Administrative Share C$ denying access
Results 1 to 4 of 4

Thread: Administrative Share C$ denying access

  1. July 17th, 2008, 09:21 PM #1
    autumn801
    autumn801 is offline Virtual Med Student
    Join Date
    Jun 2002
    Posts
    89

    Administrative Share C$ denying access

    Is there anyway to deny access to the administrative share C$ on any machine.

    This user is a member of the local administrative group on the member server.
    If he still have local admin rights to the member server will he still be able to get into the box through the administrative share C$?

    This user was taken out of Domain Administrative group.

    I want to restrict this user from being able to access the administrative shave C$.

    Can someone please advise me how I can do that. But he still needs permissions to the member server to do maintenance.

    thanks
    Reply With Quote Reply With Quote
  2. July 18th, 2008, 08:46 AM #2
    Tuttle's Avatar
    Tuttle
    Tuttle is offline Virtual Resident Cynic
    Join Date
    Feb 2001
    Location
    Adelaide, South Australia
    Posts
    6,447
    Well, you could disable the administrative shares completely: KB 816524

    That said, as long as that user is a local admin, there are plenty of other ways for him to get at everything on the server.

    What's the real problem you're trying to solve here?
    Safe computing is a habit, not a toolkit.
    Reply With Quote Reply With Quote
  3. July 18th, 2008, 09:51 AM #3
    autumn801
    autumn801 is offline Virtual Med Student
    Join Date
    Jun 2002
    Posts
    89
    I'm trying to restrict users from accessing the administrative share.
    Is there any way to audit who accesses the administrative share?

    thanks
    Reply With Quote Reply With Quote
  4. July 19th, 2008, 07:59 AM #4
    Tuttle's Avatar
    Tuttle
    Tuttle is offline Virtual Resident Cynic
    Join Date
    Feb 2001
    Location
    Adelaide, South Australia
    Posts
    6,447
    You could use filesystem auditing. That's a two-step process:
    • Edit the local security policy and enable Local Policies | Audit Policy | Audit Object Access for Success (and Failure if you want). For a single server you can just run secpol.msc; for a whole bunch you'd probably be better off setting it through Group Policy.
    • Enable auditing for each individual file or folder you want accesses logged for. Windows Explorer, right-click | Properties, Security | Advanced | Auditing. You need to add every user/action combination that you want audited (i.e. to log all access, add an entry with Full Control). Note that this isn't changing what people have permission to do, only what will be logged if it's attempted. Those auditing settings are inherited by default, so you can do an entire directory tree by just changing the top level.
    Note that if you enable success auditing for everyone, your system Security log had better be freaking huge. Much better to only add it on the directories and users you're worried about.

    Managing those logs once they're collected is another matter entirely. Event Viewer is the Windows built-in tool, but it's probably not adequate for trawling through lots of logging.
    Safe computing is a habit, not a toolkit.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules