OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Incorrect Permissions for CD-Rom Administrative Shares
From: Forrester, Mike (mforresterHSACORP.NET)
Date: Thu May 25 2000 - 11:36:22 CDT

I haven't had a chance to check Windows 2000 Server or Advanced Server yet,
but on my laptop which is running Windows 2000 Pro, my CD-ROM drive
administratively wasn't shared. In any case, one of standard things for
securing Windows NT was to disable the administrative shares. Adding the
following key and value (depending upon version) will turn off the
administrative shares:

Add HKLM\System\CurrentControlSet\Services\LanManServer\Parameters
Value Name: AutoShareServer
Data Type: REG_DWORD
Value: 0
NOTE: Use this value name on NT Server (Windows 2000 Server?). Disables
the creation of the automatically created administrative shares (i.e.
C$,ADMIN$).

Add HKLM\System\CurrentControlSet\Services\LanManServer\Parameters
Value Name: AutoShareWks
Data Type: REG_DWORD
Value: 0
NOTE: Use this value name on NT Workstation and Windows 2000 Pro. Disables
the creation of the automatically created administrative shares (i.e.
C$,ADMIN$).

I've added the second key that applies to NT Workstation and 2000 Pro on my
laptop and it does disable the shares.

As for the default permissions on the CD-ROM share, I'd have to check my
Windows 2000 Server when I get home (since my test lab PC's are awaiting
additional hard drive space for 2000 Server).

Mike Forrester - Systems Security Engineer
High Speed Access Corp. - Denver, CO USA
mforresterhsacorp.net - +1 303 256 2134