanning.
:
Sorry here is the link. Note that alone will not do much to improve
security. To prevent unwanted administrator access to a computer
you
need
to
use strong passwords for administrator accounts [or no password if
doing
such does not pose a threat for local logon]. Other things you can
do
is
to
use the Windows Firewall to either block all access or allow
specific
access
[via exceptions/scope] for file and print sharing, disable file and
sharing if not needed, or modify the user rights for access this
computer
from the network and deny access this computer from the network [on
XP
Pro
via secpol.msc]. --- Steve
http://www.petri.co.il/disable_administrative_shares.htm
For NT 4.0 Workstation/W2K Pro/XP Pro, the change is:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0
Can someone help me recall which security patch from Microsoft is
responsible
for removing the default administrative share in windows xp? what
is
the
kb
number?
Steven L Umbach said:It is my understanding that administrative shares are needed for remote MBSA
scans. Now if that is the exact cause of your error message I don't know and
a Google search shows no helpful information on your error. What I would do
is to make sure that the administrative shares do exist and show with the
command "net share" on the XP Pro computer, that you can access the
administrative share from the computer that you are doing the scan from by
name an IP address to show that you have file and print sharing connectivity
to the administrative share and that you are logged on as a user account
that is an administrator on the XP Pro computer you want to scan, verify
that netbios over tcp/ip is enabled on the XP Pro computer you want to scan,
verify that the remote registry service and tcp/ip netbios helper service is
started on the XP Pro computer you want to scan, and try to specify the IP
address of the XP computer you want to scan if you currently are using it's
computer name in case there is a name resolution problem. Also see the KB
article at the link below and you may want to try and scan your problem
computer via the command line as described using mbsacli.exe /hf and the
advantage would be all the various error codes shown that can be generated
using mbsacli.exe /hf as shown in the KB article that may help you pinpoint
the problem more that the current error message you are getting.. --- Steve
http://support.microsoft.com/default.aspx?kbid=320454
To run the tool from the command line (from the MBSA installation folder),
type mbsacli.exe /hf, followed by one or more of the parameters that are
listed later in this article.
adc said:Hi Steve,
"Are you aware if administrative share is required for remote mbsa
scanning?"
actually this question is meant to ask if I am right to say that admin
share
is required for remote mbsa scanning.
You are right, the registry value is reset to "1" by one of the user login
scripts.
I did a test by resetting the value to "0", rebooted and login locally.
I still got the same error running remote mbsa scan on the xp pc - "cannot
deploy security metadata". there shouldn't be any firewall as pc is
running
xpsp1.
I posted this question in MBSA forum but no answer till today. are you
able
to help?
Steven L Umbach said:Yes I am aware of that. My reply was meant to help you try and find out
why
the administrative shares disappears after a reboot. Like I said I am not
aware of a patch that could do that nor could find any information on
such a
patch and was suggesting that you check for Group Policy startup script,
Scheduled Task, or custom administrative template settings being applied
to
the computer or computers and I believe the old poledit could also do the
same if that has been used. It is possible that the XP Pro computers have
different Group Policy applied to them and also if the Windows Firewall
is
enabled without the file and print sharing and remote computer management
exceptions [which can be verified with netsh firewall show state command]
that can cause MBSA scanning to fail. You may also want to post in the
Microsoft.public.windowsupdates newsgroup to see if anyone there has
heard
of a Windows Update that disables default administrator shares on XP
computers. --- Steve
Hi Steven,
Are you aware if administrative share is required for remote mbsa
scanning?
I encountered some error when scanning some xp pcs, but I am able to
scan
my w2k3 servers - all scanning done from my xp pc.
:
I have not heard of such a patch myself and could not find any on a
brief
Google and Microsoft site search though that does not mean there is
not
one.
The other thing I would check is to make sure there is no Group Policy
startup script, Scheduled Task, or custom administrative template
settings
being applied to the computer or computers and I believe the old
poledit
could also do the same if that has been used. You could run rsop.msc
to
check to see what GP settings are being applied to the computer and
check
the Scheduled talks. I would also try booting into Safe Mode after
doing
the
registry change to see if that works and if it does you have some
startup/logon service/process/application that is doing such. ---
Steve
Hi Steven,
Thanks for your reply. I believe there is a patch for this.
Reason is after I changed the registry to '1' + reboot to enable the
share
,
the value will revert to '0' upon the next reboot.
I need to enable the share to perform remote mbsa scanning.
:
Sorry here is the link. Note that alone will not do much to improve
security. To prevent unwanted administrator access to a computer
you
need
to
use strong passwords for administrator accounts [or no password if
doing
such does not pose a threat for local logon]. Other things you can
do
is
to
use the Windows Firewall to either block all access or allow
specific
access
[via exceptions/scope] for file and print sharing, disable file and
sharing if not needed, or modify the user rights for access this
computer
from the network and deny access this computer from the network [on
XP
Pro
via secpol.msc]. --- Steve
http://www.petri.co.il/disable_administrative_shares.htm
For NT 4.0 Workstation/W2K Pro/XP Pro, the change is:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0
Can someone help me recall which security patch from Microsoft is
responsible
for removing the default administrative share in windows xp? what
is
the
kb
number?