Lock out networked users


Q You have been writing about securing your NT system against local users. But what about remote users? I can restrict access to files and directories when people dial in to my system (or access it via the LAN), but I'd like to block them from accessing the system in any way. I've removed all shared drives and folders by right-clicking them in Explorer, choosing Properties-Sharing, selecting Not Shared, and clicking OK. However, I can't remove certain shared items; after I shut down and restart my computer, NT's default shared drives reappear. Is there any way to tell NT to remove them permanently?

- Jeff Schwartz

A There is a way to banish those shares, but you may not want to pay the price. NT creates default shares for your drives and for the Windows NT system directory so that administrators, backup programs, and other authorised users and services can access otherwise private user files. These shares (identified as the drive letter or file name plus a dollar sign, as in C$ or ADMIN$) don't show up when other PCs browse your system. But any remote user who knows their exact share names and has access rights can connect to them.

Regrettably, NT's security is leaky. Though Security Pack 5 fixes flaws that let ordinary users elevate themselves to administrator status or otherwise bypass NT's security checkpoints, other holes may exist. So if you're on a network or connect to the Net with a modem, you may want to remove the shares to protect your data.

To do this, open NT's Registry Editor (select Start-Run, and type regedit). Browse to HKEY_LOCAL_MACHINE\System\CCS\Services\LanManagerServer\Parameters, double-click the key AutoShareWks, enter 3D0 in the value field, and click OK. Close the Registry Editor and restart.

Removing all the default shares could disable features you like, such as the ability to create backups and to administer accounts. A less draconian way to bolster NT's security is to remove unnecessary shares and user accounts, restrict or remove the Everyone and Guest groups, and disable the Server service. More on these procedures in a future issue.

- Scott Spanbauer


Category:windows NT
Issue: November 1999

These Web pages are produced by Australian PC World © 1999 IDG Communications