Tuesday, August 17, 2010

How To Turn Off The Default Share To Ensure System Security In The Registry

When the default installation system is windows system, all of the hard disk are hidden share, it is said to manage easily, automatically share the system installed partition, so you can visit your resources on network, these default shared directory only can visit by system management members in the network, because in the back of the shared name add the dollar sign ($), unless people know the share, otherwise he could not find it. Although visit it also need super user password, but this is a potential security risk, consider from the server security, it's best to close the "default share" to ensure system security.Modify the registry to prevent IPC $ attacks.

First, click the "Start" - "Run", type "regedit" Click "OK" button, open the registry.

Second, to prevent IPC $ attacks, find the "RestrictAnonymous" item in the registry "HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Control/LSA".

Third, right-click, select "Edit."

Fourth, in the pop-up dialog box "Edit DWORD Value", inserted "1" in the value box, the "RestrictAnonymous" item is set to "1", so that you can forbid IPC $ connection, click "OK" button. Modify registry close the default share.

1, for default share such as c$, d$ and admin$, need to find 'HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/LanmanServer/Parameters'. In the right space, right click and select create New DWORD value.

2, add the key "AutoShareServer" (type "REG_DWORD", a value of "0").

Note: If the system is Windows 2000 Server or Windows 2003, need to add the key "AutoShareServer" (type "REG_DWORD", a value of "0"). If the system is Windows 2000 PRO, should add the key "AutoShareWks" (type "REG_DWORD", a value of "0").

No comments:

Post a Comment