Monday, February 14, 2005
How to stop sharing your hard disk
My other entry today talks about the Windows firewall, and when it does and doesn't prevent people from seeing folders you've chosen to share.
What if you simply never share any folders? Are you safe then?
No. Administrators, in Windows, can see and use special names to get access to the entire disk of any Windows machine on the local network. If your machine is named "Gardenia", for example, someone with the right password can connect to "\\Gardenia\C$" and read or write your entire C: drive.
Isn't it amazing what Windows does for you?
That is a convenient feature. If you're security-minded, it's the kind of feature you don't want to have unless you really need it.
That much I knew before today. Today I learned that you can turn that feature off. I spent over a decade programming for Windows and it's not every day someone can teach me something I don't already know.
Security writer Tony Bradley (good guy BTW) has a short piece about how to turn off administrative shares on WindowsNetworking.com. If you're comfortable editing the Registry it's easy and quick.
Windowsnetworking.com is packed to bursting with useful and high quality information. It's on the technical side, better suited for the person stuck with running an organization's network than for the average home user. (Disclosure section: my business relationship with them is that they offered me a link).
|
What if you simply never share any folders? Are you safe then?
No. Administrators, in Windows, can see and use special names to get access to the entire disk of any Windows machine on the local network. If your machine is named "Gardenia", for example, someone with the right password can connect to "\\Gardenia\C$" and read or write your entire C: drive.
Isn't it amazing what Windows does for you?
That is a convenient feature. If you're security-minded, it's the kind of feature you don't want to have unless you really need it.
That much I knew before today. Today I learned that you can turn that feature off. I spent over a decade programming for Windows and it's not every day someone can teach me something I don't already know.
Security writer Tony Bradley (good guy BTW) has a short piece about how to turn off administrative shares on WindowsNetworking.com. If you're comfortable editing the Registry it's easy and quick.
Windowsnetworking.com is packed to bursting with useful and high quality information. It's on the technical side, better suited for the person stuck with running an organization's network than for the average home user. (Disclosure section: my business relationship with them is that they offered me a link).
# posted by Frederick @ 6:54 AM Email to a friend:
Haloscan: they provide trackback