Deleteing C$ sharing

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi:

I have a need to montor the hard drives in my network, however, I have a
user who has not only mangae to figure out how to delete a "Administrative
Share" for the session, but it seems they have manage to delete it, except of
a "Log In Situation" even during a re-boot of the system. How is this
possible and is there anyway to circumnavigate this users attempts to lock
thier PC out of the loop, with out them knowing they are back in the loop.
 
hi:

I am tasked to monitor the network and the computers on the network. I am
not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am trying
to use the brute force method of using the Admin Shares, and a index reader
program. You are right these users have admin rights, I am wondering if this
particular user has set up the secruity/sharing feature in such a manner that
only thier user account can access thier computer. I can not even log in
using the admin account. Thus I need to know how they may have done this,
and if the way you discribe can be done in such a way that this person can
not know it has been re-estiblished?

Mark M.

PS: this user is very adept at using the task manager

Steven L Umbach said:
What exactly are you trying to do? It sure sounds like they are local
administrators if they can do what you describe which may be part of your
problem. You can delete the default administrator shares by disabling file
and print sharing, using poledit, or modifying the registry as shown in the
link below. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;318755
Click to expand...
 
If the user is local administrator then the inmates are running the asylum
and that user could be doing anything on that computer including removing
the computer from the domain, changing ntfs and share permissions, or more
likely has removed your account or domain admins group from local
administrators group. You should consider looking at ways to not allow users
to be local administrators. Instead of trying to play games with this user
take his computer and reimage it or repair it and have him and other users
sign a computer user statement that prohibits junior hacking which includes
anything that will deny domain admins access to the computer. Also be sure
that auditing of logon events, policy change, and account management is
enabled on those computers. You should also be able to connect to any domain
users computer as a domain admin and use Computer Management to access those
computers to view the shares on that computer. A Group Policy startup script
can be used to add domain admins or any user/group to the local
administrators group on a domain computer as in [ net localgroup
administrators /add "mydomain\domain admins" ]--- Steve


MSM said:
hi:

I am tasked to monitor the network and the computers on the network. I am
not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am
trying
to use the brute force method of using the Admin Shares, and a index
reader
program. You are right these users have admin rights, I am wondering if
this
particular user has set up the secruity/sharing feature in such a manner
that
only thier user account can access thier computer. I can not even log in
using the admin account. Thus I need to know how they may have done this,
and if the way you discribe can be done in such a way that this person can
not know it has been re-estiblished?

Mark M.

PS: this user is very adept at using the task manager
Click to expand...
 
Hi:

Thanks for the info, unfortinately, I am betweena rock and a hard place.
These users are a very private bunch and to have them agree to an sign
anything that they will percieve as restricting them or giving someone access
to hard drives will cause a major uproar and the onwners who want everything
micromanaged. Your eailer post about resetting the the autoshare is good. I
just managed to look at the comuter. All the setting for the C$ shares are
there, however my admmin account has been deleted. I have just tried logging
into the hard drive with the Administrator account and it works. Thank you
for you help, by the way do you use a chat service, maybe next time I have a
issue I can contact you direct.

Steven L Umbach said:
If the user is local administrator then the inmates are running the asylum
and that user could be doing anything on that computer including removing
the computer from the domain, changing ntfs and share permissions, or more
likely has removed your account or domain admins group from local
administrators group. You should consider looking at ways to not allow users
to be local administrators. Instead of trying to play games with this user
take his computer and reimage it or repair it and have him and other users
sign a computer user statement that prohibits junior hacking which includes
anything that will deny domain admins access to the computer. Also be sure
that auditing of logon events, policy change, and account management is
enabled on those computers. You should also be able to connect to any domain
users computer as a domain admin and use Computer Management to access those
computers to view the shares on that computer. A Group Policy startup script
can be used to add domain admins or any user/group to the local
administrators group on a domain computer as in [ net localgroup
administrators /add "mydomain\domain admins" ]--- Steve


MSM said:
hi:

I am tasked to monitor the network and the computers on the network. I am
not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am
trying
to use the brute force method of using the Admin Shares, and a index
reader
program. You are right these users have admin rights, I am wondering if
this
particular user has set up the secruity/sharing feature in such a manner
that
only thier user account can access thier computer. I can not even log in
using the admin account. Thus I need to know how they may have done this,
and if the way you discribe can be done in such a way that this person can
not know it has been re-estiblished?

Mark M.

PS: this user is very adept at using the task manager
Click to expand...
Click to expand...
 
I understand that politics play a major role in corporate [or small
business] culture. I don't use chat but I try to check this newsgroup [and
others] almost daily. There also are other very helpful regulars on this
newsgroup. Glad you got it sorted out. --- Steve


MSM said:
Hi:

Thanks for the info, unfortinately, I am betweena rock and a hard place.
These users are a very private bunch and to have them agree to an sign
anything that they will percieve as restricting them or giving someone
access
to hard drives will cause a major uproar and the onwners who want
everything
micromanaged. Your eailer post about resetting the the autoshare is good.
I
just managed to look at the comuter. All the setting for the C$ shares
are
there, however my admmin account has been deleted. I have just tried
logging
into the hard drive with the Administrator account and it works. Thank
you
for you help, by the way do you use a chat service, maybe next time I have
a
issue I can contact you direct.

Steven L Umbach said:
If the user is local administrator then the inmates are running the
asylum
and that user could be doing anything on that computer including removing
the computer from the domain, changing ntfs and share permissions, or
more
likely has removed your account or domain admins group from local
administrators group. You should consider looking at ways to not allow
users
to be local administrators. Instead of trying to play games with this
user
take his computer and reimage it or repair it and have him and other
users
sign a computer user statement that prohibits junior hacking which
includes
anything that will deny domain admins access to the computer. Also be
sure
that auditing of logon events, policy change, and account management is
enabled on those computers. You should also be able to connect to any
domain
users computer as a domain admin and use Computer Management to access
those
computers to view the shares on that computer. A Group Policy startup
script
can be used to add domain admins or any user/group to the local
administrators group on a domain computer as in [ net localgroup
administrators /add "mydomain\domain admins" ]--- Steve


MSM said:
hi:

I am tasked to monitor the network and the computers on the network. I
am
not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am
trying
to use the brute force method of using the Admin Shares, and a index
reader
program. You are right these users have admin rights, I am wondering
if
this
particular user has set up the secruity/sharing feature in such a
manner
that
only thier user account can access thier computer. I can not even log
in
using the admin account. Thus I need to know how they may have done
this,
and if the way you discribe can be done in such a way that this person
can
not know it has been re-estiblished?

Mark M.

PS: this user is very adept at using the task manager

:

What exactly are you trying to do? It sure sounds like they are local
administrators if they can do what you describe which may be part of
your
problem. You can delete the default administrator shares by disabling
file
and print sharing, using poledit, or modifying the registry as shown
in
the
link below. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;318755

Hi:

I have a need to montor the hard drives in my network, however, I
have
a
user who has not only mangae to figure out how to delete a
"Administrative
Share" for the session, but it seems they have manage to delete it,
except
of
a "Log In Situation" even during a re-boot of the system. How is
this
possible and is there anyway to circumnavigate this users attempts
to
lock
thier PC out of the loop, with out them knowing they are back in the
loop.
Click to expand...
Click to expand...
Click to expand...
 
Back
Top