Is your office computer connected to a network? Do you have important files on your computer that are considered confidential and should not be seen or accessed by just anyone? If you answered yes to both questions, then you should read this article because it is meant for you. You may have a computer security problem that you may not even be aware of.
Do you know what an administrative share is? In the simplest terms, it is an automatic share that is created when Windows is installed on a computer. For a standalone PC, that shouldn’t be a real cause for concern but for a computer connected to a network, it’s dangerous. It can be dangerous because the shares created don’t only share a file or a folder; it shares the whole drive. In fact, it does the same thing for every partition on your computer. If, for example, you have drives C: and D: as existing partitions on your computer at the time you installed Windows XP Professional or Windows 7, you can be sure that your partitions were automatically shared. Most users are not even aware of this and this is where the problem lies.
With administrative shares, anyone who has an administrator level account on your computer can access all your files from another computer on the network. Normally, the only person who would have such an account would be the administrator of the network. That is acceptable but what if someone else at the office somehow got the login credentials to the administrator account? That person can rummage through all your files and access sensitive data. That same person can copy your files, view e-mail messages from an e-mail storage or even worse, delete important files. Find out how to fix this in the following sections.
Finding out if your Windows operating system created administrative shares
1. Right-click on My Computer on the desktop and select Manage
2. After the Computer Management console loads, expand Shared Folders
3. Select Shares
4. Look at the right side and see if your partitions are shared. It is easy to spot because it will look something like C$ or D$ which is dependent on your computer’s drive letters
If you find one or all of your partitions there, then you’ve got administrative shares. You should seriously consider disabling it to secure your computer.
Loading the Registry Editor
The best way to do this is to change a value in the registry. Follow the steps below to load the Registry Editor.
1. Press the Start button
2. Select Run
3. Type Regedit in the dialog box
4. Select Ok and the Registry Editor loads afterwards
Disabling administrative shares
In this task, we need to go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer
\Parameters
To get there, please follow the steps below.
1. Expand HKEY_LOCAL_MACHINE
2. Expand System
3. Expand CurrentControlSet
4. Expand Services
5. Expand LanManServer
6. Select Parameters
7. Look for the REG_DWORD entry named AutoShareWks
8. Double-click on it and change the value to 0
In case the entry AutoShareWks does not exist, do the following:
1. Right-click on the right side of the editor
2. Select New, then DWORD
3. Type AutoShareWks as the name of the entry
4. Check that the value is 0
5. Close the editor
6. Reboot the computer
After rebooting, go back to the Computer Management console and check the shares again. It should now look something like the picture below.
That is all there is to it. Your files are now safe from other network users.
No comments:
Post a Comment