Drives being shared without permission (?)

[AShadeOfClear]

Something odd that I've never before experienced in Windows 2000: all my drives are all marked as 'Shared' in the Sharing tab of Drive properties. They are shared under the names C$, D$, etc. What is strange is that the drive icon with the arm under it does not appear, only the regular drive icons.

I unshared them but after a reboot they are shared again. Perhaps there is some application or service that requires the shares? I don't know of any, and I doubt that it is anything malicious.

 

[FUBAR]

When they are shared with the $ like you say, they are being shared as "administrative shares." That means that you have to give local admin credentials to be able to mount them from another machine. This will always happen with 2000 and XP, due to their network ready nature.

To give you a realworld use for that, at work I use the admin shares all the time to change permissions and add/remove files from peoples machines without having to walk over and disrupt their workflow. It's also much better than being shared normally, for this purpose, because they aren't browsable thru net-neighborhood.

 

[n0cmonkey]

Didnt nimda or klez or one of those other stupid viruses open shares on the network?

 

[cleverhandle]

Nimda opens shares, but I think that you do see the arm icon in that case. Not sure, though, it's been a while since I've de-nimda'd a machine. Would be worth a scan if you haven't done one recently.

 

[Nothinman]

$ just means it's 'hidden', meaning MS computers won't display them, other SMB clients can see them just fine and you don't need administrative permissions to access them.

 

[stash]

Didnt nimda or klez or one of those other stupid viruses open shares on the network?

I thought that nimda spread thru open shares...I dont think it will actually create open shares, just proliferate via shares that grant full access to Everyone.

 

[n0cmonkey]

Originally posted by: STaSh

Didnt nimda or klez or one of those other stupid viruses open shares on the network?

I thought that nimda spread thru open shares...I dont think it will actually create open shares, just proliferate via shares that grant full access to Everyone.

I dont pay much attention to Windows viruses 😉

 

[FUBAR]

Ok, my bad on the use of $, but this situation is such as I described, isn't it? I know they are the 'administrative shares' I know I don't have to do anything special to access them from my machine at work, but then again, my account also has admin priviledges on the domain, so I may be a little off there, but that would seem to be how they react.

 

[Woodie]

FUBAR is right, those drive level shares are done by the OS.

They are "Admin" shares, in that they are ACLed to the Local Administrators group only, and the ACL cannot be changed. The shares are recreated at every startup. (I think by the SERVER service, but I'm not sure)

 

[Saltin]

$ just means it's 'hidden', meaning MS computers won't display them, other SMB clients can see them just fine and you don't need administrative permissions to access them.

Explain how one would access an administrative ($) share without permission, please.

 

[Nothinman]

They are "Admin" shares, in that they are ACLed to the Local Administrators group only, and the ACL cannot be changed. The shares are recreated at every startup. (I think by the SERVER service, but I'm not sure)

Win2K and up have a registry key to disable the auto-creation IIRC.

Explain how one would access an administrative ($) share without permission, please.

That's a damn good question. I could've swore I've done it before, but now I can't reproduce it, go figure.