|
Posted by Roger Abell [MVP] on August 5, 2006, 12:16 pm
Please log in for more thread options Hi Rob,
Thanks for posting the link.
I find that KB poorly written, at best. It seems to be mixing up
what may happen when the shares are disabled on DCs vs non-DCs,
and what results from admin shares absence vs from the implanting
malicious software and its interference with these shares.
Now, granted that I do not run Mac support many places, but on
servers, both W2k and W2k3, within AD (non-DC) with the admin
shares disabled, I have never seen any of the indicated issues.
Since admin shares are quite commonly stopped, one would think
that what this KB describes would be reported quite often if these
were to happen just from setting the Autoshare entries to 0 on client
and member server systems.
As Will, the originator of this thread, indicated, stopping admin shares
does not get rid of IPC$. Some of what the KB describes seems to
be a likely result from IPC$ being unavailable, hence I wonder about
the extent to which the KB actually is describing malware impacts that
have also blocked this.
--
Roger
> Hi Will,
>
> Here is a knowledge base article that lists out some of the things that
> break when Administrative Shares are missing:
>
> 842715 Overview of problems that may occur when administrative shares are
> missing
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;842715
>
>
>
>
> --
>
> Rob Greene
> Microsoft Enterprise Platforms Support
>
> All postings on this newsgroup are provided "AS IS" with no warranties,
> and
> confer no rights.
> For more information please visit
>
>>I have some Windows 2000 (and eventually 2003) computers in a DMZ that I
>> would like to harden a bit more than a typical computer. I want to
>> understand the implications of two actions:
>>
>> 1) Disabling network administrative shares. Apparently you can disable
>> the C$, D$, ADMIN$ shares by a registry key AutoShareServer = 0. What
>> applications will stop working as a result? I gather you won't be able
>> to
>> use SMS or applications that outright modify a remote computer's files
>> using
>> these shares. I'm okay with that, but I want to know what else would
>> break. I plan to disable these shares on both member servers and domain
>> controller.
>>
>> 2) Disabling IPC$. I gather that this hidden share is created by the
>> server service and used somehow with RPC. I guess you would have to
>> keep
>> this running on a domain controller, otherwise many basic domain
>> operations
>> would break?
>>
>> On member servers that have no file shares enabled, what would break if
>> you
>> disabled IPC$? I don't need to be able to open up event viewer
>> remotely,
>> for example.
>>
>> As far as how to disable the IPC$ share on member servers, I don't find
>> any
>> way to stop its creation short of disabling the server service. Would
>> it
>> be preferable to just run a script when the computer boots that issues a
>> net
>> share ipc$ /delete command? What is the registry key or group policy
>> option that would allos this?
>>
>> Disabling IPC$ on the member server won't stop the use of RPC client on
>> the
>> member server, right?
>>
>> --
>> Will
>>
>>
>
| 
XML Sitemap